Cisco 5520 - ASA IPS Edition Bundle Configuration Manual page 28

Navigation
user access rights. For example, as an administrator, you might configure a secure location to provide
full access rights – web browsing, remote server file access, port forwarding, and full VPN tunneling –
but limit an insecure location to web browsing.
Windows locations allow deployment of the Secure Desktop functions on a location-specific basis.
Typical location types include Work, Home, and Insecure (for such client connection sites as an Internet
cafe). You can use Secure Desktop Manager to define as many locations as needed. Each location has its
own settings and options that make up its security profile.
When you add a location to the configuration, the Desktop Manager displays the name of the location in
the menu, and displays the following options for configuring privileges and restrictions for that location
only:
VPN Feature Policy—Provides System Detection before allowing the following remote access
•
functions: web browsing, remote server file access, port forwarding, and full tunneling using the
SSL VPN Client. It can require and verify the presence of certain safeguards such as antivirus
software, antispyware software, firewall software, and the operating system version and patch.
Keystroke Logger—Scans the client PC for a keystroke logging application. You can configure a
•
location type to require a scan for keystroke logging applications on the client PC. You can list the
keystroke logging applications that are safe or let the remote user approve of the applications the
scan identifies. Secure Desktop and Cache Cleaner launch only if the scan is clear, or only if you
assign administrative control to the user and the user approves of the applications the scan identifies.
Cisco Secure Desktop may be unable to detect every potentially malicious keystroke logger,
including but not limited to hardware keystroke logging devices.
Cache Cleaner—Attempts to disable or erase data that a user downloaded, inserted, or created in the
•
browser, including cached files, configuration changes, cached browser information, passwords
entered, and auto-completed information. The Cache Cleaner works with Microsoft Internet
Explorer 5.0 or later on Windows 98, ME, NT 4, 2000, and XP; Internet Explorer 5.2 or later, or
Safari 1.0 or later, on Macintosh (MacOS X); and Mozilla 1.1 or later on Red Hat Linux v9.
• Secure Desktop General—Provides an encrypted space for Windows 2000 and Windows XP users,
within which the user has an online session using a browser. It is transparent, requiring only a
browser for access. The Secure Desktop does not encrypt or clean system memory information,
including that which may be left on the disk by the operating system in the Windows virtual memory
file, commonly referred to as the paging file. There may also be instances where, if local printing is
permitted, that data can remain in the local system print spool. CSD does provide an option that
seeks to disable printing from within a CSD session.
Secure Desktop Settings—Lets you place restrictions on the Secure Desktop.
•
Secure Desktop Browser—Specifies the home page to which the browser connects when the remote
•
user establishes a CSD session. This option also lets you specify the folders and bookmarks
(or "favorites") to insert into the respective browser menu during the CSD session.
Cisco Secure Desktop Configuration Guide
3-4
Chapter 3 Introduction
OL-8607-02