• View
  29

• Download
  6

Access Manager for Windows 7.3. Access Manager for Windows allows you to restrict access to to key features of Windows, such as Control Panels or Start menu, network, Taskbar, desktop, system tray. This plan also offers non-VPN related services like AnyConnect Network Access Manager, Cloud Web Security module, and the Cisco Umbrella Roaming module. The second and more advanced offer is AnyConnect Apex. AnyConnect is an IoT Video Platform as a Service (PaaS) for connected smart cameras and other IoT video devices. AnyConnect platform library and Web APIs enable access control, streaming, computer.

Embed Size (px)

Text of Защищенный мобильный клиент Cisco AnyConnect Secure Mobility Client

• Cisco / , 2016. .

  Cisco. . 1 9

  Cisco AnyConnect

  Secure Mobility Client

  . .

  Cisco AnyConnect Secure

  Mobility Client . ,

  AnyConnect

  .

  , VPN-

  , . , Datagram

  Transport Layer Security (DTLS) , IP ( VoIP)

  TCP. IP Security Internet Key

  Exchange 2 (IPsec IKEv2). VPN Apple

  iOS, Google Android ( 5.0 ) Samsung KNOX VPN

  4.x.

  AnyConnect 4.x .

  VPN

  Cisco ASA

  .

  ,

  .

  ,

  , .

  AnyConnect Secure Mobility -,

  , , ,

  .

  - ,

  - Cisco Web Security

  Appliance Cisco Cloud Web Security . , VPN- ,

  Cisco Umbrella Roaming,

  , .

  Windows Mac OS X

  .

  Internet Protocol Flow

  Information Export (IPFIX), , Cisco StealthWatch.

  Cisco Advanced Malware Protection (AMP) Enabler, AnyConnect

  Cisco Advanced Malware Protection .

  VPN-,

  AnyConnect ( 802.1X, . .). ,

  , .

  AnyConnect.

  VPN AnyConnect IEEE

  802.1X,

  ,

• Cisco / , 2016. .

  Cisco. . 2 9

  .

  VPN , IEEE 802.1AE

  Media Access Control security (MACsec)

  ,

  .

  . 1 VPN Microsoft Windows.

  1. VPN Microsoft Windows

• Cisco / , 2016. .

  Cisco. . 3 9

  . 2 VPN Apple OS X.

  2. VPN Apple OS X

  AnyConnect ,

  , -. ,

  VPN, 802.1X, , , Cisco Umbrella Roaming,

  - Cisco Cloud Web Security,

  AMP ,

  , ,

  .

  AnyConnect, .

  . 3

  .

• Cisco / , 2016. .

  Cisco. . 4 9

  3.

  1 Cisco AnyConnect Secure Mobility.

  1.

  VPN-

  Windows 10, 8.1, 8 7

  Mac OS X 10.8

  Linux Intel (x64)

  . AnyConnect Mobile

  Cisco.com.

  AnyConnect Plus Apex , Plus

  .

  Cisco.com ID. . AnyConnect.

  : VPN-

  SSL (TLS DTLS); IPsec IKEv2.

  AnyConnect VPN-, , -.

  SSL (TLS 1.2 DTLS) IPsec (Internet Key Exchange 2) KEv2 .

  DTLS , , VoIP TCP.

  TLS 1.2 (HTTP TLS SSL) , -.

  IPsec IKEv2 , IPsec.

  , .

  .

  , VPN- IP-, , .

  http://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/data_sheet_c78-527494.htmlhttp://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf

• Cisco / , 2016. .

  Cisco. . 5 9

  Trusted Network Detection VPN- , , ,

  .

  , AES-256 3DES-168. ( .)

  , NSA Suite B, ESPv3 IKEv2, 4096- RSA, Diffie-Hellman group 24 SHA2 (SHA-256 SHA-384).

  IPsec IKEv2. AnyConnect Apex.

  , Microsoft Installer.

  ( ) ActiveX ( Windows) Java.

  .

  ( ).

  .

  .

  API-.

  RADIUS.

  RADIUS (MSCHAPv2) NT LAN Manager (NTLM).

  RADIUS (OTP) ( ).

  RSA SecurID ( SoftID).

  Active Directory Kerberos.

  (CA).

  - ( ), .

  Lightweight Directory Access Protocol (LDAP) .

  LDAP.

  ( ).

  ,

  , .

  AnyConnect.

  .

  .

  ,

  VPN.

  API- AnyConnect - .

  .

  .

  IP- IPv4 IPv6.

  IPv4 IPv6.

  .

  .

  VPN- Google Android (Lollipop) Samsung KNOX ( 4.0: Cisco ASA 5500-X OS 9.3

  AnyConnect 4.0).

  IP-

  .

  .

  (DHCP).

  RADIUS/ (LDAP).

  ( Apex).

  ( Cisco Identity Services Engine NAC Agent). Identity Services Engine 1.3

  Cisco Identity Services Engine Apex.

  , ISE Posture ( ISE) Hostscan ( VPN) ,

  / Windows .

  .

  ISE Posture Hostscan . , ,

  .

  , , CRC32,

  IP- . ,

  , .

  . . Host Scan. .

  http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/products-device-support-tables-list.html

• Cisco / , 2016. .

  Cisco. . 6 9

  AnyConnect, (, , . .).

  IPv4 IP- (ACLs) IPv6.

