The Cisco® Secure Services Client is a software application that enables businesses of all sizes to deploy a single authentication framework across endpoint devices to enable access to both wired and wireless networks. The Cisco Secure Services Client solution delivers simplified management, robust security, and lower total cost of ownership. Through a simplified and scalable deployment mechanism, IT administrators can deploy and manage the Cisco Secure Services Client across the enterprise. The software client manages the user and device identity and the network access protocols required for secure access.
The Cisco Secure Services Client uses the IEEE 802.1X authentication standard to provide a robust first line of defense against unauthorized network intrusions. Using the 802.1X standard, access control decisions are made before the endpoint device is granted an IP address and access to the network. This gives the Cisco Secure Services Client the flexibility to deploy strong security for managing identity-based access for users and devices, and to deliver an effective port management solution. As a result, the operational cost of protecting the network is reduced.
The Cisco Secure Services Client Version 5.1 contains an enterprise deployment feature that allows IT administrators to configure and deploy client profiles to the entire organization. Deploying the client from a centralized location saves significant time and ultimately helps lower the total cost of ownership (TCO) of deploying an 802.1X supplicant.
New Features and Benefits
Version 5.1 of the Cisco Secure Services Client includes the following new features:
Automatic VPN Feature
• Integrated Cisco IPSec VPN
• Integrated Secure Computing Soft Token
FIPS 140-2 Level 1 Compliant Solution
• Available FIPS drivers (ordered separately)
Cisco Enterprise Deployment Mechanism
• Client provisioning from a unified .xml file
• Single provisioning schema independent of hardware
• The administrator can now easily create an .msi file containing the .xml and .exe file for installation
• Files can then be deployed using standard deployment tools such as Microsoft Active Directory, Microsoft SMS, and Altiris
Filtering of Unwanted Service Set Identifiers (SSIDs)
• Decreases the number of available networks for users
• Enforces corporate security policies for end users
Enforcing Wired over Wireless
• Enables wireless interface to be disabled when a wired connection is present
• Eliminates unwanted wireless bridging to wired network
Policy Enforcement Manager
• Enforces an 802.1X identity-based network security framework
• Configures and enforces access policies to protect corporate resources and assets
Network Profile Manager
• Using the administrator console, administrators can define preconfigurations, lock down client features, and deploy end-user profiles for enterprise, travel, and home connections
• Provides network entitlement rights for employees, guests, and suppliers with different levels of security
Credential Manager
• Windows single sign-on (SSO) capabilities, including device and user authentication
• User-based authentication session and credential challenge
Secure Network Access
• Authenticated access to 802.1X wired and wireless LANs
• Compatible with Wi-Fi-certified devices
• Support for all Wi-Fi encryption modes: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access-personal mode (WPA-personal mode), WPA2-personal mode, WPA-enterprise mode, WPA2-enterprise mode, Dynamic WEP (802.1X), Advanced Encryption Standard (AES), Temporal Key Integrity Protocol (TKIP)
• Support for a wide selection of Extensible Authentication Protocol (EAP) types
• Protection of user privacy with EAP "anonymous" access
• Integration with Cisco Trust Agent, providing strong Layer 2 802.1X-based Network Admission Control (NAC) support
• Compatible with the Cisco Secure Access Control Server (ACS)
Access Management and Automated Configuration Control
• Enterprise deployment mechanism through a unified .xml file
• Delivers user access policies to any port accessed by a user
• Centrally deploys Microsoft Active Directory machine or user group profiles
• Enables automatic configuration of VLANs
• Comprehensive SSO support for the Windows login environment
Wired Ethernet 802.3 and Wi-Fi 802.11a, 802.11b, 802.11g
Switch interoperability
Any 802.1X-compatible Wi-Fi access point and wired Ethernet switch
Authentication, authorization, and accounting (AAA) interoperability
Supports standard RADIUS servers such as Cisco Secure ACS and Microsoft Internet Authentication Service (IAS)
Windows SSO
Active Directory machine and user authentication
Enterprise deployment
Export network profiles and lock user interface
Integrated VPN
Automatic VPN and Secure Computing Soft Token require the following software to be preinstalled;
• Cisco IPSec VPN Version 4.8 or later
• Secure Computing Soft Token Version 2.1 or later
FIPS solution
Meets Federal Information Provessing Standard 140-2 Level 1.
• Requires the purchase of separate drivers for a complete FIPS 140-2 Level 1 client solution. Driver part numbers are AIR-SSCFIPS-DRV (see ordering guide for more detail).
• Supports Intel, Broadcom, and Atheros Wi-Fi chipsets
• FIPS mode includes support EAP-TLS, EAP-FAST and PEAP association methods.
System Requirements
Table 2 lists minimum system requirements for the Cisco Secure Services Client Version 5.1.
Table 2. System Requirements for Cisco Secure Services Client Version 5.1
System
Minimum Requirements
Disk space
30 MB
Hardware
Pentium III 500 MHz (minimum), Windows 2000 (Advanced) Server SP4, Windows 2003 Server (Standard, Enterprise), wired or wireless network card with a driver that supports NDIS 5.1 (wireless card should have the Wi-Fi Alliance stamp or logo)
FIPS driver compatabiltiy
The drivers required for FIPS compliance (AIR-SSCFIPS-DRV) require the following Wi-Fi chipsets;
• Intel: 2100, 2200, 2915, 3945
• Broadcom: All BCM 43XX
• Atheros: 5001, 5004, 5005, AR5211, AR5212
Memory
128-MB RAM
Software
Windows XP (Home or Pro) SP1/SP2, Windows 2000 Pro SP4, Windows 2003 Server
Ordering Information
Table 3 lists the part number for the Cisco Secure Services Client Version 5.1 as well as the drviers that are required for FIPS. The FIPS drviers are typically required only for FIPS environments such as the Department of Defense and other U.S. and Canadian government entities.
Table 3. Ordering Information for Cisco Secure Services Client Version 5.1
Product Name
Part Number
Cisco Secure Services Client
AIR-SC5.0-XP2K
SSC FIPS Drivers
AIR-SSCFIPS-DRV
Service and Support
Cisco and our Wireless LAN Specialized Partners offer a broad portfolio of end-to-end services based on proven methodologies for planning, designing, implementing, operating, and optimizing the performance of a variety of secure voice and data wireless network solutions, technologies, and strategies. Cisco Wireless LAN Specialized Partners bring application expertise to help deliver a secure enterprise mobility solution with a low total cost of ownership. For more information about Cisco Services for wireless LAN, visit: http://www.cisco.com/go/wirelesslanservices.
