The Cisco® Secure Services Client is a software application that enables businesses of all sizes to deploy a single authentication framework across endpoint devices for access to both wired and wireless networks. The Cisco Secure Services Client solution delivers simplified management, robust security, and lower total cost of ownership. Through a simplified and scalable deployment mechanism, IT administrators can deploy and manage the Cisco Secure Services Client across the enterprise. The software client manages the user and device identity and the network access protocols required for secure access.
The Cisco Secure Services Client uses the IEEE 802.1X authentication standard to provide a robust first line of defense against unauthorized network intrusions. Using the 802.1X standard, access control decisions are made before the endpoint device is granted an IP address and access to the network. This gives the Cisco Secure Services Client the flexibility to deploy strong security for managing identity-based access for users and devices, and to deliver an effective port management solution. As a result, the operational cost of protecting the network is reduced.
Cisco Secure Services Client Version 5.1 contains an enterprise deployment feature that allows IT administrators to configure and deploy client profiles to the entire organization. Deploying the client from a centralized location saves significant time and ultimately helps lower the total cost of ownership (TCO) of deploying an 802.1X supplicant.
New Features and Benefits
Version 5.1 of the Cisco Secure Services Client includes the following new features.
Automatic VPN Feature
• Integrated Cisco IPSec VPN.
• Integrated Secure Computing Soft Token.
FIPS 140-2 Level 1 Compliant Solution
• Federal Information Processing Standards (FIPS) drivers available (ordered separately).
Cisco Enterprise Deployment Mechanism
• Client provisioning from a unified XML file.
• Single provisioning schema independent of hardware.
• The administrator can now easily create an MSI file containing the XML and EXE file for installation.
• Files can then be deployed using standard deployment tools such as Microsoft Active Directory, Microsoft SMS, and Altiris.
Filtering of Unwanted Service Set Identifiers (SSIDs)
• Decreases the number of available networks for users.
• Enforces corporate security policies for end users.
Enforcing Wired over Wireless
• Enables wireless interface to be disabled when a wired connection is present.
• Eliminates unwanted wireless bridging to wired network.
Policy Enforcement Manager
• Enforces an 802.1X identity-based network security framework.
• Configures and enforces access policies to protect corporate resources and assets.
Network Profile Manager
• Using the administrator console, administrators can define preconfigurations, lock down client features, and deploy end-user profiles for enterprise, travel, and home connections.
• Provides network entitlement rights for employees, guests, and suppliers with different levels of security.
• Windows single sign-on (SSO) capabilities, including device and user authentication.
• User-based authentication session and credential challenge.
Secure Network Access
• Authenticated access to 802.1X wired and wireless LANs.
• Compatible with Wi-Fi-certified devices.
• Support for all Wi-Fi encryption modes: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access-personal mode (WPA-personal mode), WPA2-personal mode, WPA-enterprise mode, WPA2-enterprise mode, Dynamic WEP (802.1X), Advanced Encryption Standard (AES), Temporal Key Integrity Protocol (TKIP).
• Support for a wide selection of Extensible Authentication Protocol (EAP) types.
• Protection of user privacy with EAP "anonymous" access.
• Compatible with the Cisco Secure Access Control Server (ACS).
Access Management and Automated Configuration Control
• Enterprise deployment mechanism through a unified XML file.
• Delivers user access policies to any port accessed by a user.
• Centrally deploys Microsoft Active Directory machine or user group profiles.
• Enables automatic configuration of VLANs.
• Comprehensive SSO support for the Windows login environment.
Flexible Selection of User Credentials
• Interactive user passwords or Windows passwords.
Wired Ethernet 802.3 and Wi-Fi 802.11a, 802.11b, 802.11g, 802.11n
Any 802.1X-compatible Wi-Fi access point and wired Ethernet switch
Authentication, authorization, and accounting (AAA) interoperability
Supports standard RADIUS servers such as Cisco Secure ACS and Microsoft Internet Authentication Service (IAS)
Active Directory machine and user authentication
Export network profiles and lock user interface
Automatic VPN require the following software to be pre-installed;
• Cisco IPSec VPN version 4.8 or higher on Windows XP
• Cisco IPSec VPN version 5.0.03.0560 or higher on Windows Vista
Integrated Software Token Applications (XP/2000)
Automatic software PIN generation requires the following software to be preinstalled;
• Secure Computing SofToken II (Version 2.1 or later)
FIPS Solution (XP)
Meets Federal Information Processing Standard 140-2 Level 1.
• Requires the purchase of separate drivers for a complete FIPS 140-2 Level 1 client solution on Windows XP. Driver part numbers are AIR-SSCFIPS-DRV (see ordering guide for more detail).
• Supports many of the popular Intel, Broadcom, and Atheros Wi-Fi chipsets
• FIPS mode includes support EAP-TLS, EAP-FAST and PEAP association methods
Table 2 lists minimum system requirements for Cisco Secure Services Client Version 5.1.
Table 2. System Requirements for Cisco Secure Services Client Version 5.1
Pentium III 500 MHz (minimum), wired or wireless network card with a driver that supports NDIS 5.1 (wireless card should have the Wi-Fi Alliance stamp or logo)
• 128-MB RAM
Windows Vista (Business, Enterprise, or Ultimate), Windows XP (Home, Tablet, or Pro) SP1/SP2, Windows 2000 Pro SP4, Windows 2000 (Advanced) Server SP4, Windows 2003 Server (Standard, Enterprise)
Table 3 lists the part number for Cisco Secure Services Client Version 5.1 as well as the drviers that are required for FIPS on Windows XP. The FIPS drviers are typically required only for FIPS environments such as the Department of Defense and other U.S. and Canadian government entities.
Table 3. Ordering Information for Cisco Secure Services Client Version 5.1
Cisco Secure Services Client (XP/2000)
Cisco Secure Services Client (Vista)
SSC FIPS Drivers (XP only)
Service and Support
Cisco and our Wireless LAN Specialized Partners offer a broad portfolio of end-to-end services based on proven methodologies for planning, designing, implementing, operating, and optimizing the performance of a variety of secure voice and data wireless network solutions, technologies, and strategies. Cisco Wireless LAN Specialized Partners bring application expertise to help deliver a secure enterprise mobility solution with a low total cost of ownership. For more information about Cisco Services for wireless LAN, visit: http://www.cisco.com/go/wirelesslanservices.