Cisco WSA able to block TOR Browser?

Similar Messages

• How to check if Cisco WSA is already blocking the malicious sites?

  How to check if Cisco WSA is already blocking the malicious sites? 

  Depends on what you mean, but in general what you did will not work.
  The usual intent of RMI is to have several processs running and all of them use one process as the repository.
  A static value is only visible in one VM instance thus it will not be visible in another process.
  So in that situation you could check if the the server socket that the RMI using is open. But just catching the exception, presuming that you catch the correct one, is also sufficient.

• WSA IMS not able to block

  hi all,
  we are facing lot of problem with S-650 is not able to block IMs properlly, even we enable the feature also, is it worth full devince, and cost is also very high, I think behind of this device CISCO got bad reputation why because support also very poor.
  regds
  rsreddy

  Hi,
  Sorry to hear that you are having trouble with getting your S-Series to work in the way you envision. The S-Series is not designed to filter native IM traffic but handles IM over HTTP.
  I'd recommend configuring the IM clients to use the proxy via HTTP (settings vary between different IM clients) and blocking the native IM traffic bypassing the proxy on the firewall.
  Please work with support if you have questions about the configuration of your appliance or the IM clients.
  We are proud of our support engineers and are striving to provide you with a best of the world support experience. If at any time you have concerns, feel free to let the support engineer know or ask for management attention. You can also provide feedback on a case once it has been resolved and I can assure you that we are highly appreciating your input and taking this very seriously.
  Best Regards,
  Jakob

• Can't create a desktop shortcut for a website in Firefox Tor Browser

  I am a Tor Browser user, and I really like the Firefox interface. According to my about page, my Firefox browser is up to date. But For some reason I cannot save desktop shortcuts for a website. Every time I drag the icon next to a website (variously a glob, a green lock, and other icons), I get a denial mouse icon anywhere I try to put the web shortcut on the desktop. This even happens when I drag bookmarks from my bookmark bar! My guess is that something is blocked in the Tor settings that won't allow shortcuts. Any suggestions on where the shortcuts settings are in Firefox?

  I don't know that program. Go to its Mozilla Add-ons web page and find the support link. Then ask them about this. It may be a bug.
  Do the other add-ons I sent you work okay? Then you should be about done, until you hear from the Tor support people.
  Once you get an answer, please post it here. Good Luck, Happy Holidays !

• Possible to block when browser says some plugin used by this page are out of date?

  Possible to block when browser says some plugin used by this page are out of date? I want to block the message.

  Hi I upgraded to latest version of Snow Leapard 10.6.8 from 10.5.6 and I was able to download latest flash. A screen told me to upgrade and it point me to the website. Ty

• ASA Botnet Filtering - Does it block Tor Exit nodes?

  Hello Group.   I am looking into to methods to block TOR network activity both inbound and outbound.   Outbound is pretty straightforward by utilizing IPS and AV signatures.   Inbound seems to be a little more involved.   Preventing inbound traffic requires blocking all of the TOR exiit nodes which comprise a list of multiple thousands of  IPs including small percentage  that are dynamic.   Does the ASA Botnet Filter encompass these IPs? 
  Thanks in advance for any input.
  /JT

  Hi,
  One of the sources that the Botnet traffic filter uses is senderbase.org (also it uses many others)so you can evaluate one of the IP address that you know that belongs to the TOR network and see what reputation it has (to see if the botnet feature will catch it); but remember that the main idea behind this feature is the botnet detection; and I don't think we can qualify this site as a botnet site.
  Thanks,
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
  http://www.cisco.com/web/partners/tools/pdihd.html

• HT4061 My iPhone 4 has been recently stolen :( and I am wondering how can I be able to blocked my iPhone 4 so the one steal it cannot use my phone pls let me know what to do thanks.

  My iPhone 4 has been recently stolen :( and I am wondering how can I be able to blocked my iPhone 4 so the one steal it cannot use my phone pls let me know what to do thanks.

  Apple does not get involved with lost or stolen items.  A carrier may offer IMEI blocking (non in the USA currently do, but elsewhere some do).  Your carrier would already know your IMEI number anyway, so just contact them and ask them about it.
  It is VERY good that you had a passcode lock on the device.  That means your personal information will be safe.  And yes, after 10 failed attempts (each with increasing time out between allowing another attempt) the device will permanently lock them out until they restore the device in iTunes.  Anyone can go ahead and restore your iPhone as new in iTunes, but that also wipes everything off it and restores it to new condition - which does mean they can go off and use it as theirs, but at least all your data is gone.
  Did you file a police report it was stolen?  Also your carrier should be told (and ask them about IMEI blocking).  Sorry it is gone, but you did the best thing possible to protect yourself and your information when you set up that passcode lock.

