Feature Briefs

How the roaming client for Max OS X works

Issue link: https://learn-umbrella.cisco.com/i/801864

Contents of this Issue


Page 1 of 1

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Prevent threats before a connection even happens At the core of what enables Umbrella to stop advanced threats that no one else can is our ability to enforce security at the DNS layer. Browsers will not connect to malicious websites and already installed malware will not connect to command & control servers because Umbrella will never return a malicious IP. Our intelligence on every domain and IP enables us to predict and prevent threats before they happen. But we know you don't want us resolving every DNS request. On-premises servers or some sites have internal domain names that you want to resolve using your DNS servers. Our client software is smart enough to know where to forward different DNS requests. Going beyond DNS. Yet again. In addition to tunneling and proxying connections, the default DNS protocol lacked detailed context for who or what originated a request. Plus, DNS lacked privacy for man-in-the- middle attacks. We're using RFC-compliant extension mechanisms for DNS (aka. EDNS) to remove these limitations. Using EDNS, we can embed unique device identifiers into each request. This identifier enables us to enforce the right policy for the right device no matter where it's located. We're also the first recursive DNS service to secure the "last mile" of DNS traffic between you and the ISP. Just as SSL turns HTTP web traffic into HTTPS, Umbrella turns regular DNS into encrypted DNS traffic. Possible eavesdropping is mitigated without any changes to domain names or how they work. All these innovations beyond DNS are the foundation of our cloud security platform. Umbrella delivers a cloud offering built for security everywhere, which recreates the benefits of a traditional network perimeter without appliances. Already use Cisco AnyConnect? You're in luck — no additional agents need to be installed! Simply upgrade to v4.3 or later and enable the roaming security module for the same protection wherever users go. Plus, it enables logging by username in addition to hostname. How to deploy the roaming client • Install the software with Apple Remote Desktop using command line interface. Or install manually using the user interface. • Base functionality and the direct IP connection blocking feature supports Mac OSX 10.7 ("Lion") or later. • Windows is also supported; details here Figure 2: Allow, block, or proxy DNS-based internet activity Note: The [Built-In OS Operational Parameters] include the Mac OS X resolv.conf file configuration Built-in OS operational parameters Your DNS server Mac OS X device Your DNS server Your DNS server Customer's internal domain list Set DNS server to Start here Start here Umbrella roaming client Any running app operational parameters Built-in OS Umbrella roaming client Any running app Mac OS X device operational parameters Built-in OS Umbrella roaming client Any running app Mac OS X device Umbrella global network Umbrella global network Umbrella global network Encrypted EDNS request w/device ID Forwards the identical DNS request Enforces security policy based on threat intel & device ID Returns IP to requested domain, block page, or proxy DNS requests to internet domains DNS server DNS requests to internet domains Response from your DNS server Step 1 watch for new networks & continuously set DNS Step 2a internet domains resolved by Umbrella Step 2b internal domains resolved by your DNS server or

Articles in this issue

Links on this page

view archives of Feature Briefs - How the roaming client for Max OS X works