IOS IPS for blocking IM and P2P

Similar Messages

• Function Module for blocking, unblocking and deleting assets

  Hi,
  Are there function modules available for blocking,unblocking and deleting assets in SAP.
  Can I user 'BAPI_FIXEDASSET_CHANGE' for the same?
  Thanks in adavnce,
  Laxman

  Hey,
  I tried by putting the values of company code,asset number,subnumber, transaction type as 'A' and passing the value of INLA-XSPEB as 'X' in FM ASSET_MASTERRECORD_MAINTENANCE to block the asset but it is not working. I am trying many other things. Can you suggest what are the mandatory fields that need to be passed for the asset to be blocked.
  As there are lot of parameters in this FM, I am little confused. Is there a proper documentation available somewhere to understand the flow.
  Thanks in advance for the help.
  Laxman Pai.

• I need iOS 5 for "Drive Google" and " i Cloud" where and how do I get to download it?

  I need iOS 5 for "Drive Google" and " i Cloud" where and how do I get to download it?

  You have to update by using a computer via the latest version of iTunes. You can connect the iPad to your computer and launch iTunes. Select the iPad on the left side under the devices heading. Click on the Summary Tab on the right. Click on Check for Update.
  After you update to iOS 5 or later, you will have Software Update in you settings and can update via WiFi OTA. If you have the iPad 2 - you will be updating to iOS 6.0.1.
  If you have the original iPad - iOS 5.1.1 is as high as you can go.
  How to update to iOS 5 or later.
  http://support.apple.com/kb/HT4972

• Downloaded and installed ios 7 for iphone 5 and wont let me turn on location services

  download ios 7 for iphone 5 and when i go to turn on location services it does'nt let me turn it on.

  Read this
  Note: If you lose or forget a restriction passcode, you will need to perform a factory restore to remove it.
  http://support.apple.com/kb/HT4213
  Message was edited by: ckuan

• HT5957 I have downloaded the ios 7 for my ipad and now my screen is locked and shows a plug pointing towards an itunes symbol.  Does anyone have an way out of this frustrating problem?  Holding down the home and power buttons together has not worked.

  I have downloaded ios 7.2 update for my ipad and now my screen is locked and shows a picture of a plug and the itunes symbol.  Does anyone have advice to fix this frustrating problem?  I have seen help online for iphones, but none for ipads.  The screen will not budge.  I have tried holding down the power and home buttons at the same time, to no avail.  Please, can some of you smart people help me?

  Hi there Martha250,
  I would recommend taking a look at the troubleshooting steps found in the article below.
  iOS: Unable to update or restore
  http://support.apple.com/kb/HT1808
  -Griff W.

• HT2305 need to load new software ios 5 for my ipad and ipod

  i need to know how to down load ios software on my ipad and on my ipod, as it doesnt show on both ov my devices how to update the device, in gnereal it normaly shows up date software on mine it doesnt pls help me as ive scan google and still not getting any joy....thanks

  Update it from iTunes on a computer as described at the bottom of this article; devices running an iOS version prior to 5.0 can't be updated straight from the device. It will be updated to iOS 6.1.3 or 6.1.4 if supported by the device’s hardware.
  (83227)

• Setting up iCloud After iOS 6 for multiple devices and one Apple ID

  We have a shared Apple ID for our iTunes Store purchases.  We share a Mac, and we share an iPad.  Each of us has a separate iPhone. 
  How should we set up iCloud to enable us to download pics that we take with our iPhone automatically to iPhoto on our shared Mac?
  How can we maximize the 5GB space in iCloud?
  How can we share calendars if needed so that if I edit an item on my iPhone, it automatically updates it on our Mac and my husband's iPhone?
  I want to be able to leverage "Find iPhone" but I guess you can only have one device set to one iCloud account, correct?  So if I lose my iPhone, I don't want all of our devices starting to ping at the same time (since the only one I'm trying to find is mine).
  Separately, after upgrading to iOS 6, I lost my contacts, and my music.  All my text message contacts in current conversations, were changed from the Contact Name to Phone numbers.  And all the phone numbers now have a 1 ahead of them, despite the fact that I did not set it up originally like that.
  HELP!

  See my answer to your other post: https://discussions.apple.com/message/19839969#19839969.

• Solved - How to take ownership and change permissions for blocked files and folders in Powershell

  Hello,
  I was trying to take ownership & fix permissions on Home Folder/My Documents structures, I ran into the common problem in PowerShell where Set-Acl & Get-Acl return access denied errors. The error occurs because the Administrators have been removed from
  file permissions and do not have ownership of the files,folders/directories. (Assuming all other permissions like SeTakeOwnershipPrivilege have been enabled.
  I was not able to find any information about someone successfully using native PS to resolve the issue.  As I was able to solve the issues surrounding Get-Acl & Set-Acl, I wanted to share the result for those still looking for an answer.
  Question: How do you use only Powershell take ownership and reset permissions for files or folders you do not have permissions or ownership of?
  Problem: 
  Using the default function calls to the object fail for a folder that the administrative account does not have permissions or file ownership. You get the following error for Get-Acl:
  PS C:\> Get-Acl -path F:\testpath\locked
  Get-Acl : Attempted to perform an unauthorized operation.
  + get-acl <<<< -path F:\testpath\locked
  + CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
  If you create a new ACL and attempt to apply it using Set-Acl, you get:
  PS C:\> Set-Acl -path F:\testpath\locked -AclObject $DirAcl
  Set-Acl : Attempted to perform an unauthorized operation.
  At line:1 char:8
  + Set-Acl <<<< -path "F:\testpath\locked" -AclObject $DirAcl
  + CategoryInfo : PermissionDenied: (F:\testpath\locked:String) [Set-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
  Use of other functions like .GetAccessControl will result in a similar error: "Attempted to perform an unauthorized operation."
  How do you replace owner on all subcontainers and objects in Powershell with resorting to external applications like takeown, icacls, Windows Explorer GUI, etc.?
  Tony

  Hello,
  Last, here is the script I used to reset permissions on the "My Documents" tree structure that admins did not have access to:
  Example:  Powershell script to parse a directory of User-owned "My Document" redirection folders and reset permissions.
  #Script to Reset MyDocuments Folder permissions
  $domainName = ([ADSI]'').name
  Import-Module "PSCX" -ErrorAction Stop
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
  #Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeSecurityPrivilege", $true) #Optional if you want to manage auditing (SACL) on the objects
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
  $Directorypath = "F:\Userpath" #locked user folders exist under here
  $LockedDirs = Get-ChildItem $Directorypath -force #get all of the locked directories.
  Foreach ($Locked in $LockedDirs) {
  Write-Host "Resetting Permissions for "$Locked.Fullname
  #######Take Ownership of the root directory
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  $Locked.SetAccessControl($blankdirAcl)
  ###################### Setup & apply correct folder permissions to the root user folder
  #Using recommendation from Ned Pyle's Ask Directory Services blog:
  #Automatic creation of user folders for home, roaming profile and redirected folders.
  $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
  $propagation = [system.security.accesscontrol.PropagationFlags]"None"
  $fullrights = [System.Security.AccessControl.FileSystemRights]"FullControl"
  $allowrights = [System.Security.AccessControl.AccessControlType]"Allow"
  $DirACL = New-Object System.Security.AccessControl.DirectorySecurity
  #Administrators: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",$fullrights, $inherit, $propagation, "Allow")))
  #System: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",$fullrights, $inherit, $propagation, "Allow")))
  #Creator Owner: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("CREATOR OWNER",$fullrights, $inherit, $propagation, "Allow")))
  #Useraccount: Full Control (ideally I would error check the existance of the user account in AD)
  #$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked.name",$fullrights, $inherit, $propagation, "Allow")))
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked",$fullrights, $inherit, $propagation, "Allow")))
  #Remove Inheritance from the root user folder
  $DirACL.SetAccessRuleProtection($True, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #Set permissions on User Directory
  Set-Acl -aclObject $DirACL -path $Locked.Fullname
  Write-Host "commencer" -NoNewLine
  ##############Restore admin access & then restore file/folder inheritance on all subitems
  #create a template ACL with inheritance re-enabled; this will be stamped on each subitem to re-establish the file structure with inherited ACLs only.
  #$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked.name") #ideally I would error check this.
  $NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked") #ideally I would error check this.
  $subFileACL = New-Object System.Security.AccessControl.FileSecurity
  $subDirACL = New-Object System.Security.AccessControl.DirectorySecurity
  $subFileACL.SetOwner($NewOwner)
  $subDirACL.SetOwner($NewOwner)
  ######## Enable inheritance ($False) and not copy of parent ACLs ($False)
  $subFileACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  $subDirACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #####loop through subitems
  $subdirs = Get-ChildItem -path $Locked.Fullname -force -recurse #force is necessary to get hidden files/folders
  foreach ($subitem in $subdirs) {
  #take ownership to insure ability to change permissions
  #Then set desired ACL
  if ($subitem.Attributes -match "Directory") {
  # New, blank Directory ACL with only Owner set
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankdirAcl)
  #At this point, Administrators have the ability to change the directory permissions
  Set-Acl -aclObject $subDirACL -path $subitem.Fullname -ErrorAction Stop
  } Else {
  # New, blank File ACL with only Owner set
  $blankfileAcl = New-Object System.Security.AccessControl.FileSecurity
  $blankfileAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankfileAcl)
  #At this point, Administrators have the ability to change the file permissions
  Set-Acl -aclObject $subFileACL -path $subitem.Fullname -ErrorAction Stop
  Write-Host "." -NoNewline
  Write-Host "fin."
  Write-Host "Script Complete."
  I hope you find this useful.
  Thank you,
  Tony
  Final Thought: There are great non-PS tools like
  Set-Acl and takeown which are external to PS & can also do the job wonderfully.  It may be much simpler to call those tools than recreate the wheel in pure
  code.  Feel free to use whatever best suits your time, scope & cost.