• Ugly fonts after starting Firefox or Tor Browser

  After starting Firefox or Tor Browser my fonts become ugly and broken in most windows: some symbols look strange.
  Screenshot:
  # fc-cache -f doesn't help
  I have a laptop with mostly the same packages and configuration and I don't this problem with it

  Yes. I use Xfce. This issue is related to all programs but it happens only after launching TorBrowser or Firefox and visiting some websites

• My Firefox freezes whenever I try to search with Google. I am still able to close the browser, though. How can I fix this?

  Whenever I attempt to utilize Google to search anything on the internet, Firefox will freeze. However, I am still able to close the browser window and end the firefox.exe process in order to open a new browser window, but it is annoying an inconvenient to have to do this frequently. Help!

  Might be because of a malware.
  Run this-
  Malwarebytes - http://www.malwarebytes.org/mbam.php

• Cisco WSA Versus Proxy

  Hello Experts,
  Can anyone tell me what is difference between Cisco WSA and Proxy-Server ?    and which one ideal to use ?
  Thanks,
  Waheed

  Hi Imran,
  The main difference between the two is the Cisco WSA is an appliance or a hardware while proxy server is a software. Other features are also offered by each security solutions. Best recommendation depends on what features are you looking for. Kindly email me ([email protected]) for more information and so I can also provide you options that you have.
  Hope to hear from you soon.
  Regards,
  Alyza

• Ho can I encrypt my internet traffic and hide my IP with Firefox/ Tor Browser Bundle?

  Apparently Firefox and Tor can help me with this but how?
  I get a lot of technical answers when I Google these questions. I figured out I need to download the Tor Browser Bundle but when I look for support I get here, to the Mozilla Support Forum. Im confused? Being 50 years old and living in Africa means I did not have the same exposure to technology than people in first world countries did at my age.
  My Google AND bank account was hacked which my my life hell. I took better precautions and would like to encrypt my traffic and hide my IP address now but it is so complex and technical :-(

  I personally would never trust an anonymous proxy to do any financial or bank traffic or even access a website that need authentication (log in) because you set up a connection to such a proxy and the proxy set up the connection to the website or another proxy if multiple proxies are chained.
  *http://en.wikipedia.org/wiki/Proxy_server
  Using a proxy won't help if your computer is infected with malware or if you use weak passwords that can be guessed or found via a dictionary look up or via phishing attempts.
  *https://support.mozilla.org/kb/Choosing+More+Secure+Passwords
  Everything starts with a clean computer and being cautious with installing software or clicking links in an e-mail and regularly doing checks for malware.
  You can do a malware check with several malware scanning programs on the Windows computer.
  Please scan with all programs because each program detects different malware.
  All these programs have free versions.
  Make sure that you update each program to get the latest version of their databases before doing a scan.
  *Malwarebytes' Anti-Malware:<br>http://www.malwarebytes.org/mbam.php
  *AdwCleaner:<br>http://www.bleepingcomputer.com/download/adwcleaner/<br>http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml
  *SuperAntispyware:<br>http://www.superantispyware.com/
  *Microsoft Safety Scanner:<br>http://www.microsoft.com/security/scanner/en-us/default.aspx
  *Windows Defender:<br>http://windows.microsoft.com/en-us/windows/using-defender
  *Spybot Search & Destroy:<br>http://www.safer-networking.org/en/index.html
  *Kasperky Free Security Scan:<br>http://www.kaspersky.com/security-scan
  You can also do a check for a rootkit infection with TDSSKiller.
  *Anti-rootkit utility TDSSKiller:<br>http://support.kaspersky.com/5350?el=88446
  See also:
  *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

• Rewrite of aur package tor-browser-en

  Hi,
  some months ago I packaged tor-browser-en [1] and, until now, just bumped the package version. Today I tried to rewrite it's PKGBUILD and wrapper script to increase security. I want tor-browser to be installed in ~/ instead of /opt (where it's installed currently). I do not want tor-browser to store it's data and temporary files somewhere else than my encrypted home directory.
  To clarify: tor-browser's files need to be owned by the user running it, otherwise it won't work. Adjusting permissions for group-writing did not work.
  I borrowed the wrapper script from the jdownloader package and customized it to fit tor-browser's needs. There are still some issues and I'm still trying to get automatic signature checking to work (especially automatic key fetching).
  Did I miss anything? Is there anything absolutely wrong? Please, if possible, test and tell me what you found:
  http://khg-08.de/max/tor-browser-en-2.2 … src.tar.gz
  Just the wrapper script on pastebin: http://pastebin.com/HMEBJua1
  [1] https://aur.archlinux.org/packages.php?ID=53169 (old version)
  Last edited by Maxr (2012-03-10 21:23:28)

