A question about Cisco Security Manger 3.1.

Hello at all.
I want to manage a couple of FWSM installed on a 6500 chassis.
What version of CSM must I use: standard or professional?
Thanks.
Andrea.

You need professional, since standard doesn't support the FWSM's.
More details here: http://www.cisco.com/en/US/products/ps6498/products_tech_note09186a0080849150.shtml

Similar Messages

  • Several questions about Application Security

    Hello,
    I have several questions about Application Security and perhaps I need a few tips...
    I have a lot of users in a few groups which have access to my application! And the different groups should have only access to their pages.
    In my application I use trees to navigate through the application.
    So my idea is that i display different trees for the different user groups and restrict the user to access the URL....so the user can only see and contact "their" pages.
    I know how to create the logic behind the trees, but how can I create the restricted URL access...
    The "No URL Access" in the Session State Protection can not be used, because I use a lot of links in reports and HTML regions.
    Is there another way to solve that?
    But I am unsure if that is a "good" solution for my problem!
    What do you think about that?
    Am I going to do that too complicated?
    Could that be done by authentication or authorization?
    (By the way, I do not understand the differences between authentication and authorization. Can anyone help?)
    I would be glad for any reply!
    Thank you,
    Tim

    Hey Arie and Scott,
    thank you for your quick reply!
    Now I understand the context around authorization and authentication...
    I try the Access Control List and I think that is a very nice feature! Really good!
    But now I am wondering, how I can create more privileges?
    So that I have a few "end-user-roles" and then I can choose who have access to a page and who not!
    Does anybody know how to do that?
    Thank you,
    Tim

  • Question about internet security...please help!

    Hi everyone,
    I have a question about the macbook's internet security.
    A few days ago I became aware that my sibling was using a laptop for internet use at my house which he got from a person that I do not trust. He is very computer-savy and we're worried that he may have installed some form of spy ware on that laptop and in turn, may have tried (or succeeded) in accessing my Macbook through some form of spyware. My house is hooked up with a D-Link wireless router, and at the time, it had no internet/access-password.
    So my question is, could this person have accessed my computer and personal information remotely by and through the laptop that my sibling got from him. I was under the impression that Mac's have very strong firewalls, but I have also heard that as long as he knew what he was doing, he could have accessed my computer. I don't have a wireless "network" set up at my house, I just simply use the router for internet. But my sibling told me that this guy was his "network administrator" which leads me to believe that he must have had remote access to the laptop.
    Can anyone with knowledge on this problem please weigh in and let me know what I need to do to confirm that no one has accessed anything from my macbook.
    Thanks!

    One option if you want to be extra safe is turning on FileVault (System Preferences -> Security), which will encrypt everything on your computer so that if somehow someone does gain access to your computer they will have a next to zero chance of being able to read anything they get from your computer. You have to have a lot of extra hard drive space on your computer to turn it on though.
    Also, a "network" is just a connection between computers, regardless of the internet is involved or not. So when you connect your computer to the router which gives you the internet, you are putting your computer on a network. Now I believe that in order for this person whom you don't trust to gain remote access to your computer, they would have to have more information such as an IP address for your computer, through the router in order to get to it.
    One thing I think is very important to consider that isn't on the technical side of things is something called "Social Engineering" which is a form of cracking, or hacking. You can do your own research, but in a nutshell Social Engineering is getting people that have access to something I'm trying to hack to give me information. For instance, this person you don't trust could be giving your brother the computer in the hopes that he will download something through your router to that laptop which could give him IP addresses and other information. And then when he gets that laptop back he could scan it for useful information and your brother wouldn't know he did anything wrong at all. The best way to avoid this is purely education and communication. Even if your brother doesn't share the same suspicions about this person, surely he will understand the need to be careful and smart when it comes to sharing personal information in the digital world.

  • Basic questions about CISCO IOS

    Hi everybody, Jack here,
    I have some basic questions about the Cisco IOS, could someone help me addressing some of them please? Any feedback would be greatly appreciated.
    Basically, I have two IP addresses assigned by our Cable ISP. From what I understood you can configure a Cisco router for multiple IP addresses using the IOS, thereby allowing someone like myself to take advantage of having multiple IP addresses. This may seem unnecessary to some, but I've always wanted to put the 2nd IP address to use, since after all, I've been paying for it.
    I was just wondering if someone could confirm that what I'm hoping to accomplish is indeed within the capability of the Cisco IOS (i.e. Fully utilize my 2 IP addresses). As well, if someone could kindly suggest a decent CISCO router for online gaming home use that would be super awesome!
    Thank you all so much for reading through the wall of text:)
    Jack

    Jack
    Certainly using multiple IP addresses is in the capability of Cisco IOS routers. How they can be used depends on the relationship of the IP addresses. I am assuming that we are talking about IP addresses assigned for the user to use and that the IP address for the ISP connection is not one of these that we are talking about.
    If both of the IP addresses that you have been assigned are within the same subnet then you would assign one of the addresses to the router interface to establish IP communication between the router and the ISP and to enable Internet connectivity for the devices inside your network that will use the router as their gateway to the Internet. The other address that is assigned can be used for address translation and in particular for static address translation which would make one of your devices inside to be reachable for connections initiated from the Internet (if that is something that you might want to do).
    If the addresses that are assigned to you are in different subnets then you could assign one address to the outside router interface and assign the other address to the router inside interface. Or you could use the second address for address translation.
    I do not have much expertise with online gaming, but I would think that either the Cisco 881 router or the 890 router might be appropriate for you. If 100 Mb connection is sufficient then probably the 881 would be the one to look at. If you need Gig connection then look at the 890.
    HTH
    Rick

  • Three questions about replication/security

    Hello,
    We are currently planning to build software for our sales persons using C#. Each sales person has a laptop and should be able to sync the client information when he/she has access to the internet/intranet. Sales person can update client information and the local database will be synced back to master server when the user is connected to the internet/intranet. My option was to go with Oracle lite (as client DB) and Oracle enterprise (Server DB). But after readying the posts in this forum, I believe Oracle XE can do the trick. Am I right?
    Second question is about the security of the replication. Sales persons can connect using the internet to sync the information back and forth. Is there a built in mechanism to secure the connection between the two DBs ( Oracle XE and EE)?
    Third question is about the recovery options. I read Mark’s post about the feature of Oracle XE. I understood that PIT recovery and achivelog mode are supported. But, the post also says that Tablespace PIT is not supported. Can some tell me the difference between PITR and TSPITR? If PITR is supported, can I restore the database to a specific date and time (i.e. Dec 2, 2005 2:00PM)?
    Thanks a lot

    Comments inline
    Hello,
    We are currently planning to build software for our sales persons using C#. Each sales person has a laptop and should be able to sync the client information when he/she has access to the internet/intranet. Sales person can update client information and the local database will be synced back to master server when the user is connected to the internet/intranet. My option was to go with Oracle lite (as client DB) and Oracle enterprise (Server DB). But after readying the posts in this forum, I believe Oracle XE can do the trick. Am I right?
    Yes - except that Oracle Lite comes with the synchronization built in, and it's tested to handle all the weird corner cases you have to deal with. XE will give you basic replication, however, you will have to build the connect, replicate (refresh materialized views), disconnect logic yourself (and test it). Personally I would spend the $100 on the Oracle Lite option
    Second question is about the security of the replication. Sales persons can connect using the internet to sync the information back and forth. Is there a built in mechanism to secure the connection between the two DBs ( Oracle XE and EE)?
    It depends by what you mean secure. When you connect XE to Enterprise Edition, it will use a database link to refresh the materialized views (replicated tables). Userids/passwords across the database link will be sent in an encrypted form. The data will not. I'm guessing you could use Oracle's Advanced Security option to secure the database links from XE to EE, but I'm not 100% sure. Tom may be able to give us a clue on this one. Also, note that DBLinks by default use the TCP/IP transport, so thats a hole you would have to kick in the firewall if the EE database was behind it (as it should be). Although replication can use HTTP as a transport mechanism
    (You can see all the issues you start to get into - the $100 dollars per Oracle Lite deployment is looking real goo to me right about now)
    Third question is about the recovery options. I read Mark’s post about the feature of Oracle XE. I understood that PIT recovery and achivelog mode are supported. But, the post also says that Tablespace PIT is not supported. Can some tell me the difference between PITR and TSPITR? If PITR is supported, can I restore the database to a specific date and time (i.e. Dec 2, 2005 2:00PM)?
    Yes - you can roll forward the entire database to a given point in time using RMAN (which will be in production). You cannot however roll forward just a subset of tablespaces (i.e a subset of the data) in XE. Tablespace PITR is an EE feature (and not for the faint hearted).
    Thanks a lot

