10 元
下载资源

移动终端整合解决方案

上传人:仙*** 文档编号:241635279 上传时间:2024-07-11 格式:PPT 页数:29 大小:4.60MB
返回 下载 相关 举报
移动终端整合解决方案_第1页
第1页 / 共29页
移动终端整合解决方案_第2页
第2页 / 共29页
移动终端整合解决方案_第3页
第3页 / 共29页
点击查看更多>>
资源描述
Cisco Confidential 2010 Cisco and/or its affiliates.All rights reserved.1移动终端整合解决方案李 嵩SBN Security Team移动终端整合解决方案李 嵩Cisco Confidential 2010 Cisco and/or its affiliates.All rights reserved.2统一安全接入架构 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential3SOURCES:A,Public Filings,Morgan Stanley Research,Gartner,IDCPC/Web 时代代后后-PC 时代代移移动优先先 时代代SOURCES:A,Public Fi 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential4“如何掌控多种移动 OS?”“如何分发APP应用,如何推进 BYOD?”“如何分发文档资料并保证安全?”“如何保证信息安全合规?”“我需要不停的去满足用户的新需求,同时还有确保安全合规”“如何掌控多种移动 OS?”“如何分发APP应用,“如何分发 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential5无无线网网络CiscoPrime Infrastructure有有线网网络CatalystSwitchesIdentity Services Engine(ISE)Cisco WLCMDM Mobile Device ManagerVPN接入接入 MDM ManagerMobility Services Engine(MSE)CiscoAnyConnect统一安全接入架构统一的网络,统一的策略,统一的管理无线 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential6Enterprise App Mgmt(Distribution,Config)InventoryManagement Device Management(Backup,Remote Wipe,etc.)Policy Compliance(Jailbreak detection,PIN lock,etc.)Secure Data ContainersAcceptable Use Policy(AUP)Classification/ProfilingRegistrationSecure Network Access(Wireless,Wired,VPN)Context-Aware Access Control(Role,Location,etc.)Cert+Supplicant Provisioning User Device OwnershipMobile+PC设备设备管理管理网网络层管控管控管控融合管控融合MDM服务端到客户端的管控融合Enterprise App Mgm 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential7ISE通过和下面六家MDM厂商合作,开放API接口进行互联Cisco 通过测试的厂商如下,ISE 1.3 我们会有更多的MDM厂商加入:AirWatch Version 6.2 MobileIron Version 5.5 SAP Afaria 7.0 SP3 Citrix(Zenprise)Version 7.1 Good Technology Version 2.3 Fiberlink MaaS360ISE-MDM 互联厂商ISE通过和下面六家MDM厂商合作,2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential8ISE&MDM 结合常见连接方式 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential9设备注册周期性的合规性检测非合规性修复通过ISE 进行设备远程操作客户终端设备自管理功能ISE 1.2 MDM 集成常用使用场景设备注册 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential10User:Group:Certificates:Device Registered:Manufacturer:Model:OS Version:Apps:Encryption:Password:Compromised:Profiles:Ownership:Location:Cisco ISEMobileIron设备注册设备注册启用 VLAN移除企业Email启用 ACL初始提示安装企业应用启用 group ACL移除被管控的企业应用启用 ToS(为 QoS使用)移除企业应用访问权限URL 重定向移除企业数据Tag 数据包选择性擦除企业数据整机擦除数据应用企业网络及安全配置移除企业网络及安全配置设备设备状状态态+管控管控动动作作MobileIron深度深度设备状状态识别Cisco ISE网网络层管理管理动作作User:Cisco ISEMobileIron设备注册设 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential11User:Group:Certificates:Device Registered:Manufacturer:Model:OS Version:Apps:Encryption:Password:Compromised:Profiles:Ownership:Location:模模拟场景景:未注册未注册iPad进入企入企业网网络环境境User:模拟场景:未注册iPad进入企业网络环境场景模 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential12注册成功注册成功:设备网络策略部署完毕,给予企业内网访问权限终端状态Posture实时检查设备是否合规User:UnknownGroup:UnknownCertificates:NoneDevice Registered:NoManufacturer:UnknownModel:UnknownOS Version:UnknownApps:UnknownEncryption:UnknownPassword:UnknownCompromised:UnknownProfiles:UnknownOwnership:UnknownLocation:HQCisco ISE:授权访问WiFi限制访问权限 于客户 vLan重定向浏览器访问设备注册地址移交至MobileIron设备注册MobileIron:设备注册 MDM配置设备安全策略:-锁屏密码-数据加密策略-禁用摄像头-禁用 iCloud配置企业Email 加密附件策略分发企业应用(初始化提醒安装)-配置 Cisco AnyConnect 配置企业侧SharePoint的安全访问安装快捷图标 访问IT及财务门户模模拟场景景:未注册未注册iPad进入企入企业网网络环境境 ISE 及及MDM管控管控动作作注册成功:User:UnknownCisco