IPhone enterprise setup - security concerns

Similar Messages

• WPA2 Enterprise setup question

  I have been trying to complete a WPA2 Enterprise setup, and I have hit a wall in troubleshooting. The current setup has two SSIDs, but the users only use one of these SSIDs, and that one is setup as WEP (I know...I know). I have been tasked with getting the users on a stronger security setup, and I thought that the best way would be to have them use WPA2 Enterprise, and they would authenticate to the network using their Active Directory user name and password. 
  I have been trying to get the secondary SSID converted over to do this, but I am stuck. I have setup the access point (Cisco 1140) the way that I believe should work, and I have also went through the Radius server (Microsoft Server 2008 R2) and set it up with some suggestions I have ran while researching.
  I am hoping someone can see what I am doing wrong, or guide me to setup a more secure connection. My networking/Cisco skills are intermediate so there are things that I miss or could improve on at times. 
  I am attaching the config on the access point, and some screen shots off of our Radius server.
  The radius server is  10.90.9.9
  SSID that I am trying to configure is AAA
  AP IP address 10.90.6.6
  Please let me know if there is any information that I am missing. I will get it to you right away.
  Edit - One thing I didn't include was that we don't have a certificate for this. Preferably I would like to set this up without a cert, and just have them authenticate with the user/pass from AD. If a cert is needed though, I can get one. Thanks :)
  Thanks.

  Hi Brent,
  Here is a working configuration for similar requirement using ACS as RADIUS server. Hope it is useful for you to get this working.
  http://mrncciew.com/2013/11/14/autonomous-ap-with-external-radius/
  Pls do not forget to rate our responses if it is useful to you.
  HTH
  Rasika

• Security concern when selling broken 3G

  I have an old iphone 3g that was submerged in water. I tried the "bag of rice" trick, but that didn't work so I bought a new 4S. My questions is: what are the security concerns of seeling the 3g on craigslist? I can't turn the phone on to reset it to factory settings. Is there anything I can do? Thanks for any input.

  Oh you would be surprised lol. Check ebay and you'll see broken 3G's going around the $50 range. They're only good for spare parts i would think.

• How to configure Enterprise User Security ?

  Hi All,
  I am following the oracle document for setting up Enterprise User Security to setup Enterprise user security between OID 11g and database 11g . but right now if i click on the "Enterprise User Security" link in the Security under the Server tab , I am getting a HTTP 500 internal error , please kindly provide your inputs .
  Regards,
  Senthil.

  Hi,
  You don't so much configure enterprise voice for federation, you just configure enterprise voice. Then when you configure you're environment for federation, the voice features will take care of themselves. The two are separation components / features.
  But you'll need to be a little more specific; Are the two user forests using the same Lync environment through a forest trust(s) (resource or central forest topologies)? If they are, then you don't need to do anything with federation for these
  two forests to leverage enterprise voice between their users - it will just work. However if each user forest is using a separate Lync environment, then you will need to configure federation between the two and make use of Lync Edge servers.
  You can enable enterprise voice for users without an SBC or gateway, this component is used merely to connect your Lync platform to the PSTN. You may also use a direct SIP trunk to your mediation server as you have eluded to, although I never recommend this
  in production for security reasons (which I feel others will back me on), it is still a supported option.
  Let me know if I've interpreted this completely wrong.
  Kind regards
  Ben
  Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you've asked, please mark the thread as answered to aid others when they're looking for solutions to similar problems or queries.
  Lync | Skype | Blog: Gecko-Studio

