Encryption Policy - Safe Harbor Folders

Similar Messages

• How to report employee thief to adobe, safe harbor, and your partners, there is no email, no phone,

  how to report employee thief to adobe, safe harbor, and your partners, there is no email, no phone, spent 1 hr 26 min with Adobe support, and after I gave him permission to access my computer, I had to ask him if he was having a problem, than I receive a security notice that the software program is not from a confirmed web site and was downloaded to an unknown web address, when I asked the support
  person if this was the program, I did not see https or a lock and he sail it was ok it was him.
  I notice he had deleted some files and was in process of changing my security logins files and change wifi and proxy, when I tried to stop him he locked my mouse so I had to power off computer. after that there was a virus installed on my computer,
  I have spent the last 3 hrs getting a different virus protection software to clean my Hard drive.
  I want this guy fired,
  Funny I have been trying to get in touch with adobe since March 29,2015, no emails and when I got someone one the phone he could not under stand me, but I can understand why since he could
  not speak english, WOW Great support ADOBE.
  I bet I will get there attn. now.
  anyone have another way to contact this great company?

  I am unable to get the numbers about the first imd I contacted adobe, but was able to get the chat records if that would help, my computer is fried, I have been spending last 2 days trying to remove the virus and ad wares, I have been told looked like I will have to erase the drive an install every thing from scratch

• Using Encrypt Policy in OSB

  HI,
  I am struggling to enforce inbound message level security at the proxy service level.
  I just wanted to encrypt the request and response payload of the proxy service .
  I have tried all my best and added encrypt policy to request and response at the policy tab of proxy service.
  Please guide me how to enforce it .
  Abhinav

  Anuj ,
  i am using self signed certificate for service key provider.
  My request :
  <soapenv:Envelope xmlns:prox="http://in.abhinav/ProxyPayload_Master" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken wsu:Id="UsernameToken-6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>weblogic</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic123</wsse:Password>
  <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">za2EsbtNUse5t2Y9DjL9jA==</wsse:Nonce>
  <wsu:Created>2012-01-16T06:57:06.769Z</wsu:Created>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
  <prox:SendOperationRequest>
  <username>?</username>
  <password>?</password>
  <mobilePhoneNumber>?</mobilePhoneNumber>
  <vouchernumber>?</vouchernumber>
  </prox:SendOperationRequest>
  </soapenv:Body>
  </soapenv:Envelope>
  Resposne :
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <faultcode>wsse:InvalidSecurity</faultcode>
  <faultstring>Could not validate encryption against any of the supported token types</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>

