C H A P T E R
4-1
Cisco Secure Desktop Configuration Guide
OL-8607-02
4
Tutorial
CSD is a highly customizable suite of security tools that you can deploy in many different ways to secure
remote systems and enforce your company’s network security polices. Becoming familiar with the
configuration procedure can help you understand the following:
•
How to deploy CSD
•
Which security decisions you need to make to best accommodate your users and secure your
network
Note
This tutorial introduces you to the CSD configuration settings. Subsequent sections reinforce the
instructions with detailed descriptions.
The following sections guide you through the CSD configuration sequence:
•
Step One: Define Windows Locations
•
Step Two: Define Windows Location Identification
•
Step Three: Configure Windows Location Modules
•
Step Four: Configure Windows Location Features
•
Step Five: Configure Windows CE Features
•
Step Six: Configure Macintosh and Linux Features
Step One: Define Windows Locations
Begin configuring CSD by defining Windows locations. Windows locations apply to supported
Microsoft Windows clients only; they do not apply to Windows CE, Macintosh, and Linux clients.
Locations let you deploy an appropriately secure environment to hosts that connect through the VPN.
They let you increase security on hosts that you determine are likely to be insecure, and offer flexibility
to clients you determine are secure. You can restrict user privileges when they connect from unknown
computers. You can also deploy the Secure Desktop and Cache Cleaner modules on insecure hosts to
minimize session information that might contain confidential company information. We recommend that
you consider the different types of hosts that will connect through the VPN before you determine the
criteria needed to secure those hosts and the security policies to assign to those criteria. In addition,
because it is physically impossible to ensure 100 percent removal of all data sent to a remote system,
organizations may use Cisco Secure Desktop to minimize access to trusted assets.