Chapter 3 Introduction; Csd Capabilities - Cisco 5520 - ASA IPS Edition Bundle Configuration Manual

Introduction
The following sections describe the capabilities of Cisco Secure Desktop (CSD), introduce the Cisco
Secure Desktop Manager (CSDM) interface, and describe how to save configuration changes:
•
•
•

CSD Capabilities

CSD seeks to minimize the risk of information being left after an SSL VPN session terminates. CSD's
goal is to reduce the possibility that cookies, browser history, temporary files, and downloaded content
remain on a system after a remote user logs out or an SSL VPN session times out. CSD encrypts data and
files associated with, or downloaded, during the SSL VPN session.
The protection provided by CSD is valuable in case of an abrupt session termination, or if a session times
out due to inactivity. Furthermore, CSD stores session information in the secure vault desktop partition;
when the session closes, CSD overwrites and attempts to remove session data using a U.S. Department
of Defense (DoD) sanitation algorithm to provide endpoint security protection.
CSD allows full customization of when and where it is downloaded. It supports profiles of network
element connection types (corporate laptop, home PC, or Internet kiosk) and applies a different security
policy to each type. These policies include System Detection, which is the definition, enforcement, and
restoration of client security in order to secure enterprise networks and data. You can configure System
Detection to confirm the presence of the CSD modules Secure Desktop or Cache Cleaner; and antivirus
software, antispyware software, personal firewall software, and/or the Microsoft
system and service packs on the user's computer as conditions for enabling particular features.
Cisco SSL VPN solutions provide organizations with robust and flexible products for protecting the
security and privacy of information, and can play an important part in an organization's compliance
strategies. No single technology today addresses all security requirements under the proposed standards.
In addition, given limitations of the Microsoft operating system, no technology that interoperates with
the operating system can ensure the total removal of all data, especially from an untrusted system with
potentially malicious third party software installed. However, deployments of Cisco SSL VPN using
CSD, when combined with other security controls and mechanisms within the context of an effective risk
management strategy and policy, can help to reduce risks associated with using such technologies.
OL-8607-02
CSD Capabilities
Navigation
Saving and Resetting the Running CSD Configuration
C H A P T E R
®
Windows operating
Cisco Secure Desktop Configuration Guide
3
3-1