What is AnyConnect Secure Mobility Client?
AnyConnect secure mobility client is basically a VPN access tool that provides additional security while allowing a connection to the remote network.
As AnyConnect supports two VPN protocols IPsec and SSH which provides more security. It has multiple modules that enhance its functionality, capabilities and security
There are two Posture modules in AnyConnect:
ISE Posture
HostScan
How ISE Posture works:
ISE Posture first does client evaluation against posture requirement policies, post that clients receive requirement policy from headend. They collect all required data and compare against policies and sends back results to anyconnect via headend.
Further AnyConnect evaluates whether endpoint is compliant or not. If the endpoint is compliant then the VPN connection can proceed.
Note:- here, headend could be either ASA (adaptive security appliance) or FTD firewall or ISE server.
Features of ISE Posture modules:
- Posture checks
- Necessary remediation
- Reassessment of endpoint clients
- Automatic compliance
Posture checks:
In this process, ISE posture module uses OPSWAT to perform posture checks. if endpoints fail to satisfy all mandatory requirements, it marks as non-compliant. network access will proceed only once the endpoint gets compliant.
Note:- OPSWAT (Omni-Platform Security with Access Technologies) is a security vendor that helps to protect from malware attack, provide secure data transfer and many more features.
Necessary remediation:
In this phase, We would see what has been detected and what needs to be done against policy. after that we will get “acceptable use policy notification” which should to be allowed to get access to the networks.
Patch management checks and remediations:
AnyConnect and Microsoft SCCM integrations provide patch management checks and patch management remediations. It checks critical patches in remote.
If it finds any missing patches then corrective action must be triggered for that. and post the successful completion of all the missing patches, patch management passes the check.
Reassessment of endpoint clients:
Post the endpoint is deemed compliant and is granted for network access. We have an option to do repeated reassessment to the remote hosts.
This posture check differs from initial posture checks, it allows the user to remediate if it configured as such. if it fails to meet the requirements, as a result the endpoint marks as non-compliant.
#scala #secure mobility client #ise