• Windows Server 2008 R2 RRAS NAT Security Concerns

  Recently we are deploying Windows Server 2008 R2 as the NAT gateway of our private network. During the testing, we found that the RRAS was doing its job as the NAT gateway,
  however it seemed that hosts in the private network were allowed to access any listening port opened on the server side (2008 R2). In the normal scenario, the server side will have the process "wininit.exe" running and listening on the TCP port 49152.
  We confirmed that all hosts in the private network were be able to connect to TCP port 49152 opened on the server (connecting by using the NAT's public IP), which introduced lots of security concerns and made us nervous. Since the server is acting as a NAT,
  IP packets sent by hosts in the private network will be translated and forwarded as if it is generated by the NAT server itself. Thus, the windows firewall will not block the connection at all while dealing with "local" traffic, which actually is
  the traffic from the host in the private network.
  What we need is a mechanism that can block the hosts in the private network to access the TCP/UDP ports opened on the NAT server side. Since the NAT server has it IP on
  the public network assigned dynamically (DHCP), static IP filtering on the private NIC does not fit our needs (Or probably we may use some hidden but advanced filter settings?). Which policy or setting should be used in our case?

  Hi Daniel,
  I am aware of what you are suggesting. Actually I have active the windows firewall to protect the server.
  Suppose I have a network configuration as follows:
  Private Network: 192.168.149.0 / 255.255.255.0 (Private NIC on server side IP:192.168.149.1)
  --------------Windows 2008 R2 RRAS NAT--------------------
  Public Network: 10.1.0.0 / 255.255.255.0 (Public NIC on server side IP:10.1.0.100 )
  The problem is that while the windows firewall is effectively protecting my server by filtering inbound traffic from the public network, the windows firewall will not filter the traffic from
  192.168.149.0 /255.255.255.0  to  10.1.0.100 (NAT's public IP)
  The reason is that the TCP/UDP connection from the private network (192.168.149.0 / 255.255.255.0) to any other networks will be NATed. Suppose TCP connection from
  192.168.149.23:50000 -> 10.1.0.100:1023
  It will be translated by NAT and becomes
  192.168.149.23:50000 <-NAT-> 10.1.0.100:60100 -> 10.1.0.100:1023
  From the windows firewall's point of view, the connection is essentially a 'local' TCP connection and should be allowed regardless of any inbound filtering rules. So vulnerability is introduced. After some research, we are almost sure that the windows firewall
  does not filter local traffic. Also, we are not able to guarantee any firewalls on the client side to be installed, since the nature of a NAT server is to provide such network access ability to clients and should not require the client side to change its configuration.
  I do think it is a common security concern in lots of enterprise networks where Windows Servers are deployed as NAT servers. Would you mind help us address this issue and give us some advice about best-practices related?
  Thank you

• Flash security concerns, 16.0.0.296 is installed - but 16.0.0.287 is actual?

  Windows 7 -> Adobe - Flash Player: 16.0.0.296 is the installed version, but the list below (Platform, Browser, Player version) shows 16.0.0.287 as actual .... Should we "downgrade" ?
  Due the latest security concerns with flash, I had to rethink the whole story - maybe better just uninstall flash?
  rgds,
  Chris

  Hi Chris,
  Version 16.0.0.296 is the latest release available.  However, it's only being pushed out through our silent auto update and enterprise distribution channels.  We're hard at work making sure this is also available on https://get.adobe.com/flashplayer but that's going to take another day or two to complete.  Once it's out everywhere, we'll update our release notes and associated pages with the proper version number.
  Thanks,
  Chris

• Inter-AS L2VPN security concern

  hi all,
  i want to know what is the security concern when we have Inter-AS L2VPN between two Service Provider as the attached configuration (just one service provider side configuration for the ASBR & PE the other Service Provider is the same pointing to our service provider), and how we can mitigate the risk and what is the most secure option, we need to know the advantage and disadvantage.

