802.1x multipoint authenticator and security issue

Similar Messages

• Simple Authentication and Security Layer

  Hi All,
  What is Simple Authentication and Security Layer (SASL)?? and what it's function in Oracle Beehive??
  Thanks,
  Dha_Suh

  wikipedia :
  Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. Authentication mechanisms can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 is an example of mechanisms which can provide a data security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.
  SASL was originally specified in RFC 2222, authored by John Gardiner Myers while at Carnegie Mellon University. That document was obsoleted by RFC 4422, edited by Alexey Melnikov and Kurt Zeilenga.
  SASL is an IETF Standard Track protocol, presently a Proposed Standard.

• 802.1x port authentication and Windows Radius, possible?

  Hello,
  I'm just testing at the moment before implementing on our netowrk, but has anyone implemented 802.1x port authentication on there Cisco switch and used a Windows IAS server?  See out users are all all on a Windows domain and I want to authenticate using their active directory credentials.  I think I am fine with the switch config, but it is the Windows IAS/Raduis server.  I have added the switch IP's and secret, but I need to create a policy to accept the domain users and need help.
  Thanks

  Andy:
  Yes of course you can use whatever radius server as a AAA server for 802.1x authentication on the switches. NPS, IAS, ACS, Open RADIUS ....etc.
  If you have problem with configuring the IAS then I would suggest that you post your quesiton in a microsoft forum and not here. They would be able to better assist you with your issue. But you can still look somewhere in this forum or in google to help yourself.
  See this link, it could be useful for you:  https://supportforums.cisco.com/thread/2090403
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• Journaling and Security Issues

  I am adding a 750GB external HD to my system as a scratch disc and as a backup for my files. I plan to use PGP to protect sensitive data on the drive. If I enable journaling, won't this create a copy of the data that is not protected? Is it best to keep journaling off to protect sensitive files?
  And, if journaling is enabled, how large is the journal and how long does the data remain in the journal? Is there any way to wipe that data after a while or is it constantly replaced with new data?
  Finally, is it more likely that a drive will fail without journaling turned on as implied by some of the Apple documentation?
  Thanks for your input.

  Depending on what program you are using, in most cases the performance will be better leaving the scratch space on the internal drive.
  That's not quite how Journaling works. It's not a backup of files but rather a log of changes made to the volume directory. This is how Apple explains it: http://docs.info.apple.com/article.html?artnum=107249
  No. Journaling shouldn't have any affect on a drives physical attributes but it does help prevent directory corruption.
  Now Time Machine on the other hand does pose a security issue.
  George

• Query By Example and security issues

  HI,
  I have started looking at security issues in our ADF application.
  Is the default implementation of Query By Example (QBE) on a table safe from Cross Site Scripting and SQL Injection?
  In other words, can a user enter some value in a QBE input field that can either:
  - execute a malicious script (CSS)
  Or
  - somehow change the underlying will change the SQL query
  I am more worried about SQL Injection as QBE takes input from a web user, and makes a corresponding SQL query to the database.
  Are there any ways to prevent any of these?
  Thanks

  Timo thanks for your answer.
  So far I am confident on the following (based on responses and other reading):
  1) default implementation of Query By Example (QBE) (e.g. search fields) is "safe /safer" from/on SQL injection issues.
  2) User entered data  via non QBE fields (I assume this is "For other input text you" Timo mentions) should by checked against special characters (> < etc) to "prevent " cross side scripting.
  However, should I do 2) for QBE filters on alphanumeric columns (default implementation) ? I can do it, but if I do it I would loose some searching functionality
  as >, < are valid wildcard characters.
  Thanks

• 802.1X authentication and roaming issues

  Hi there,
  I have installed about 2 days ago one Cisco WCS 2504 and 11 APs. Everything is doing well regarding to WEP authentication. But I have a Radius Server that is alson running with some issues on wireless:
  - Unless I open network settings and click connect on that config I cannot obtain a valid IP Address;
  - Roaming is not working also;
  FYI the certificate (on radius) has expired
  TY

  Not all these are radius issues
  - WPA2 Wlan still ok (144Mbit), but dont know when roaming works (how can I know/change these settings?);
  Look at the client adapter as there is usually a roaming aggressiveness option on these devices. Play around with that.
  - Radius autenticated with 802.11 Data Encryption on 40 bits Key size connects always at 54Mbps (g) and auto authenticate but dont know when roaming works (how can I know/change these settings?);
  802.11n only supports open authentication or WPA2/AES. WEP is not supported so that why you get up to 54mbps.
  - Radius with 802.11 Data Encryption with none key size, doesnt authenticate connects 144Mbit but doesnt acquire IP Address
  You have a configuration issue either in the WLC or the switch.
  Sent from Cisco Technical Support iPhone App

