With an exploding number of Wi-Fi mobile devices to manage, businesses are facing multiple challenges, from device provisioning to access security, while at the same time having to ensure a consistent and simple user experience.
Management remains a critical element in cost of ownership, and IT organizations are now looking for solutions that will help them to centrally and easily provision mobile devices with user access profiles.
Equally important, because mobile workers now use so many noncorporate networks, companies need solutions that automatically ensure secure access in all situations, even when mobile device users are using home networks, hotspots, or any neighboring wireless network that the Wi-Fi device may decide to associate with.
Solution Overview
With the Cisco® Secure Services Client 5.1, companies can now have a flexible, secure solution that will ease the burden of logging into wired and wireless networks and will improve employee productivity whether they are in the office, at home, or at a local hotspot.
The Cisco Secure Services Client is a software supplicant that enables businesses to deploy a single authentication framework to access both wired and wireless networks. The software client manages the user and device identity and the network access protocols required for secure access. The client optimizes the user experience when connecting to a Cisco unified wired and wireless network. Figure 1 is an example of a customer topology that shows how the Cisco Secure Services Client is used across the Cisco Unified Wireless Network.
Figure 1. Cisco Secure Services Network Topology
New Features
Cisco has added the following new features to enhance both the end-user and IT administrator experience.
Integrated Cisco IPSec VPN and User Accessible 802.1X Configurations
Cisco Secure Services Client (SSC) can now be configured to automatically start the Cisco IPSec VPN. This improves the end-user experience by initiating the VPN application and the Secure Computing Soft Token application. Both of these steps can now be handled by the SSC without user intervention. End users can access this feature through the new graphical user interface, as shown in Figure 2. The IT administrator can select this option in the XML file for enterprisewide deployment.
In addition, the end user can now create and edit 802.1X home networks. While the enterprise configuration is still controlled by the IT administrator, the user can now set basic 802.1X configurations for home networks.
Note: Using the integrated Cisco IPSec VPN requires that the end station have Version 4.8 of the IPSec VPN preinstalled. Secure Computing Soft Token Version 2.1 or higher is also required.
Figure 2. Easy-to-Use Interface for Connecting to the Cisco IPSec VPN
Support for FIPS 140-2 Level 1
The SSC has been submitted to NIST for approval to Federal Information Processing Standards (FIPS) 140-2 Level 1 certification. When ordered with the FIPS drivers (AIR-SSCFIPS-DRV) the SSC and the drivers combine to create the SSC FIPS solution. The FIPS drivers run on Wi-Fi chipsets from most major manufacturers.
Simple User Interface
The graphical user interface provides a convenient "two-click connect" to office, home, and public wired and wireless networks. This allows end users to connect to the network more easily and eliminates the security concerns of connecting to any open (public) network. The Available Connections window provides a comprehensive range of features and is accessible by right-clicking the taskbar icon or using the desktop icon. As Figure 3 shows, end users can view the connection status indicator for network name, strength, connection status, and IP address.
Figure 3. Status Information and Two-Click Connect through the Available Connections Window
Enterprise Deployment
The Enterprise Deployment feature (Figure 4) allows IT administrators to configure, automate and deploy user profiles through a single XML file or the Cisco-supplied management utility. The management utility guides the IT administrator through the policy and configuration settings for users, devices, VPN and allowed networks. This reduces the time and cost associated with deploying the clients to end users.
Figure 4. The Enterprise Deployment Feature
Filtering Unwanted Service Set Identifiers
IT administrators also have more control through the ability to filter unwanted service set identifier (SSID) networks. This feature is useful in an environment where there are multiple wireless networks. For example, an IT administrator may want to prevent employees from receiving wireless signals from public or residential networks in an apartment building that is adjacent to the office. In this scenario, the IT administrator can configure separate SSID groups for the office and home. This is advantageous for the end user as well, who will benefit from viewing fewer networks.
No Wireless When Wired
The SSC helps maintain corporate security policy by not allowing two active network connections. This security feature helps insure against bridging wireless and wired networks that can compromise network security.
Business Benefits
The latest Cisco Secure Services Client enhancements provide the following important benefits for end users and IT administrators:
• Improved user experience
– Allows employees to connect to office, home, and public networks more easily
– Improves employee productivity
– Reduces operating expenses for the IT help desk by lowering the number of support calls
• Enhanced security
– Enforces corporate compliance across all wired and wireless endpoint devices
– Prevents users from changing corporate configurations and minimizes the number or support calls for restoring access
• Centralized management
– Provides a consistent administrator experience with centralized management
– Automates management with an editable XML file for scripting
Summary
The Cisco Secure Services Client delivers a unified, end-to-end security framework across the Cisco unified wired and wireless network and supports new features that benefit both IT administrators and end users. The client now provides an improved user experience, enhanced security, integrated VPN support, FIPS support, and support for centralized management.
The Cisco Secure Services Client includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://openssl.org).