• Error while calling Encryption Policy in OWSM

  Hi,
  I have a simple BPEL process and which is registered in OWSM with Encryption/decryption policies using jks
  I get below error in gatway logs.Please let me know any thoughts
  2009-06-22 04:57:32,503 FINE [AJPRequestHandler-HTTPThreadGroup-8] CSWComponent - Executing policy step. Policy='SID0003053', Step Name='XML Encrypt', Step Class='com.cfluent.policysteps.security.wssecurity.EncryptStep'
  2009-06-22 04:57:32,503 FINER [AJPRequestHandler-HTTPThreadGroup-8] wssecurity.SecurityBaseStep - Step XML Encrypt called
  2009-06-22 04:57:32,507 FINEST [AJPRequestHandler-HTTPThreadGroup-8] wssecurity.EncryptStep - Encrypting Soap XPATH
  2009-06-22 04:57:32,515 FINEST [AJPRequestHandler-HTTPThreadGroup-8] wssecurity.SecurityBaseStep - XPath= /descendant-or-self::node()/child::*[(attribute::encrypted = "true")]
  2009-06-22 04:57:32,516 WARNING [AJPRequestHandler-HTTPThreadGroup-8] wssecurity.SecurityBaseStep - Failure while applying XML Security
  java.lang.StringIndexOutOfBoundsException: String index out of range: -1
  at java.lang.String.substring(String.java:1768)
  at com.cfluent.policysteps.security.wssecurity.SecurityBaseStep.setLocationsForXPath(SecurityBaseStep.java:518)
  at com.cfluent.policysteps.security.wssecurity.EncryptStep.setEncryptLocationsForXPath(EncryptStep.java:225)
  at com.cfluent.policysteps.security.wssecurity.EncryptStep.getEncryptLocations(EncryptStep.java:202)
  at com.cfluent.policysteps.security.wssecurity.EncryptStep.performXmlSecurity(EncryptStep.java:177)
  at com.cfluent.policysteps.security.wssecurity.SecurityBaseStep.execute(SecurityBaseStep.java:256)
  at com.cfluent.pipelineengine.container.DefaultPipeline.executeStep(DefaultPipeline.java:124)
  at com.cfluent.pipelineengine.container.DefaultPipeline.execute(DefaultPipeline.java:97)
  at com.cfluent.pipelineengine.container.DefaultPolicy$DeferredPipeline.execute(DefaultPolicy.java:63)
  at com.cfluent.pipelineengine.container.DefaultPolicy$DeferredPipeline.access$300(DefaultPolicy.java:18)
  at com.cfluent.pipelineengine.container.DefaultPolicy.execute(DefaultPolicy.java:126)
  at com.cfluent.pipelineengine.container.PipelineContainer.execute(PipelineContainer.java:114)
  at com.cfluent.agent.Agent.intercept(Agent.java:123)
  at com.cfluent.agent.AgentRuntime.intercept(AgentRuntime.java:252)
  at com.cfluent.pipelineengine.util.PolicyInvoker.execute(PolicyInvoker.java:30)
  at com.cfluent.pipelineengine.util.InvokerChain.execute(InvokerChain.java:30)
  at com.cfluent.gateway.Invoker.execute(Invoker.java:148)
  at com.cfluent.gateway.listener.ProtocolListener$ListenerTask.run(ProtocolListener.java:272)
  at com.cfluent.gateway.listener.ProtocolListener.invoke(ProtocolListener.java:110)
  at com.cfluent.gateway.listener.GatewayRuntime.invoke(GatewayRuntime.java:32)
  at com.cfluent.gateway.listener.http.HttpListener.invoke(HttpListener.java:30)
  at com.cfluent.gateway.listener.http.ServicesServlet.handlePost(ServicesServlet.java:57)
  at com.cfluent.common.servlet.BaseServlet.doPost(BaseServlet.java:264)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:713)
  at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
  at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
  at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:302)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
  at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
  at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
  at java.lang.Thread.run(Thread.java:595)
  2009-06-22 04:57:32,519 FINE [AJPRequestHandler-HTTPThreadGroup-8] CSWComponent - Step execution failed: Fault Code=[http://schemas.oblix.com/ws/2003/08/Faults/GenericFault] Fault String=[WS-Security process failure:String index out of range: -1] Policy=[SID0003053] Pipeline=[Request] Step Name=[XML Encrypt] Step Class=[com.cfluent.policysteps.security.wssecurity.EncryptStep]
  Thanks
  Vinay

  you missed one question of mine  <b>Do you create the PDF after creating the GUID ?</b>
  try giving a fixed URL just to test.
  Aman

• Nyone who had success using sign-encrypt policy(oracle web service manager)

  Hi All,
  I could not succeed in using sign Message and Encrypt and decrypt and verify signature policy using oracle web services manager.So I would be grateful if somebody who had success in using it would shed light on its use.
  Basically,I am using the following policy steps in securing a helloworld web service using gateway(oracle web services manager) :
  1)for Request (Decrypt and Verify signature).
  2)for Response(Sign Message and Encrypt).
  The configuration for Request is shown below:
  Pipeline "Request"
  Pipeline Steps:
  Start Pipeline
  Log
  Decrypt and Verify Signature
  Basic Properties Type Default Value
  Enabled (*) boolean true true
  XML Decryption Properties Type Default Value
  Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
  Decrypt Keystore Type (*) string jks jks
  Decryptor''s keystore password string *******
  Decryptor''s private-key alias (*) string s1as
  Decryptor''s private-key password string *******
  Enforce Encryption (*) boolean true true
  XML Signature Verification Properties Type Default Value
  Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
  Verifying Keystore type (*) string jks jks
  Verifying Keystore password string *******
  Signer''s public-key alias (*) string xws-security-client
  Enforce Signing (*) boolean true true
  End Pipeline
  And the configuration for Response is shown below:
  Pipeline "Response"
  Pipeline Steps:
  Start Pipeline
  Log
  Sign Message and Encrypt
  Basic Properties Type Default Value
  Enabled (*) boolean true true
  Signing Properties Type Default Value
  Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
  Signing Keystore Type (*) string jks jks
  Signing Keystore password string *******
  Signer''s private-key alias (*) string s1as
  Signer''s private-key password string *******
  Signed Content (*) string BODY BODY
  Sign XPATH Expression string
  Sign XML Namespace string[]
  Encryption Properties Type Default Value
  Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
  Encrypt Keystore Type (*) string jks jks
  Encryption Keystore password string *******
  Decryptor''s public-key alias (*) string xws-security-client
  Encrypted Content (*) string BODY BODY
  Encrypt XPATH Expression string
  Encrypt XML Namespace string[]
  End Pipeline
  But I am getting the following fault exception while accessing this secure web service :
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Body>
  <SOAP-ENV:Fault>
  <faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
  <faultstring>Step execution failed with an exception
  </faultstring>
  <detail></detail>
  </SOAP-ENV:Fault>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  I would appreciate your help.Thanks.
  Kash

