The Cisco ASA VPN environment does indeed provide options to ensure the security requirements of remote access clients are met along with provisions to ensure that the VPN itself is consistently available. This article explores these current options. Cisco Secure Desktop This software package seeks to minimize the risks that a system VPNing into your network might pose. The features of CSD include: Prelogin assessment – this module installs itself after the user connects but prior to login – this module checks the remote device for files, digital certificates, the operating system, IP address and Microsoft Windows registry keys Host Scan – a security scan is performed prior to client login Secure Desktop (Vault) – this module encrypts the data and files that are associated or downloaded during the remote session into a secure desktop partition Cache Cleaner – this module cleans the browser cache at the end of the VPN session Keystroke logger detection – scans for processes or modulesthat record end user keystrokes Cisco Secure Desktop policies – these policies specify the remote user experiences rights and restrictions during the VPN session Integration with DAP – the Cisco Secure Desktop integrates with the dynamic access policy efforts of the Cisco ASA Host emulation detection – the Cisco Secure Desktop is able to determine if the Microsoft Windows host is running over virtualization software Windows Mobile Device Management – includes posture checks that are specific to mobile devices Standalone installation package – this permits the deployment of the Cisco Secure Desktop using third party software distribution and management tools Manual Launch – allows users to run the software that do not have ActiveX or Java permissions on the local machine You should note that the Cisco Secure Desktop takes particular security actions at prelogin, login, and postlogin. High Availability Features Current high availability and performance options for your VPN infrastructureinclude: Redundant peerings per the client profile Stateful active/standby failover Cluster load balancing Server load balancing In future posts here at blog.ipexpert.com – we will be examining these additional security and high availability options in more detail. Anthony Sequeira CCIE, CCSI Twitter: @compsolv Facebook: