它已经等了很久了,但它终于来了,思科尤伯杯安全代理的AnyConnect 3.0已经发布。思科的AnyConnect代理商曾经是只为SSLVPN连接。随着3.0版本的所有变化和座席获得新的改头换面了。的AnyConnect前进是单个模块化剂可从任何位置,任何连接类型和与任何设备(好,几乎任何设备)提供连接和始终上的安全性。退房的连通性和安全性选项现在可使用的AnyConnect 3.0安全移动客户端:-SSLVPN(包括TLS和DTLS)
-IPSEC VPN(与更安全的IKEv2)
- 有线802.1x请求者(包括支持802.1x的REV和802.1AE的MACsec有线主机和开关之间加密)
- 无线802.1x请求者(完全的802.11i支持,EAP-TTLS,EAP-GTC,CCX)
-Host扫描模块(嵌入式主机状态评估扫描,NAC)
-ScanSafe Web安全模块(嵌入式SaaS的基于云的网络安全产品)
- 防病毒遥测(思科IP信誉数据库的增加疗效)的AnyConnect 3.0的模块化结构及以后,您可以集中管理模块安装什么,并在每台主机上启动。管理员可以使用一个强大的策略定义,以确定哪些主机获取该功能。然后这些模块在客户机上左侧的标签显示。
对我来说,最令人兴奋的是ScanSafe的Web安全的集成。该技术从客户端分裂出的HTTP和HTTPS流量进行加密,并将其发送给在云中ScanSafe的网络安全服务。它可以被配置为主动,即使你的VPN隧道没有被激活。在这种配置中,所有的主机的网络流量的被检查所有的提供恒定web安全的时间。然后将流量通过URL过滤,AV,AS,可接受的使用,Web信誉和天零疫情检测处理进行。由于该服务是在云中它省去了您的回程网络流量向总部发出这种类型的保护。这会导致你的HQ互联网链路减少带宽需求。当夫妇这与每个用户的成本通常低于一个SaaS服务一样ScanSafe的提供它使一个令人信服的理由来看看。唯一拉回至该解决方案今天是它只适用于Windows操作系统的作品,但是我希望,要改变在未来6个月。让我们深入在AnyConnect的3.0变化得更深一些。 First, the addition of IPSEC VPN capability. Going forward AnyConnect will replace the existing stand-alone IPSEC clients from Cisco. The two huge differences in this new client are IKEv2 support and more client security features. IKEv2 is important because it brings enhanced security to your VPNs that IKEv1 was lacking. The AnyConnect IPSEC module brings a host of additional security options for your IPSEC clients. Features like Full Host Scan, SCEP certificate auto-enrollment, Profile updating, enhanced client upgrade process and language customization are now available. The other major change was the addition of a free 802.1x supplicant for wired and wireless connectivity. Cisco previous sold this product, Cisco Secure Services Client, as a stand-alone agent. The new functionality is called the Network Access Manager (NAM) module. It supports Windows OS, including Win7, only right now. This supplicant provides cutting edge feature support like 802.1AE MACsec. MACsec provides wired encryption of all traffic from the client to the switch. It is the endpoint piece of the Cisco TrustSec Architecture which provides hop by hop encryption between their switches. The decision to encrypt or not is maintained by a central policy in Cisco ACS 5.2. The AnyConnect NAM also allows for EAP-TTLS and EAP-GTC functionality that is lacking in the Windows OS built-in supplicant. EAP-TTLS provides two-factor authentication capability for wired and wireless using a certificate and a username/password check. EAP-GTC allows for the support of password replacement technologies like tokens and smartcards. The NAM has the ability to allow only one connection type at a time and by default it prefers wired over wireless. It will automatically shut down the wireless connectivity once it detects wired. In addition to 802.1x connectivity the NAM can also run a script after logon completes. You can use this scripting capability to run a program, update GPO, run a login script, or all sorts of other things. Last but not least, the NAM supports remote desktop connectivity even if the user logs off. The NAM will maintain session state if required.
中的AnyConnect 3.0嵌入式主机扫描模块删除下载思科安全桌面用于此目的的要求。这又使得主机扫描用户体验更快,浑然一体。主机扫描,也可以更容易地更新,以支持最新的AV,AS,PFW产品组合进行扫描。主机扫描结果通过使用思科ASA动态改变或将安全策略应用到主机。
思科的AnyConnect 3.0经纪人,现在是可用的。思科的AnyConnect软件被支撑在以下操作系统:-Windows XP,Vista和7 32和64位操作系统-MAC OSX 10.5 10.6 32位和64位-Linux -iPhone 4.1+ 4.2 -iPad -Windows移动6.1 -HP webOS的2.0至使用许多先进的功能,你将有你的Cisco ASA升级到8.4.1代码。退房的发行说明上的AnyConnect功能,客户端支持信息的详细信息,以及升级说明。http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html你想在思科的AnyConnect解决方案,看看有什么其他功能?
这里提出的意见和信息,我个人的看法,而不是我的雇主。我在没有办法我的雇主的官方代言人。
更多来自詹姆Heary: 信用卡撇:如何窃贼可以窃取你的卡信息而不让你知道 谷歌Nexus One与十大手机安全要求 为什么你应该总是切丝你的登机牌 影碟出租记录比你的在线数据提供更多的隐私保护 关于新的SSL攻击的真相 2009年度都市传奇在IT安全/ A>去 詹姆的博客 有关安全性的文章。*
*
*
*
*
*