  Hi clemens,
  Actually I installed OracleWebServices_Manager_4_0_3 and I see my installation directory does not contain any of the directory structure you mention.
  It installed oracle web services manager in the following location:
  C:\coresv_install_home
  and it contains the following subdirectories:
  1)bin
  2)config
  3)db
  4)ears
  5)external
  6)extlicences
  7)lib
  8)samples
  9)scripts
  10)wars
  So I like to ask did you install the same version of the oracle web services manager, if not which version you install in which security is working for you.Thanks for any help.
  Kash

• Query For Retention Policy On All Folders

  I am looking for a way to query for the retention policy assigned to all user folders (per folder/per user). My client allows the user to set the folder retention policy per folder and would like to know how each user has that configured. This is for
  a 700 user environment. I know any CSV generated as output could have thousands of rows.
  thanks.
   

  You will have to use EWS for that. Here's an example (for 2013):
  $getRTResp=$exchangeService.GetUserRetentionPolicyTags()
  function GetTagName($tagGUID) {
  if (!$tagGUID) { return ($getRTResp.RetentionPolicyTags | ? {$_.Type -eq "All"}).DisplayName }
  foreach ($tag in $getRTResp.RetentionPolicyTags) {
  if ($tag.RetentionId -eq $tagGUID) { return $tag.DisplayName }
  $FpageSize =100
  $FOffset = 0
  $folderView = new-object Microsoft.Exchange.WebServices.Data.FolderView($FpageSize,$FOffset,[Microsoft.Exchange.WebServices.Data.OffsetBasePoint]::Beginning)
  $folderView.Traversal = [Microsoft.Exchange.WebServices.Data.FolderTraversal]::Deep
  $folderView.PropertySet = new-object Microsoft.Exchange.WebServices.Data.PropertySet(
  [Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly,
  [Microsoft.Exchange.WebServices.Data.FolderSchema]::DisplayName,
  [Microsoft.Exchange.WebServices.Data.FolderSchema]::ArchiveTag,
  [Microsoft.Exchange.WebServices.Data.FolderSchema]::PolicyTag,
  [Microsoft.Exchange.WebServices.Data.FolderSchema]::FolderClass);
  $oFindFolders = $exchangeService.FindFolders([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::MsgFolderRoot,$null,$folderView)
  foreach ($folder in $oFindFolders.Folders) {
  Write-host $folder.DisplayName "has Policy:" $(GetTagName $folder.ArchiveTag.RetentionId)
  Obviously, it needs some work, a loop for all 700 users, proper error handling, etc. But hopefully it illustrates the idea. For older versions, its a bit more work to get the Name of the tag, but you can also use Get-RetentionPolicyTag for that.
  Code adapted from:
  http://blogs.msdn.com/b/akashb/archive/2012/01/12/stamping-retention-policy-tag-on-items-using-ews-managed-api-1-1-from-powershell-exchange-2010-part-2.aspx
  http://blogs.msdn.com/b/mvpawardprogram/archive/2013/04/08/5-lesser-known-operations-in-exchange-web-services-on-exchange-2013.aspx

• Encryption of "Safe Sleep" file?