  Hi Ahmad
  Looking at your configuration it seems the setup is as below
  CE1_ISP1---------xconnect---PE_ISP1-----ISP1MPLSBB----ASBR_ISP1-----IP_Link---ASBR_ISP2-----ISP2MPLSBB----PE_ISP2------xconnect---CE2_ISP1
  Is that correct ?
  In my personal opinion from Security Point of View already only the required loopbacks are being allowed which is good to do. And I believe the SNMP Traps and Remote Access to your ASBR would be a protected and limited access.
  Apart from these there might be some other standard security features which others can suggest to be taken care of but the above two should be surely taken care of as I think.
  Hope this helps you.
  Regards
  Varma

• Security concern?: WiFi & 3G

  Our corporation has decided for the time being to disallow iPads and iPhones onto the wireless network due to concerns that something can bridge from the wifi to the 3G or vice versa. Is this a legitimate security concern? Is there a way a wireless policy could be set to disallow 3G if you are within a particular WiFi area (set by the wifi routers) if there is a concern? Would be interested in hearing thoughts on this subject.

  Is this a legitimate security concern?
  No. They are wrong.
  Is there a way a wireless policy could be set to disallow 3G if you are within a particular WiFi area
  No

• Purchased Macbook Used, Security Concerns

  Hi.
  I purchased a macbook used just so I could have an alternate OS and Ubuntu is no longer a choice because of adobe dropping flash support.
  This macbook has I think 10.8.6 OS installed.
  Basically the person didn't restore it to factory settings, rather just setup a prompt for a new user which I filled out.
  Are there any security concerns I should be aware of?  I actually don't intend to do any shopping or anything like that, not even email.
  What happened the other day, was that my brother I think logged in to some game or something, and macbook found his phone.  That got me surprised a little bit, so I was kind of worried what might happen.
  Any thoughts?
  B.T.W. if I chose to reinstall why do I have to put in registration information, name, address, etc?

  Hi.
  I purchased a macbook used just so I could have an alternate OS and Ubuntu is no longer a choice because of adobe dropping flash support.
  This macbook has I think 10.8.6 OS installed.
  Basically the person didn't restore it to factory settings, rather just setup a prompt for a new user which I filled out.
  Are there any security concerns I should be aware of?  I actually don't intend to do any shopping or anything like that, not even email.
  What happened the other day, was that my brother I think logged in to some game or something, and macbook found his phone.  That got me surprised a little bit, so I was kind of worried what might happen.
  Any thoughts?
  B.T.W. if I chose to reinstall why do I have to put in registration information, name, address, etc?

• Am being prompted to enter security questions when making a purchase on my new IPad.  I don't believe I have ever setup security questions on my apple id.  How to I create new security questions?

  I am being prompted to enter security questions when making a purchase on my new IPad.  I don't believe I have ever setup security questions on my apple id.  I have tried logging into my apple id and have chosen the security and priviacy settings to set up security questions.  However I am prompted to enter answers to security questions and am told they don't match.  How to I create new security questions or reset them? 

  You need to ask Apple to reset your security questions; ways of contacting them include phoning AppleCare and asking for the Account Security team, clicking here and picking a method for your country, and filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (104011)

• The OMS is not set up for Enterprise Manager Security

  Hi, I'm trying to add an agent to grid control and its not connecting with the management server because i cant secure it...
  bash-2.05$ ../../bin/emctl secure agent <password>
  Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  Agent is already stopped... Done.
  Securing agent... Started.
  Requesting an HTTPS Upload URL from the OMS... Failed.
  The OMS is not set up for Enterprise Manager Security.
  i have tried this on two seperate servers, both do the exact same thing. However, on my repository server where the OMS is housed, i can secure the agent no problem. Does anyone know what the problem could be? My OMS is on a Linux (SuSE 10.2) 32-bit machine.
  heres the emdctl.trc on the agent machine:
  2007-07-11 11:00:20 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:00:21 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:00:21 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:00:22 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:00:22 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:05:10 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:05:10 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  2007-07-11 11:10:08 Thread-1 WARN http: snmehl_connect: connect failed to (cbldb3:3872): Connection refused (error = 239)
  2007-07-11 11:10:08 Thread-1 ERROR main: nmectla_agentctl: Error connecting to http://cbldb3:3872/emd/main/. Returning status code 1
  bash-2.05$ lsof | grep 3872
  bash-2.05$
  seems to be failing the connect but nothing is running on the port so i'm not sure why
  Thanks in advance
  Message was edited by:
  user581869

