Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need insight on using the Cisco Secure Desktop

Posted on 2010-01-07
8
Medium Priority
?
880 Views
Last Modified: 2012-06-21
Hello --

I am interested in implementing the Cisco Secure Desktop (latest Release 3.4.2). Can anyone provide feedback on their experiences running this component of the Cisco ASA appliance?  Does it work well, does it degrade performance of the client, does it cause delays in initial connection?

We simply need better protection against client machines on the outside trying to access the network via SSL connection through the Cisco ASA 5510 appliance.

Thanks for your insight!
0
Comment
Question by:davis
  • 4
  • 4
8 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 1000 total points
ID: 26205627
Here are some thoughts:

The CSD does not work with Anyconnect Essentials...  
Setting up policies is sometimes tricky... you definately want to use a test group before rolling out policies to the masses.  
There are some delays in the initial connection, but I've found them to be minimal... but that is subjective of course.  

Overall, I've found that it solves an issue, especially when required by a regulatory agency.   It satisfies certain audits while integrating nicely.   I've been satisfied using it.
0
 
LVL 1

Author Comment

by:davis
ID: 26277343
Great, couple additional things I am curious about -

Would you recommend it's worth the effort for protection against malware on remote client PC's?

Does it force an additional step of authentication?

thanks!
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26284210
I suppose that depends on how paranoid you want to be.   I worked for a financial institution where end point scans were a matter of regulatory compliance... so it wasn't up to debate.    However, most small businesses don't even bother with the CSD.     I suppose that is really a question for you to evaluate.   Be aware though that having any CSD scans may potentially lock out a user when they try to connect.    So, imagine a call at 1 am from your CEO when he is denied access to the VPN because of the CSD.   No matter what the reason, it may not be adequate for the situation.   It's always good to have someone else's approval to back up your actions.  

There is no additional authentication,  there are only the checks that CSD does when a machine connects to VPN which happen in the background.
0
The Growing Need for Data Analysts

As the amount of data rapidly increases in our world, so does the need for qualified data analysts. WGU's MS in Data Analytics and maximize your leadership opportunities as a data engineer, business analyst, information research scientist, and more.

 
LVL 1

Author Comment

by:davis
ID: 26306087
Thanks for the great feedback.  Not sure if there are similar requirements in the health care arena.  Do you know?  I will weigh the pros/cons and of course, gain sponsors from the governing board, if we decide to move forward.  

Again, thanks -
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26307056
I'm not much of an authority is heath care regulations...   Mine is a financial background (i.e. dealing with Office of Thrift Supervision O.T.S.).   I couldn't say.  

I thought of 1 more bit of advice.    Make sure that you test this across a wide selection of user groups.    And have a backdoor into the device for yourself and your team in case something goes haywire.    An ID or group that does not have the policy applied to it for the admins alone, just in case something happens that locks out all desktops.  

Good luck

0
 
LVL 1

Author Comment

by:davis
ID: 26334972
Great advice.  One last question - is CSD configured only to manage incoming connections from outside the network?  OR connections from the outside and on the LAN?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26342627
Its usually only for outside,  but I don't see why you couldn't manage any incoming connection with it....
0
 
LVL 1

Author Closing Comment

by:davis
ID: 31674317
Great feedback - thanks very much
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question