• ASA5512-IPS with failover - how do you config IPS for config sync and failover

  Hi all,
  I have a pair of 5512-X's with IPS. The ASA's are configured for failover with active/standby. Is it possible to configure the 5512-IPS is an active/standby state with configuration synchronisation?  I’ve been unable to locate any configuration documentation on this.
  Your advice would be appreciated.
  Regards,
  Chris

  There is no active/standby-state or replication as it is on the ASA. Both IPS-modules are configured completely independent. It's your responsibility to keep the two units in sync.
  Yes, it's an improvable state and every admin in a small setup without a cetralized management is hoping for new features there.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Does this mean that ios 6.0.1 will be the last ios update for ipad 2 and iphone 4s?

  With the release of ios 6.0.2, which is only available for the iphone 5 (and ipad mini) does this mean that ios 6.0.1 will be the last software update for the 4s?

  As that was only a bugfix update specific to those devices, no.
  (72908)

• BAPI_PO_CREATE1 for blocked item and account assignment category Q

  Hi,
  I am facing an issue while creating PO with items which are blocked ie LOEKZ = 'S', and account assignment category 'Q'.
  Though I fill wbs element in POACCOUNT and POACCOUNTX structures, after execution it is being erased and am getting an error: "Enter WBS Element" with an information message "Change G/L Account could not be effected".
  Please help.
  Thanks in advance.
  Regards
  Kalyani

  Hi Ravi,
  Below is the code:
  POITEM-PO_ITEM = '00010'
  POITEM-DELETE_IND = 'S'
  POITEM-ACCTASSCAT = 'Q'
  POACCOUNT-PO_ITEM = '00010'
  POACCOUNT-SERIAL_NO = '01'
  POACCOUNT-CO_AREA = '1000'
  POACCOUNT-WBS_ELEMENT = 'XXXX'
  I filled POITEMX, POACCOUNTX structures too.
  When I dont pass POITEM-DELETE_IND = 'S', the PO is being created.
  But my requirement is to make the item blocked.
  Thanks in advance.
  Regards
  Kalyani

• Clarification about source and destination IPs for internal clients and Edge server

  I just wanted to get some clarification on the correct traffic flow between internal Lync clients and the Edge server.
  From all the diagrams I've looked at I was under the impression that if internal clients need to hit the Edge server to talk to external clients they should always do so through the Edge Internal interface which bridges to the Edge External interface and
  out to the internet.  Specifically port 3478 from the Edge AV External interface to the internal clients.
  We aren't seeing that in our environment.  When internal clients are talking to external clients we see the Edge AV External interface communicating directly with the internal client.  In fact we found this out because after the migration to Lync
  2013 external users couldn't created a AV connection to internal users on either the Lync servers.  We saw traffic on 3478 being dropped between the Edge AV External interface and the internal client.  Once we opened that port AV traffic worked.
  We never put this rule in until we introduced Lync 2013.  Lync 2010 didn't seem to require it.
  Is that the correct flow?