  Maxr wrote:That's what the wrapper script does. It will download the source archive and copy its contents to ~/... upon first call. The aur package contains the wrapper script, desktop entry & icon, etc. Until now, tor-brower is installed to /opt/tor-browser and has to be chmodded to USER:USER by a non-root user afterwards. It's only usable for this single user. I don't like both ways ... not really sure what's better, yet.
  As long as nothing gets copied into a user's home directory before that user has run a script, that's fine.
  Maxr wrote:Correct me if I'm wrong, but isn't there any other way than fetching the public key from a public keyserver to check the signature? Surely, comparing fingerprints would be good, but I think most users won't do this. Automatic checking would at least ensure technical integrity of the archive, just to replace md5/shaX which would be more complex to maintain. But I'll think about it, maybe that should be solved differently.
  Usually public keys are made available in several places so that the user can compare different sources to establish (probable) authenticity. My only point is that it should be left up to the user to accept the key. In a worst-case scenario, maybe the user can't trust his own connection and will have to rely on confirmation through other sources, such as calling a friend to have him check on a completely independent connection. Sure, this is unlikely to come up in most cases, but if the whole point of this is rigorous security, you may as well be rigorous.
  This is mostly a devil's advocate argument. A user who really needs that level of security will either know enough to check it independently, or will eventually get caught through some other mistake anyway.

• Is there a tor browser add-on for firefox?

  Occasionally I want to run a super anonymous search, but I'd like to do so without leaving firefox. Is there a Tor browser add-on for firefox?

  hello, the makers of the tor project would strongly discourage such a setup: https://www.torproject.org/download/download.html.en#warning

• Cisco WSA : Is it possible to use web proxy in transparent mode without WCCP router ?

  Hello !
  I would like to use Cisco WSA as a web proxy in a transparent way (without any configuration in client's web browsers) but i don't have a WCCP router. So, is it possible ? 
  If yes, how to do this ? 
  Thank you,
  Stephane Walker

  Hi Stephane
  The only alternative to WCCP is PBR (Policy Based Routing). With a simple configuration on the router you can redirect traffic defined as interesting by access list to WSA. On the WSA you need to configure transparent mode (Security Services -> Web Proxy -> Edit Settings -> Proxy Mode: Transparent). You also need to assure that proxy is listening on the port 80 and that HTTPS proxy is enabled (on port 443) if you want to redirect the HTTPS traffic as well. 
  Sample configuration for Cisco router
  access-list 110 permit tcp any any eq www
  route-map proxy-redirect permit 10
  match ip address 110
  set ip next-hop xxx.xxx.xxx.xxx
  interface ethernet0/1
  ip policy route-map proxy-redirect
  xxx.xxx.xxx.xxx is the proxy IP in such case and access-list 110 defines web traffic (HTTP TCP/80) as interesting.
  The biggest disadvantage of such solution is lack of failure detection. If the proxy will go down for some reason router will keep redirecting the traffic causing internet access outage.
  Routers other than Cisco equipment should also have an option to configure policy based routing.
  /Artur
  Ps. It's not possible to place the WSA in-line between clients and the internet.

• Cisco WSA S170 AsynOS 7.5.2 LDAP group query debug

  Dear support forum members,
       I have some problems with the Cisco WSA S170 (AsynOS 7.5.2). It looks like a bug. I have two users in my Active Directory(AD), both of them are members of the InternetGrp6 AD group, both of them are in the same organization unit in the AD tree, but WSA could not identify that one of them member of the InternetGrp6.
       I understand that WSA do this over the LDAP query to AD controller, but I could not found the way how do I debug LDAP query. This will give me ability to find out what happened during the user group LDAP query.
  Thanks in advance!
  Best regards,
  Alexander.
  P.S. Sorry for my English.

  Hi,
  First of all I would like to thank you for assistance!
  It is a pity, but I received  "Unknown command: ldapsearch" in the SSH CLI session.
  AsyncOS 7.5.2 for Web build 304 installed.
  Best regards,
  Alexander.