  I note that under Lion swap files are encrypted by default.
  My question is - are the memory images stored on disk when a machine enters "Safe Sleep" also encrypted?
  Since these files are in fact the contents of the entire memory of the machine at the time that the system goes to sleep, they would pose the same security risks as are posed by the swap files, correct?
  To me, encrypting swap files without encrypting the sleep image solves only half of the problem.
  Are the sleep fiiles somehow encrypted also?

  The sleepimage file is not encrypted. However, it's readable only by root. Anyone who has root can capture your password and anything else he wants by other means. An attacker with physical possession of your storage device could extract your password from the sleepimage file, and use it to unlock your keychains. He could read all your other files even without knowing the password, of course. If you're concerned about this threat, disable hibernation and enable FileVault.

• Retention Policy - Archive All folders to archive-maibox (including inbox and send items)

  Hello,
  with exchange 2010 we have a retention policy to archive all mail older than 2 years to the archive-maiblox using the retention policy.
  The policy is having the setting "all other folders", so this isn`t working for the folder "inbox" "send items" etc.
  What can i change to have ALL folders moved to the archive-mailbox?
  Thx

  Hi,
  Did you means that you select "All other folders in the mailbox" as a tag type? Is right?
  If so, it will not work for the default folders (such as Inbox and Send Items..).
  Please refer to the following thread:
  Exchange 2010: Retention Policy Tag
  Type- All other folders in the mailbox
  Thanks.
  Niko Cheng
  TechNet Community Support

• Are video calls encrypted and safe from spying

  good morning ,,,i have a small question ,,,i'm using skype 6 on windows 7 64bit ,,,and i'm connected to a public wifi without a password ,,can some one sniff my skype and listen to my voice or video calls,,because i heard that some people can sniff the skype password on public wifi and also listen to the voice and video calls ,,please help ,,,ty admins

  Not quite, please see http://news.softpedia.com/news/Skype-Provided-Back​door-Access-to-the-NSA-Before-Microsoft-Takeover-N​...
  Therefore it is quite likely that the naked video you shot with your girlffriend, or wife can be viewed by a 20 year old NSA analyst.
  This is UNACCEPTABLE and we the users must force Skype to change it and give us the guarantee that they originally gave i.e. that conversations (video and text and metadata) are SECURE!
  So far, Skype have not commented on this topic!

• Safe Harbour Encryption issue

  Hello,
  I'm currently stuck on a issue with encryption. I've set up in General Settings Safe Harbor Encryption and also encryption for removable devices. On the USB drive I have no problems files get encrypted just fine. The issue is with Safe Harbor. Checked the option, restarted the computer, the folders are in the root of each drive, but no matter what file I put in there I can still read it. I tried logging out from Novell Client, logged on the same computer with other user and still I can see the content of the file. Any clues on this? The documentation on this is pretty straight forward.
  Thank you!

  It is WAD (working as designed).
  The best way to test encryption is to share the safe harbor folder, and try to open the files from across the network.
  You need to setup password encryption for the ZSC to ask the user for a second password in order to add a second layer of protection - if the user don't know this second password, then the ZSC will no decrypt the safe harbor's content.
  I'm with you that the docs are not very rich when it comes to explain how encryption really works.
  Best,
  Daniel
  >>>
  From: Sebymargis<[email protected]>
  To:novell.support.zenworks.endpoint-security-management
  Date: 9/8/2010 12:36 PM
  Subject: Safe Harbour Encryption issue
  Hello,
  I'm currently stuck on a issue with encryption. I've set up in General
  Settings Safe Harbor Encryption and also encryption for removable
  devices. On the USB drive I have no problems files get encrypted just
  fine. The issue is with Safe Harbor. Checked the option, restarted the
  computer, the folders are in the root of each drive, but no matter what
  file I put in there I can still read it. I tried logging out from Novell
  Client, logged on the same computer with other user and still I can see
  the content of the file. Any clues on this? The documentation on this is
  pretty straight forward.
  Thank you!
  Sebymargis
  Sebymargis's Profile: http://forums.novell.com/member.php?userid=54189
  View this thread: http://forums.novell.com/showthread.php?t=420385

• How can you prevent encrypted folders that you created in disc utility from being deleted?