• Web Service authentication and PROXY Issue

  HI All,
  Recently I developed an application in Flex 2 which uses
  webservices to access remote data.One more point to be noted, that
  these webservices are secured( i.e they need username and password
  to access)
  I got a production server ( say
  myProduction server) and all my webservices are deployed on
  it. We have a SAP portal running on this server. I have created a
  PAR file of my applications .SWF file and hosted it on the portal.
  When I run my application from myProduction, it runs fine, no
  issues with it.
  Now, I have a proxy server ( say
  myProxy server), which is used to make my application
  available on the internet.
  This proxy redirects all the requests to myProduction server.
  When I try to run my application from myProxy Server, I am
  getting the following error:
  [RPC Fault faultString="Security error accessing url"
  faultCode=
  Channel.Security.Error"
  faultDetail="Unable to load WSDL". If currently online,
  please verify the URI and/or format of the WSDL (
  http://myProduction:50000/WS_Resource/Config1?wsdl&style=rpc_enc)"
  at mx.rpc.soap::WSDLParser/::dispatchFault()
  at mx.rpc.soap::WSDLParser/
  http://www.adobe.com/2006/flex/mx/internal::httpFaultHandler()
  at
  flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
  at flash.events::EventDispatcher/dispatchEvent()
  at mx.rpc::AbstractInvoker/
  http://www.adobe.com/2006/flex/mx/internal::dispatchRpcEvent()
  at mx.rpc::AbstractInvoker/
  http://www.adobe.com/2006/flex/mx/internal::faultHandler()
  at mx.rpc::Responder/fault()
  at mx.rpc::AsyncRequest/fault()
  at ::DirectHTTPMessageResponder/securityErrorHandler()
  at
  flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
  at flash.events::EventDispatcher/dispatchEvent()
  at flash.net::URLLoader/flash.net:URLLoader::redirectEvent()
  Do I need any configuration files to be maintained? How do I
  resolve this proxy issue??
  myProxy server is not able to load the WSDL from
  myProduction.I am not usinfgFlex Data Services. I am directly
  accessing the services.
  If anyone knows about this issue please help me. Any help
  would be greatly appreciated.
  This issues has been unresolved since 15 days now.
  Thanks in advance

  Hi,
  I am not sure if what I am suggesting may be the source for
  the problem, but it could be that you will need a
  crossdomain.xml file deployed on your production server, so
  that it can accept the requests from the Portal. Also, I guess you
  will be using a
  flex-config.xml or
  services-config.xml. Just make sure that all server paths
  have been properly mapped to the values entered in the destination
  attributes of the WebService tags.
  I hope that helps.

• Oracle externally-authenticated and security

  Hi,
  I work on security project and i want to know if create an externally user is good in a security context.
  Thanks

  External authentication comes in the category of the security loophole since anyone who can access the system , can come in the system. That said, you should check Pete Finnigan's notes about security and also check his website, www.petefinnigan.com .
  HTH
  Aman....

• Where is the Forum for Multipoint Server and Licensing Issues?

  I have installed MSDN release of Multipoint 2012 Standard in a VM for testing, and tried to use one of the assigned license codes from my MSDN subscription, and they are rejected by Multipoint server "Error, unable to validate the following codes..."
  Please point me in the right direction.
  Thanks.

  Hi,
  I'd probably ask over in the MSDN Subscriptions forum:
  https://social.msdn.microsoft.com/Forums/en-US/home?forum=msdnfeedback&filter=alltypes&sort=lastpostdesc
  EDIT: See below for a quicker contact option. That's a nice perk..
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Dynamic List and Security Issue

  Hi
  I have a Dynamic List Wizard for orders, which the user can click on edit to edit or modify the order and if the user choose "Yes" to submit ( the order form has a submit filed which has Yes / No Values)then the EDIT button disappear and the user has no more control on the record(using show if conditional Region server behavior).
  - Now i noticed that when i click on the edit the address bar includes the (www.mysite.com/form.php?order_id=1) now say the order Number 2 is already submitted (still on the list but no Edit button for it) if i write 3 or 4 or any other number instead of 1 at the address bar (www.mysite.com/form.php?order_id=3) the record which has the order number 3 displays on the screen and then you can edit it and when click update the Edit Button becomes Active which destroy the whole concept.
  so, how to fix that?