  I would also really love to know the outcome of this but it looks like the thread is marked as "Answered" and it is not so. 
  I've been working with a troublesome Lync deployment in which internal users are having issues sharing their desktop with external and federated users. After opening up all the 50000-59999 range for TCP/UDP on the A/V Edge external interface things are working
  much better, but we still see sporadic failures.
  It lead us to start digging into the network traffic. We see that UDP traffic on port 3478 is being routed back from the external client to the Edge A/V's external interface, inside of the DMZ's perimeter, then directly to the internal client on the internal
  network. It doesn't look like it's making a connection since the stream is so small, so I wonder if there is a design flaw in my topology?
  There are persistent static routes on the Edge server that use the internal interface to route internally directed traffic over the internal gateway. Tracert confirms the flow, but in wireshark traces, running during successful connections, UDP port 3478
  is still sending packets directly to the internal IP from Edge's A/V address. 
  We also see successfully connected sessions communicate on a different network route that we use to handle internet traffic rather than our Lync topology's route (the one defined for A/V traffic). The connection opens on ports in the 50000 range, but goes
  over a router that we have not configured for such traffic. Is that possible?
  Why is UDP traffic on 3478 trying to go directly to internal clients from external interface ?
  It sounds like it's happening elsewhere... Is this a legitimate issue to be diagnosing? Has it been observed and/or resolved by others?

• I HAVE BLOCK SITE AND i FOR GOT MY PASSWORD WHAT DO i DO?

  i SET A PASSWORD FOR BLOCK SITE AND FOR GOT IT. WHERE CAN i CHANGE THAT?

  If you lost your password: go to '''about:config''' (type '''about:config''' in the location bar and press enter) and reset the '''BlockSite.authenticate''' entry or clear the '''BlockSite.password''' entry.

• If I update my itunes software will i loose my downloaded ios for ipod ipad and iphone?

  If I update my itunes software will I loose my downloaded ios software for iPod iPad and iPhone?

  No.

• IOS IPS Signature-File

  Hi Guys,
  We have recently purchased a Cisco ISR 2921,  and on its docs it is writen that this product has a License for IOS IPS Signatrue File,  but on the product Flash Memory there is no  IOS IPS Sig-File.   and while i try to download the sig-file from Cisco, it fails.
  Can any one tell me where is an alternate way to download the sig-file ?

  900 active signatures is quite much for a system that has no dedicated IPS-ressources.
  But you can controll which and how many signatures get enabled on your router:
  In the following example I first disable all signatures and enable the ones for web-servers. So just decide which signatures you need. But don't forget to monitor your router-ressources.
  gw#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  gw(config)#ip ips signature-category
  gw(config-ips-category)#?
  IPS signature category configuration commands:
    category  Category keyword
    exit      Exit from Category Mode
    no        Negate or set default values of a command
  gw(config-ips-category)#category ?
    adware/spyware                Adware/Spyware (more sub-categories)
    all                           All Categories
    attack                        Attack (more sub-categories)
    configurations                Configurations (more sub-categories)
    ddos                          DDoS (more sub-categories)
    dos                           DoS (more sub-categories)
    email                         Email (more sub-categories)
    instant_messaging             Instant Messaging (more sub-categories)
    ios_ips                       IOS IPS (more sub-categories)
    l2/l3/l4_protocol             L2/L3/L4 Protocol (more sub-categories)
    network_services              Network Services (more sub-categories)
    os                            OS (more sub-categories)
    other_services                Other Services (more sub-categories)
    p2p                           P2P (more sub-categories)
    reconnaissance                Reconnaissance (more sub-categories)
    releases                      Releases (more sub-categories)
    specially_licensed_signature  Specially Licensed Signature (more sub-categories)
    telepresence                  TelePresence (more sub-categories)
    uc_protection                 UC Protection (more sub-categories)
    viruses/worms/trojans         Viruses/Worms/Trojans (more sub-categories)
    web_server                    Web Server (more sub-categories)
  gw(config-ips-category)#category all
  gw(config-ips-category-action)#retire true
  gw(config-ips-category-action)#exit              
  gw(config-ips-category)#category web_server
  gw(config-ips-category-action)#?
  Category Options for configuration:
    alert-severity   Alarm Severity Rating
    enabled          Enable Category Signatures
    event-action     Action
    exit             Exit from Category Actions Mode
    fidelity-rating  Signature Fidelity Rating
    no               Negate or set default values of a command
    retired          Retire Category Signatures
  gw(config-ips-category-action)#retired false
  gw(config-ips-category-action)#exit
  gw(config-ips-category)#exit
  Do you want to accept these changes? [confirm]
  gw(config)#
  gw(config)#exit
  gw#sh ip ips configuration | s IPS Signature Status
  IPS Signature Status
      Total Active Signatures: 131
      Total Inactive Signatures: 4370
  gw#
  I didn't follow the thread and answered your first post to have less line-breaks in this post.