  some further information and hopefully someone can help me...
  I went to the OMS binary folder (fmc45712:$OMS_HOME/bin) and executed the following commands...
  $OMS_HOME/opmn/bin/opmnctl stopall
  $OMS_HOME/bin/emctl stop oms
  $OMS_HOME/bin/emctl secure oms
  $OMS_HOME/bin/emctl start oms
  $OMS_HOME/opmn/bin/opmnctl startall
  then i go to $AGENT_HOME on the OMS machine (fmc45712:$AGENT_HOME/bin) and execute..
  $AGENT_HOME/bin/emctl status agent -secure
  Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  Checking the security status of the Agent at location set in /opt/oracle/OracleHomes/agent10g/sysman/config/emd.properties... Done.
  Agent is secure at HTTPS Port 3872.
  Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
  OMS is secure on HTTPS Port 1159
  I then to go the server i deployed the agent on that i want to get communicating wtih my OMS...
  $AGENT_HOME/bin/emctl status agent -secure
  Oracle Enterprise Manager 10g Release 3 Grid Control 10.2.0.3.0.
  Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
  Checking the security status of the Agent at location set in /u101/em/agent10g/sysman/config/emd.properties... Done.
  Agent is unsecure at HTTP Port 3872.
  Checking the security status of the OMS at http://fmc45712:4889/em/upload/... Done.
  OMS is running but has not been secured. No HTTPS Port available.
  same command, different computer, but on the same network, and it just doesn't work. The OMS is on Linux x86 and the agent on the alternate computer is on HP-UX. If anyone has any help it'd be much appreciated.

• Get error while Integrating with Oracle's Enterprise User Security

  Hi,
  I am trying to create an Oracle Enterprise User integrating with OVD and MS Active Directory.
  I am following all the steps in Integrating with Oracle's Enterprise User Security.
  In the documentation section: "Configuring Oracle Virtual Directory for the Integration"
  I have applied the steps successfully until:
  Update and load the entries into the Local Store Adapters by performing the following steps:
  I have successfully extended the Oracle Virtual Directory schema with the loadOVD.ldif
  However I am getting errors in the next step: Update realmRoot.ldif to use your namespaces
  The next step states the following:
  Update realmRoot.ldif to use your namespaces, including the dn, dc, o, orclsubscriberfullname,
  and memberurl attributes in the file. If you have a DN mapping between Active Directory and
  Oracle Virtual Directory, use the DN that you see from Oracle Virtual Directory.
  The realmRoot.ldif file is located in ORACLE_VIRTUAL_DIRECTORY_HOME/eus,
  where ORACLE_VIRTUAL_DIRECTORY_HOME represents the location where Oracle Virtual Directory is installed.
  The realmRoot.ldif file contains core entries in the directory namespace that Enterprise User Security queries. The realmRoot.ldif file also contains the dynamic group that contains the registered Enterprise User Security databases to allow secured access to sensitive Enterprise User Security related attributes, like the user's Enterprise User Security hashed password attribute.
  Load your domain root information in the realmRoot.ldif file into Oracle Virtual Directory using the following command:
  ldapmodify -h Oracle_Virtual_Directory_Host –p OVD_Port -D cn=admin -w Admin_Password -v -a –f realmRoot.ldif
  When I run the ldapmodify command I get the following error:
  add dc:
  testldap
  add objectclass:
  top
  domain
  domainDNS
  adding new entry DC=testldap,DC=local
  ldap_add: Operations error
  ldap_add: additional info: LDAP Error 1 : null
  The actual realmRoot.ldif looks like this:
  # Please uncomment the following one line if you are importing this
  # LDIF file via OVD Manager or OVD Server's ldapmodify tool.
  #version: 1
  #dn: dc=com
  #dc: com
  #objectclass: domain
  dn: DC=testldap,DC=local
  changetype: add
  dc: testldap
  #o: subarashii
  objectclass: top
  objectclass: domain
  objectclass: domainDNS
  #objectclass: orclSubscriber
  #orclsubscriberfullname: subarashii
  #orclVersion: 90400
  # If your domain structure has more layers than dc=subarashii,dc=com,
  # for example, it's dc=us,dc=subarashii,dc=com, you will need to load
  # the following ldif entry/entries too.
  # Uncomment out the following, if required.
  #dn: dc=us,dc=subarashii,dc=com
  #orclversion: 90400
  #orclsubscriberfullname: us
  #objectclass: domain
  #objectclass: top
  #objectclass: orclSubscriber
  #dc: us
  # Adding EUSDBGroup entry
  # Modify the memberurl attribute and replace it with your own domain name
  #dn: cn=EUSDBGROUP,dc=subarashii,dc=com
  #cn: EUSDBGROUP
  #memberurl:ldap:///dc=subarashii,dc=com??sub?(&(objectclass=orclService)(objectclass=orclDBServer))
  #objectclass:groupofuniquenames
  #objectclass:groupofurls
  #objectclass:top