ISE:授权 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential13移除移除违规App后后:恢复所有网络权限SharePoint访问,企业电子邮件及企业应用Apps自自动重新部署重新部署User:Chris WilliamsGroup:FinanceCertificates:PresentDevice Registered:YesManufacturer:AppleModel:iPadOS Version:6.1Apps:Violation-DropboxEncryption:EnabledPassword:EnabledCompromised:NoProfiles:PresentOwnership:CorporateLocation:HQCisco ISE:禁止访问企业文件服务器重定向浏览器访问AUP用户规范内网页面设备处于隔离vLan环境 仅提供自我矫正所需的网络权限模模拟场景景:用用户安装安装违规应用用Apps自自动矫正正违规行行为移除违规App后:User:Chris WilliamsC 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential14基于域控基于域控AD的的策略策略变化化:所有的策略变化都基于企业AD的变化User:Michelle JonesGroup:DirectorateCertificates:PresentDevice Registered:YesManufacturer:AppleModel:iPadOS Version:6.1Apps:NoneEncryption:EnabledPassword:EnabledCompromised:NoProfiles:PresentOwnership:CorporateLocation:HQCisco ISE:标记数据包启用加密传输标记 VOIP 优先传输授权访问内部加密文件模模拟场景景:用用户提升提升为管理管理层与企与企业AD无无缝集成集成自自动授授权基于域控AD的User:Michelle JonesCisCisco Confidential 2010 Cisco and/or its affiliates.All rights reserved.15互联部署和配置注意事项 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential16Access-AcceptRegistered DeviceNoMyDevicesISE BYOD RegistrationCoACoAYesMDMRegisteredNoISE Portal Link to MDM OnboardingCoACoAYesMDM认证流程Access-AcceptRegistered De 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential17证书导入 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential18开启MDM API 接口 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential19这个需要注意证书中的FQDN 是域名还是IP地址MDM服务器配置连接这个需要注意证书中的FQDN 是域名还是 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential20导入MDM证书到ISE中 ISE和MDM时间不能超过5分钟。最后都设置NTP服务器。ISE 添加MDM服务器时,可以用IP也可以用Domain name,但如果证书FQDN是Domain Name 就必须使用统一的信息。分配API权限给互联账户。MDM服务器配置连接注意事项导入MDM证书到ISE中 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential21ISE 能设置下面的15种属性值,MDM合规属性可以提供更多的组合合规性检测类:此功能通MDM服务器反馈验证结果 移动设备合规检测PIN密码检测越狱信息硬件厂商信息,包括厂商名字,型号类型,序列号,操作系统版本。每4小时会重新检测一次,如果不合规会发送CoA 中断认证会话合规性设置需要在MDM合规性设置需要在ISE配置MDM属性设置选项ISE 能设置下面的15种属性值,MDM 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential22移动终端登录需要进行安全合规检测Jail BrokenEncryptionISE RegisteredPIN LockedMDM RegisteredJail Broken安全合规检测条件授权策略ISE设定MDM 授权策略移动终端登录需要进行安全合规检测 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential23Own Common TaskMDM 客户端自助部署Own Common Task 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential24为管理员和用户界面集成了MDM功能,用户可以通过自管理页面发送请求给MDM 服务器,进行远程操作(例如:远程设备擦除)MyDevices Portal Endpoints Directory in ISE编辑复原设备丢失处理删除全部擦除公司内容擦除PIN锁定选项MDM 功能集成为管理员和用户界面集成了MDM功能,用户可以 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential2525ISE 移动客户端管理报表25 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential26iOS 平台接入过程体验(以iOS 7.x 为例)Andriod平台接入过程体验(以Andriod 4.3 为例)部署配置文档下载link:http:/hkg-filer03b-web/wg-s/security_solutions/Published/Chinese%20documents/Security%20Knowledge%20Share/场景演示iOS 平台接入过程体验(以iOS 7.x 为例)移动终端整合解决方案 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential28Features on ISE 1.3 wrt MDM 2010 Cisco and/or its affiliates.All rights reserved.Cisco Confidential29移动终端整合解决方案
展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 管理文书 > 施工组织


copyright@ 2023-2025  zhuangpeitu.com 装配图网版权所有   联系电话:18123376007

备案号:ICP2024067431-1 川公网安备51140202000466号


本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。装配图网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知装配图网,我们立即给予删除!