  Hi Lorie,
  Taking it a step further
  interesting that you´re mentioning this -- because I was just in the middle of finding a workaround for the very same issue ;-)
  I actually did find a pretty easy solution, which basically goes like this:
  1) wrap the whole table *plus* any possibly added hidden fields located below this table in a "Show IF conditional region" behaviour -- but make sure to *not* include the buttons within the "KT_bottombuttons" div in here.
  2) as I assume that your "supplier_name" column holds a numeric value which equals the user´s "kt_login_id" Session Variable (which it should !), define the following conditions for the "Show IF conditional region" behaviour:
  Expression 1: choose "supplier_name" from the tNG recordset
  Condition: ==
  Expression 2: choose Session -> kt_login_id
  3) tick the Has ELSE option
  4) confirm with OK
  5) replace the default "has Else" message with something meaningful like "you can´t edit this record !"
  Switching to Code view and navigating to the very start of your "Show IF conditional region" should display something like this:
  if (@$row_rsqueryname['supplier_name'] == @$_SESSION['kt_login_id']) {
  When viewing the modified Dynamic Form in a browser, you´ll note that this solution will indeed display the form instances for all "authorized" records, whereas those form instances which don´t match the required credentials will be replaced with that "has else" message.
  BUT !! This solution has one major drawback which I haven´t been able to resolve yet :: when the Dynamic Form goes into Insert Record mode
  (means when you click the "add new" link in the Dynamic List), all inner form instances will display that "has else" message.
  The only workaround I currently can come up with is to have the List´s "add new" link point to a separate "add_new.php" page that´s going to insert a single record.
  Cheers,
  Günter Schenk
  Adobe Community Expert, Dreamweaver

• DB Link working method and security issue.

  Hi All,
  I need some clarification how db link works.
  If I am having DB link and done some DML operations. After that I have done some DML opearation on the local database. I haven't commited the data yet. Then DB Link goes down. What will happen?
  In my case from local database if i am issuing
  select * from emp@iasdb
  then it shows updated data.
  If i am connecting to target database then it shows non updated data. How it is possible?
  What happen when DB Link goes down? Which database (taget / local) will keep lock of tables / rows I am updating?
  Tom can you please help me.
  Regards,
  Pritesh.

  If i am connecting to target database then it shows non updated data. How it is possible?Changes are visible only to the session doing the changes (until saved). Works even if the changes are across databases.
  If remote DB goes down, this is what you get on local DB:
  commit
  ERROR at line 1:
  ORA-02054: transaction 6.34.41922 in-doubt
  ORA-02068: following severe error from REMOTE_DB
  ORA-12152: TNS:unable to send break messageand if you now try to access the objects that were updated by above in-doubt transaction, you get this:
  select * from t
  ERROR at line 1:
  ORA-01591: lock held by in-doubt distributed transaction 6.34.41922ORA-01591 lock held by in-doubt distributed transaction string
  Cause: An attempt was made to access resource that is locked by a dead two-phase commit transaction that is in prepared state.
  Action: The database administrator should query the PENDING_TRANS$ and related tables, and attempt to repair network connection(s) to coordinator and commit point. If timely repair is not possible, the database administrator should contact the database administrator at the commit point if known or the end user for correct outcome, or use heuristic default if given to issue a heuristic COMMIT or ABORT command to finalize the local portion of the distributed transaction.

• Creating second user account on TC. No separate folder and security issues

  Hi,
  I've had my TC for some time, and after some start-up triuble all is working very nicely now.
  That is, until I wanted to set up the TC for my girlfriends backups too. On my mac, i created a user account for the TC, and i see two folders when i connect to the TC: "Timecapsule" and "MyAccountName". Now when i did the same on the other Macbook, i get only the "Timecapsule" account, not a folder (or sharepoint) with her account name. Also, I saw that as the sparsebundle files are on the 'main' sharepoint, it is possible to access both from both computers, wierd.
  Any thoughts on how I can use 1 TC for 2 computers with 2 sharepoints for both?
  So, on my own computer i would have a general folder and a personal folder, on the other the same...
  Help much appreciated!

  To clarify: When i connect to the TC, i mount two volumes, but on the other Macbook, I only get the main volume, not the specific user volume.

• 802.1x partial authentication and Association Table Overflows

  We're rolling out 5508's/3600's/ISE's/MSE's, using existing NCS's. using dot1x (machine certs EAP/TLS MS laptops) on one SSID, 2 x other SSID's have open auth.
  MSE is flagging Association Table Overflows on loads of WAPS, reseller TAC case tells me its .1x and misconfigured clients
  half authing causing this (not uncommon problem apparently), however my desktop support colleagues ideally need at least a mac
  address to identify a misconfigured device (if not more)
  Been debugging dot1x on the 5508's and looking at MSE/WAP forensic wireshark files created on the Association Table overflow rule, but nothing leaps out immediately for the offending devices
  What would be the quickest way to individually identify these devices that are filling the WAP association tables ??
  (Can specific WAP Association tables be viewed with controller based WAPS's ???? )
  Anyone solved similar ??
  thanks
  Martyn

  Solution
  After some too-ing- and fro-ing with TAC eventually got an answer of
  "As it can be false positive in our case."
  rgds

• JSP development and security issue

  I saw several "serious integrations" and also some postings
  here which are suggesting to put a jsp in /public_html directory...
  Be aware, that nothing will prevent a user from uploading
  a new jsp to this location and then executing it from a
  remotely client, which can seriously damage your system!

  Correction: I made an assumption that "/public_html"
  has (in the many cases) write access, since people are posting
  files in this public access directory...