  Did you ever get your questions answered about the realmRoot.ldif file? Did you manage to configure a successful integration of OVD with EUS? I am battling with trying to get Oracle Virtual Directory integrated with Enterprise User Security, but every step I take in Chapter 7 of the OVD manual fails in some way, and the instructions are often vague. I am not sure how to modify the realmRoot.ldif file. Is there any improved documentation on this? I have logged a Service Request, but not getting any help. Any resources or documentation you know of that provides better guidance would be much appreciated. I am way behind my schedule now and this is a very frustrating exercise.
  Thanks.

• Completion Insight not working correctly when using Enterprise User Security (EUS) logon

  This is a pre existing issue we've experienced with SQL Developer, though I've only just worked out what is causing the issue it is present in previous versions of the tool, up to the current 4.0.EA2.
  We experience issues with the Completion Insight functionality of SQL Developer.
  When we log into a database using Enterprise User Security i,e authenticating against OID, the schema of the database account is prefixed to any reference to public synonyms, ie all user_%, all_%, dba_% and v$% views.
  When I change the authentication of the database account back to normal database authentication the schema prefix correctly isn't shown. It simply suggests the synonym name of the views.
  An example of this is as follows when attempting to query the DBA_TABLES view:
  The database account is ORADBA and has DBA privs.
  The EUS user that is mapped to the ORADBA schema is dbutler.
  The ORADBA user is configured to authenticate externally (against OID).
  I login with my dbutler directory credentials:
  If I start typing:
  select * from dba_tabl
  The object name is suggested as ORADBA.dba_tables
  If I change the authentication of the ORADBA account back to database authentication, the prefix is no longer present.
  i.e If I start typing:
  select * from dba_tabl
  The object name is suggested as dba_tables

  If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
  regards,
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                   

• Safari password auto fill security concern

  Just discovered what I consider to be a big security concern with iCloud Keychain. If you go into Settings, then Safari and your iCloud Keychain is under stored passwords and auto fill, the passwords are stored in plain text with no asterisk or anything. This means that all someone needs is your 4digit unlock code and they are then able to view all your stored passwords in Safari. They should at least require your iCloud Keychain password to view these, or just asterisk them out. If someone saw you enter your four digit unlock code, and then put your phone down, they could get this information without you even knowing it. This is not safe.

  The purpose of that section is so that you can see your passwords, there wouldn't be much point in replacing them with asterisks. They are password protected, just don't give others your password.

• Enterprise User Security and Password Policies

  Hi!
  I'm testing Enterprise User Security. Till now everything has gone ok, I can connect to my db using oid users.
  Now I'm configuring OID password policies for my realm but it seems that these are not applied when I connect through db. For example, I can try to logon with a wrong password as many time as I want, although in policies a limit of three is set.
  Is this correct?!

  If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
  regards,
  --Olaf