  • Some question about Cisco Prime Infrastructure

    Dear all
    I have some question about using Cisco prime Infrastructure:
    - Can I show how many user access to one Access Point (AP) ?
    - If I can. What is display information of user ? etc Ip address, MAC, username access, name of device (notebook, tablet, phone ..)
    - How many time do Cisco Prime Infrastructure refesh user  informantion .?
    Please help me and send picture about it if you can.
    Thank you so much.

    Hi,
    I don't have the Prime Infrastructure to post you image, but you can simply find all the answers you want on the config guide:
    http://www.cisco.com/en/US/docs/wireless/prime_infrastructure/1.2/configuration/guide/clientmgmt.html#wp1232242
    1- You can surely find how many clients associated to a specific AP.
    - Informaiton of the client usually includes username, SSID, ip address, mac address, RSSI, device vendor...etc. I don't think it contains the device type (ipad or iphone both appear as apple vendor. it does not destinguish between this and that.
    3- The time of the refreshment is configurable. You need to configure the corresponding background task for the poll period. (this is also metnioned in the link above).
    HTH
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • HT5312 a question about the  security-related emails

    Excuse me.ive forgot my security questions and answers.and what was worse my yahoo e-mail(which is the security-related emails ) has been closed few days ago.could u help me?

    The Three Best Alternatives for Security Questions and Rescue Mail
         1.  Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
         2.  Call Apple Support in your country: Customer Service: Contact Apple support.
         3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • About Cisco secure ACS v3.0

    HI
    I have rebuilt the Tacac server for cisco secure ACS v3.0 and then retore all the data via the "data restore" under the system configuration.
    After rebuilt, it was only working for one day... and then it fails to authenticate users. I checked the event viewer, the error message is:
    ODBC authentication dll failed to initalise, code -1110
    and
    CSMon message: Problem Logging on to CSTacacs. Got as far as Starting Processing in Auth module
    any idea?
    Thanks

    Hi
    When I tried to view it, it says:
    This bug is no longer available in Bug Toolkit. Click bug ID for details.
    would you be able to provide more information for this bug please?
    Thanks
    kind regards
    Rachel

  • Quick Question about Cisco 3560 and the Web Device Manager

    Alright, I have a quick question that I am curious about but I haven't found any information
    about it.
    When I log into my Cisco 3560 using the web portal to get to the Device Manager. Below the
    diagram of the switch, then under the Dashboard there is section called Switch
    Health, Port Utilization.
    Under the Switch Health there is Bandwidth Used, Packet Error. Those two options just sit
    at zero and do not move. The Port tilization graph is also sitting at zero.
    Is there a way to make them functional?

    Anyone notice performance increase or decrease of their HD when using the nVidia IDE SW drivers?  particularly with a 74GB Raptor?  I've also heard of burner issues when installing the IDE SW but have not used my burner yet.

  • Question about Cisco Tec support Rep Live chat issue .