  Windows Mac OS X.

  :

  (cs-cz)

  (de-de)

  (es-es)

  (fr-fr)

  (ja-jp)

  (ko-kr)

  (pl-pl)

  (zh-cn)

  () (zh-tw)

  (nl-nl)

  (hu-hu)

  (it-it)

  () (pt-br)

  (ru-ru)

  ,

  , .

  , .

  , .

  . AnyConnect Cisco Adaptive Security Device

  Manager (ASDM).

  ..

  .

  Cisco .

  (FIPS)

  FIPS 140-2 2 ( , ).

  - (

  -)

  -, - (SaaS)

  -, .

  .

  , .

  -.

  .

  , .

  , .

  . Cisco Umbrella Roaming ( Cisco

  Umbrella Roaming)

  VPN-.

  , C2 .

  .

  DNS VPN- (

  ).

  ( Apex.) ,

  , , .

  .

  .

  .

  Internet Protocol Flow Information Export (IPFIX).

  Advanced Malware

  Protection (AMP) for Endpoints

  Enabler (

  AMP for Endpoints)

  AnyConnect Cisco AMP .

  , .

  , .

• Cisco / , 2016. .

  Cisco. . 7 9

  Windows 10, 8.1, 8 7

  Mac OS X 10.8 Network Access Manager 802.1X

  Ethernet (IEEE 802.3)

  Wi-Fi (IEEE 802.11a/b/g/n) IEEE 802.1X-2001, 802.1X-2004 802.1X-2010

  802.1X , .

  , .

  Cisco.

  (Extensible

  Authentication Protocol, EAP).

  EAP-Transport Layer Security (TLS)

  EAP-Protected Extensible Authentication Protocol (PEAP) :

  o EAP-TLS;

  o EAP-MSCHAPv2.

  o EAP-Generic Token Card (GTC)

  (EAP-Flexible Authentication via Secure Tunneling, FAST) :

  o EAP-TLS;

  o EAP-MSCHAPv2;

  o EAP-GTC.

  EAP-Tunneled TLS (TTLS) : o (Password Authentication Protocol, PAP); o (Challenge Handshake Authentication Protocol,

  CHAP);

  o Microsoft CHAP (MSCHAP); o MSCHAPv2; o EAP-MD5; o EAP-MSCHAPv2;

  EAP (LEAP), Wi-Fi;

  EAP-Message Digest 5 (MD5), , Ethernet;

  EAP-MSCHAPv2, , Ethernet;

  EAP-GTC, , Ethernet.

  (

  802.11 NIC)

  .

  , (Wired Equivalent Privacy, WEP).

  WEP.

  Wi-Fi (WPA) .

  WPA2 .

  WPA (WPA-PSK).

  WPA2 (WPA2-PSK).

  CCKM ( Cisco CB21AG Wireless NIC).

  Cipher Block Chaining Message Authentication Code Protocol (CCMP)

  Advanced Encryption Standard, AES.

  (Temporal Key Integrity Protocol, TKIP) Rivest Cipher 4 (RC4).

  RFC2716 (EAP-TLS) EAP-TLS, EAP-FAST, EAP-PEAP EAP-TTLS.

  EAP-FAST .

  PMK-ID [ (Proactive Key Caching, PKC) (Opportunistic Key Caching, )], Windows XP.

  Ethernet : IEEE 802.1AE (MACsec).

  : MACsec Key Agreement (MKA)

  Ethernet , .

  .

  , .

  .

  Ethernet . .

  30 . EAP

  (EAP-FASTv2) ( ).

  EAP.

  (ECE) .

  .

  .

  .

• Cisco / , 2016. .

  Cisco. . 8 9

  (Suite B) .

  - (Elliptic Curve Diffie-Hellman key exchange, ECDHKE).

  (Elliptic Curve Digital Signature Algorithm, ECDSA).

  Windows.

  RSA SecurID.

  (OTP).

  - (Axalto, Gemplus, SafeNet iKey, Alladin).

  X.509.

  (Elliptic Curve Digital Signature Algorithm, ECDSA).

  (Remote Desktop Protocol, RDP).

  Windows 10, 8.1, 8 7.

  AnyConnect Cisco ASA

  5500-X 5500 , Cisco ASA 8.0(4) .

  .

  Cisco ASA ASA 5500-X.

  Cisco VPN- AnyConnect Cisco IOS 15.1(2)T ,

  . .

  , Cisco IOS SSL VPN.

  Cisco IOS . : http://www.cisco.com/go/fn.

  . :

  http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html.

  AnyConnect 4.x AnyConnect Plus Apex.

  : http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf.

  Cisco Capital

  ,

  Cisco Capital ,

  . .

  . . Cisco

  Capital , ,

  . .

  Cisco Capital 100 . .

  http://www.cisco.com/go/asahttp://www.cisco.c

Cisco's Anyconnect Network Access Manager

• The AnyConnect Secure Mobility Client 3.0 has a nice module for managing wireless (and wired) networks in Windows. This module is called the Network Access Manager.
• Cisco AnyConnect client couldn’t be updated from version 4.4.04030 to 4.5.02036. Hereby, the precise issue is, the Network Access Manager Filter Driver (3.1.6010 – 4.3.5009) couldn’t be renewed. Workaround by Cisco: We opened an official Cisco ticket to solve this issue. They mentioned, the software upgrade process has to be straight.