  How can you prevent encrypted folders that you created in disc utility from being deleted?

  bibst wrote:
  How can you prevent encrypted folders that you created in disc utility
  You cannot create encrypted folders in, or encrypt folders with, Disk Utility.
  You can create with Disk Utility encrypted disk images from folders. I assume that's what you mean.
  The proper way to do it is by setting the immutable bit. Read here
  <http://www.thexlab.com/faqs/immutableflags.html>
  about the immutable bits (and the trouble they sometimes create).
  The user immutable bit (uchg) is the same as the Finder lock, as described above by X423424X. It's a weak lock, with only a warning.
  The system immutable bit (schg) is more powerful. Once is set, the item cannot be deleted in Finder (even though Finder will ask for your password and may give you the impression that it can trash it; it will end with an error).
  I set it in Terminal, thus
  $ sudo chflags schg my_encrypted_disk_image
  and unset it also in Terminal
  $ sudo chflags noschg my_encrypted_disk_image
  (Note that, when you unset the system immutable bit, the change won't be reflected immediately in Finder, but the item can be trashed nevertheless.)

• Activesync policy enable device encryption

  Hi,
  I have one query about sync policy.
  If iPhone/android phone lost after enabling the enable device encryption policy.
  is any way to recover data from that iPhone ?
  Thanks
  Deepak

  Sorry. Your question isn't clear.  If you don't want to force encryption on them, then why would you require device encryption?
  What are you trying to accomplish? What would be the logic of requiring device encryption, but exempting one group of users from that requirement?

• Encryption problem

  We have Endpoint and ifolder on Dell Laptops models D8300 and E6500. The folder encryption works fine on the E6500. When I try to install on a D830 and use the encryption feature when I try to rename a file or save a file I get the following error " Can Not rename test : Access Denied. Make sure the disk is not full or write connected and that the file is not currently in use." That is when I try to rename a folder. When I try to ave from word to the C Drive or desktop I get the following "Word can not save due to a file permission error"
  Now the weird thing is that this only happens on the D830 models on the E6500 encryption works fine. Has anyone else experienced this issue before?
  I am running the latest endpoint Client and I have tried this with XP SP3 and SP2 and have the same result.
  Thanks

  Yes I am using the safe harbor option. Yes it does the same thing for new and existing files/folders. I have not tired a new encryption key.
  Originally Posted by AAG885
  So you using the "safe harbor" option? if your creating new folders or files does it do the same thing? have you tried generating a new encryption key to see if this solves the issue?

• Data Encryption on ALL drives

  Hi,
  I like to know why i cannot put Data Encryption on ONLY a D:folder path. Why is this folder automatic created on ALL drives? A "user" save-harbor can be put on one specific disk, so why not a "default" one?
  Thanks
  Herman

  Originally Posted by bbeachem
  This is a feature enhancement request we have on our roadmap. The initial request from Administrators was to specify the folder and we would add it to all the drives. User safe harbor is a specific volume browse option, so that is why the drive volume is part of the safe harbor.
  The policy define safe harbor is just a folder name (no volume ID is specified).
  Thanks,
  I'am waiting for the enhancement.
  Herman

• Encryption in windows file server

  I have a client requirement to encrypt the file and folders inside a sharedfolder
  I selected the folder and from the properties, enabled a the encryption check mark and saved the generated certificate as recovery/access to users.
  Is this a feasible solution or how can I properly encrypt file server in a domain and how to manage access to this folders without any change in file and folder permission
  Amal RS

  Hi Amal,
  Based your description, we are using EFS to encrypt the shared folder.
  As the following article states:  
  EFS helps secure the information that is contained in our folders and files by creating a unique key that uses a combination of the server’s credentials and the user’s credentials.
  Because EFS is so secure, it’s critical to enforce a strong password policy. It’s also a best practice to archive and back up the recovery keys for your domain and keep them in a safe place to ensure recovery should the keys become damaged or lost.
  Help Secure your Business Information using Encrypting File System
  http://blogs.technet.com/b/sbs/archive/2010/03/09/help-secure-your-business-information-using-encrypting-file-system.aspx
  Besides, regarding EFS, the following articles can be referred to for more information.
  Best practices for the Encrypting File System
  https://support2.microsoft.com/kb/223316?wa=wsignin1.0
  Encrypting File System
  http://technet.microsoft.com/en-in/library/cc749610(v=ws.10).aspx
  Best regards
  Frank Shen