    Hello guys, I recently just tried to do a session of live tech support on cisco web site about a issue trying to get my router to change the speed of the wireless connection from 54mbps to the potiental maxium of 300mbps. Well This is my second time using the live chat feature and the 2nd time, the guy was asking for my router name and passowrd. I didnt feel to comformtable doing that since my first time using the live chat , the tech guy didnt ask for my operating system, or my passowrds or anything of that nature? Is that normal for a live chat guy to do that? I figured hes was trying to do a remoate access to my computer and I was thinking, they probably dont do that for free especially over a live chat. Anyeone thoughts or am i being over crictical. thanks

    if you are not comfortable then dont give them the info.
    i have not had a reason to ask then to do this, however back in the day i had a sony live rep (we were on the phone too) remote into my router to allow me to setup my sony base station (think slingbox but its made by sony) so i could get it to work when away form the home. this was a few years ago so it happens today. some businesses/stores even offer it as a solution. so dont freak out that they asked you that. dell does this for example...
    give them a call and have them on the phone with you instead.just have them give you the directions on what to do.... if not, come here and ask the questions...

  • Quick question about SAP Security analyst responsibilities

    This question was posted on another site and I was asked by the moderator to  cross-post it here:
    On another discussion forum, the topic of the SAP Certification program came up. In the discussion thread, there was some debate about the subject areas tested on the exam for SAP security, so I am putting the question to you.
    At your current workplace, which of the following, if any, are responsibilities/ expected competencies of your experienced SAP Security analysts:
    Encryption
    Single Sign-on configuration/ maintenance
    Network topology (SAP router and web dispatcher)
    Operating system (SAP gateway)
    Database security
    J2EE
    To categorize the responses, it would be helpful to know if you consider yours is a relatively large SAP support organization or not.
    Thanks in advance for your responses and comments.
    Regards,
    Gretchen Lindquist

    Hi Gretchen,
    I am a consultant so have a slightly different perspective than an end user. 
    A typical client security engagement for me will involve 3 or 4 out of those competency areas and on top of that: secure communications & secure application (what I know and love as roles & users, some of our friends will refer to that as secure coding).  In general, security administrators at my clients focus on roles & users and their competencies are only in those area.  That is the same for small (<500 users) and large organisations (>20k users)
    In my opinion this is one of the problems with our industry and in particular with individuals who consider themselves SAP Security professional.  It is no secret that the wider security industry often views SAP Security practitioners as a bit limited in skills due to the lack of understanding of infosec basics.
    SAP security is not just roles & users, SoD's & SU53's.  They are an important part of securing SAP but only a few of the components.  As you have pointed out in the competency areas SAP Security is about the environment in which the SAP system resides and operates and our need is to ensure the C,I,A over those systems that support business processes.
    As an employer I expect a SAP Security professional to have understanding of all of those competencies (and a few more).  In the same way that GRC is much more than a tool provided by SAP, SAP security is a holistic subject that by necessity covers multiple subject areas.
    Regarding expectations of a security analyst, I expect them to be able to understand the wider security environment around their system and to be comfortable talking about things like comms security, SSO, secure programming (the basics), OS, network topology and DB security (the basics).  Most importantly they should know how they work together to form the security environment and where the dependencies or touch points are between them.  It's not unreasonable for basis and technical teams to perform much of the work in these areas but that is not to say that "out of sight is out of mind".
    I don't hide my views on the inadequacy of the certification process in it's previous incarnations.  SAP is doing great work to improve this which is a positive step.  What is critical is that a demonstration of competency (e.g. certification)  in SAP Security covers the whole subject (or as much as practical).
    If people want to break the topic down then that's great but resulting certifications should be pointed out as what they are e.g. Certification in role & user administration.
    I hope there is something in there to provoke thought & discussion!
    Regards
    Alex
    Edited for clarity by: Alex Ayers on Feb 9, 2012 9:49 AM

  • Question about Cisco SAFE Architecture....

