The Cisco Secure Desktop solves the problem of securing the client end machine before it is given access to a company's Intranet. It does this in two ways. First through the enforcement of company system policies through System Detection. System Detection scans the end clients' machine verifying that system policies are meet on the end machine. These policies include minimal Operating System requirements, updated AntiVirus software, or requirements for a Personal Firewall. If the System Detection scan meets company policy as configured by the Administrator then the client is given access. The second side to the Secure Desktop is the Cache Cleaner and the Secure Space. These secure the end client to handle sensitive information that is accessible on the company's Intranet. The Cache Cleaner runs at the end of the session removing cookies, cached files, and history created during the session. The Secure Space creates a virtual desktop within the guest's desktop. All disk writes within this virtual desktop are written in an encrypted format, a separate virtual registry is maintained, as well as an overlaid limited file system. This entire virtual desktop is wiped clean after the session, removing any trace of confidential documents that the user might have manipulated during their session. I worked on integrating the Cisco Secure Desktop into Cisco's SSL VPN Concentrator and worked on making the Cisco Secure Desktop's functionality more robust.

• Client Installation The Cisco Secure Desktop is installed through the clients browser using a number of different methods depending on the client's Operating System and the users privileges. The installation methods include ActiveX, Java (Sun JVM and Microsoft JVM), and Windows EXE. I worked on making sure that the installation worked properly on a myriad of browsers and operating systems. I also developed a virtual RAM disk on the VPN Concentrator to accelerate the downloading of the many components (Files serve much faster from memory than from flash storage).
• Management Interface I integrated the web-based administration console into the Concentrators existing console. I also expanded the management interface to support a number of new features related specifically to the Secure Desktops interaction with the VPN Concentrator
• Package Upgrade I developed a special package installation process to allow the Cisco Secure Desktop to be upgraded independently of the VPN Concentrator image without the need for restarting the system. A new package could be uploaded through the management web interface. The package consisted of a ZIP/JAR like archival format that would be stored in flash memory, but which would be extracted into a virtual RAM based file system for efficiency and to reduce the reads and writes made to flash memory.
• System Detection I redesigned and reimplemented System Detection from scratch. Moving the code from a linear design that was hard to expand to an Object Oriented design that encapsulated the different AntiVirus, Personal Firewall Utilities, and Operating Systems into separate classes. This allowed the identification of new utilities to be as easy as constructing a new object using the Clue objects that specified how to extract the appropriate system information. This scan information is later processed through the VPNPolicy and Criteria objects to grant or deny access to specific features.

The Array SP (Secure Proxy) is a network appliance that sits on the edge of a company's Intranet and allows users to securely connect to the Intranet from remote locations in the Internet through a secure SSL connection. This product allows companies to expand their network and offer use of internal applications from anywhere without the cost of expensive hardware. It is often referred to as painless VPN, because it offers the features of a VPN without the setup of costly hardware (Resources can be accessed through any SSL capable web browser). I've worked on the following SP features:

• WRM Web Resource Mapping is the technology used to map all the internal servers into the address space of the SP, this requires pages to be rewritten dynamically to map them to the Array SP's hostname, this includes rewrite of (HTML, JavaScript, and Flash)
• Fileshare Gives the user a simple web interface to upload, delete, rename, move, and view file systems in the internal network including CIFS (Microsoft) and NFS (Unix)
• Client Security Secures the users machine that is accessing the SP either by loading a "Virtual Secure Desktop" that encrypts all information written to disk or touched during their session, which is then wiped clean after their session, or installing "Cache Cleaner" an application the erases all Cookies, Passwords, and History or a session after it is finished, or "Host Integrity", which verifies that the user's computer has a personal firewall installed and is running a updated version of a virus scanning software.

All these projects have increased and exercised my understanding of Unix, Windows, IE, C, C++, HTML, HTTP, JavaScript, Perl, PHP, NFS, CIFS, Samba, and Apache.

The Array SR (Secure Reconacense) is a network appliance designed to sniffs and record network traffic. When I started working at ArrayNetworks the SR was in its infancy stages. I was quickly made the lead developer of the project and told that a prototype would be needed for a tradeshow in Europe within the coming weeks. I worked hard turning a bunch of loosely connected code into a reasonably presentable product. I continued to work on the project taking it form a simple device that could only identify image files form the byte patterns or their headers, to a product that would analyze and dissect the HTTP protocol, to a device that supported SMTP (e-mail), to one that also handled instant messaging (AIM & Yahoo IM). The User would log in to the box, view thumbnails of all the images seen over the network, they could view reconstructed HTML pages exactly as they were seen by the user, and view e-mail send my users. This recorded information could easily be browsed, searched and reports could be generated on traffic patterns and network use. This was an exciting project to develop, but sadly due to a change in company direction and a lack of resources the project was discontinued.