    All,
    I have searched high and low on the following question for a master's class and hope someone can answer or point me in the right direction. I have studied Cisco of the last many weeks and our professor asked us whether or not the SAFE architecture has any limitations... After much reading and research, I honestly came up with nothing. I am starting to think, limitations isn't the issue but issues might surface if Cisco's best practices aren't implemented. Any help for a student is greatly appreciated and thanks.
    Bob Jones

    Hi Bro
    Cisco SAFE is merely a guideline in deploying Cisco’s best practices for Cisco products and those of its partners ONLY. In fact, if you were to read on the Cisco SAFE Architecture Lifecycle, the planning phase should include a gap analysis to unveil the strengths and weaknesses of the current architecture. If the planning stage isn’t done correctly, then you should know the end results :-)
    Limitations are not on Cisco SAFE approach, but limitations are always there on either Cisco products or the software version, based on certain given scenarios. For this reason, when you were to read any of Cisco's configuration examples on certain technologies, there will always be a chapter on Guidelines and Limitations.
    P/S: If you think this comment is useful, please do rate them nicely :-)

  • Quick question about Cisco 9951

    Hi Guys,
    I'm not a VOIP guy so apologies if this is a simple question. I have a couple of Cisco 9951 phones and wanted to know if there is a way to manually setup the Call Manager ( Active Server) IP address?
    I've looked through the menu on the phone but I can't seem to see it as an option.
    Does it have to be configured for DHCP with option 150, or a tftp server directly to get the configuration details?
    cheers.

    Nope, no battery. If the behavior is consistent every reboot, you might have a defective NVRAM, this is assuming you are saving the config, this is a 2948G-L3, so it must be saved, if it's a 2948G, then it's a switch and running CatOS and therefore any configuration changes gets saved in the NVRAM as soon as you press the enter key after a "set" commmand.
    Please rate all posts.

  • Question about cisco unified callconnector for mscrm

    Hi
    I've successfully installed software on both workstation and MSCRM server, and it works well.
    However, when I use "click to call" in MSCRM,  a blank window keep poping up with message "The webpage you are viewing is trying to close the window. Do you want to close the window?"
    My question is how to let IE close the window without the confirmation window.
    I found some people use following Javascript to close the IE window.
                  <script language=javascript>
                      function CloseWindow()
                        window.open('','_self','');
                        window.close();
                  </script>
    However, if anyone can let me know where is the place to add this code into, I would appreciate
    Thanks
    Eric

    Hi!
    No, it does not work with CUCM, it works with express only. Please refer to the data sheet below:
    "Cisco Unified CallConnector for Microsoft Windows, especially designed for the small and medium-sized business (SMB) or branch-office user, is supported by Cisco Unified Communications Manager Express 4.0 and later."
    http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7046/ps7274/ps7067/product_data_sheet0900aecd8053c8ad.html
    Hope this helps!
    Regards,
    Teresa.
    If it helps, please rate :)

  • I have a question about the security of photo printing kiosks.

    Specifically, I'd like for anyone who knows more about such things to tell me if I did something very stupid.
    This past weekend, I found myself in a situation where I wanted to get a picture from my phone printed very quickly. I had not very many options available to me (it was Sunday, and there were no printing shops open anywhere nearby that I could access the picture via email). I ended up using a Walgreens/Duane Reade photo printing kiosk. I was able to directly connect my phone with a data cable and print the picture from my camera roll.
    I was relieved to get the picture, but in retrospect I am very worried that connecting my phone to a public station like that was stupid, and that I might have opened myself up to malware or put my data in jeopardy. Is this something I should be worried about? If so, are there any instant precautions I should take? I welcome any harsh words.
    I have an Iphone 5 with the most recent update to IOS7.
    Thanks in advance, folks!

    I was relieved to get the picture, but in retrospect I am very worried that connecting my phone to a public station like that was stupid, and that I might have opened myself up to malware or put my data in jeopardy.
    Yes and yes.  There's a reason why iOS 7 asks you if you trust the computer you've just connected it to.
    http://www.v3.co.uk/v3-uk/news/2286154/black-hat-researchers-exploit-iphone-flaw s-with-charger-attack
    Whether or not anything DID happen, I cannot say.

Maybe you are looking for