IPS Signature Updates with no Internet Access

Similar Messages

• Updating flash player on a computer with no internet access

  I need to update flash player on a computer with no internet access.  How can I select to have it downloaded to a flash drive?  The download process keeps adding it to the computer I am using, but that is not where the update is needed.  What am I doing wrong?

  Download the Adobe Flash Player installer directly by clicking one of the following links.
  Flash Player for ActiveX (Internet Explorer)
  Flash Player Plug-in (All other browsers)

• IPS Signature Update - CSM v3.3 SP1

  Hi,
  I am getting the following error message when deploying IPS signature updates to some of my sensors via the CSM deployment tool:
  "Failed to generate edit config delta  for host component. Detail: Error while processing the host component with DNS,access-list or http-proxy"
  The signature update actually deploys, but I am wondering what is causing this message.  I get this with some 4240, 4255 and IDSM-II blades, but not with others and I can't see any config variances.
  Does anyone have any ideas what is causing this message?  The access ACLs are the same for each sensor.
  Many thanks

  Hi Liam,
  As you mentioned you are using a shared policy, and the access ACLs for all sensors are the same, I assume that you may be using an "Allowed Hosts" shared policy.
  In that case, how did you create that policy ?
  Did you create the policy from the policy view page, or did you right click on the "Allowed Hosts" setting of a device in device view and select "share policy" ?
  If you did the first, you may be running into a known issue. You can read more about this on the bug toolkit:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg02063
  This is the workaround that should work for you in case you are indeed running into this issue:
  1. Rediscover or newly add any one IPS device running 7.x version
  2. Create entries for "Allowed Hosts" according to requirements.
  3. Right click on "Allowed Hosts", select "Share Policy..." and specify a name for shared policy.
  4. Assign this "Allowed Hosts" shared policy to one or more devices.
  5. Deployment should now be successful for "Allowed Hosts".

• IPS signature update

  i would like to get some idea for IOS IPS signature update.
  example currently the router fresh install using IOS-S416-CLI.pkg, IOS category ios_ips in advanced mode, with retired false.
  Just wonder what if next time download and loading with latest patch of the IOS-SXXX-CLI.pkg into the machine, what will effect on the current compiled signature?
  will it just loaded in incremental form?  (meaning is it the signature in latest patch will added as new enable signature), then what about the signature previously being modified and save one, any effect on it? (like re-write my previous save signature)
  with the new patch install, would it also effect on the router DRAM and flash size? (my router with 384 mb DRAM and 128mb flash)
  thanks

  Hi,
  When you compile a new signature package on a router that carries an existing signature database, the signature configuration in the new signature package will supersede the router's existing database's signature configuration. Thus, if you have made changes to the signature database on the your router, and you compile in an updated signature package that contradicts your changes, your changes will be overwritten!!, and will need to be re-created.
  You can avoid having to re-create your changes if you copy the "routername-sigdef-delta.xml" or "iosips-sigdef-delta.xmz" file to some other location on the router's local storage, and re-apply the original "routername-sigdef-delta.xml" or "iosips-sigdef-delta.xmz" to the updated signature database after you have compiled the updated signature package to the router's database.
  And don't forget, the basic signature category is appropriate for routers with less than 128 MB of flash memory, and the advanced signature category is appropriate for routers with more than 128 MB of flash memory.
  Hope this helps,
  Thank You,

• Change Flash Security Settings With No Internet Access?

  Hello
  I have firefox at home with no internet access, is it posible
  to alter my flash installation so it enables access to other
  content. it brings up a settings window but that just goes to a
  dead url.
  I have a a collage disk but it will not run untill I alter
  the settings of flash to allow acess to other site, other location?
  Please help?

  phil ashby wrote:
  > Glad it worked!
  >
  > Urami, I did some fairly extensive tests with this idea
  and it seemed to work
  > each time - although all our corporate machines have the
  same build. Even if
  > the directory didn't exist, if you created it and placed
  the SOL inside, it
  > words. In the end I never actually used it as I
  distributed the app as an exe
  > which doesn't have such draconian security requirements,
  also it obviously
  > overwrites the users original version, if present.
  I agree with you, I tried different SOL editor and it work
  when i tried.
  I believe what I used was more than SOL explorer/reader
  rather then editor
  even tho it has this option is seem the file stop working and
  hence the
  problem I was claiming about the files not work properly.
  Perhaps it was changing something and flash did not like
  these changes.
  Anyhow, I did try another tool and did manage to work.
  Thanks
  > Personally, I think it's a bit of a hole in the whole
  Flash security issue.
  Won't comment on that one :) Something just seem way
  unnecessary and silly...
  Best Regards
  Urami
  !!!!!!! Merry Christmas !!!!!!!
  Happy New Year
  <urami>
  If you want to mail me - DO NOT LAUGH AT MY ADDRESS
  </urami>

• Using Creative Cloud on a desktop in a rural area with no Internet access

  I have a Creative Cloud subscription for my home desktop. I will soon be participating in a photography workshop in a rural area with NO INTERNET ACCESS. I don't own a laptop and will be hauling my desktop to the place we're staying. I know the software is installed on the machine and I should be fine with using it without online access, correct? Am I also correct in thinking it won't be "seen" as being used on a second computer because while I use it on this trip I won't have Internet access and therefore no IP address?

  Hi there
  The only thing that might cause you trouble is if your workshop is over a month long. While using applications downloaded from Creative Cloud, internet access is required once a month for a routine license check. Here's a snipet from the Creative Cloud FAQ:
  http://www.adobe.com/products/creativecloud/faq.html
  Do I need ongoing Internet access to use my Creative Suite applications?
  Because your Creative Suite applications are installed directly on your computer, you will not need an ongoing Internet connection to use them on a daily basis. However, you will need to be online when you install and license your software, and at least once every 30 days thereafter. The software will alert you when you need to connect to the Internet for a license status check.
  A quick note: if the product is unable to verify your license at the 30 day mark, a 7-day grace period will begin. However, if you are not able to access internet within those 7 days, your applications will be blocked (Soucre: http://forums.adobe.com/message/4513667#4513667)
  Regarding your second question - as long as you are using the same device you already have your applications installed on, you'll still only have one device registered to your account.
  If you have any more questions, please don't hesitate to post here again.
  Cheers!

• I received a text today while at work about iCloud keychain verification code. I have not signed up for it or anything that uses it. I work out of the city with limited internet access so not sure why I would be getting this. Is my info safe??

  I received a text today while at work about iCloud keychain verification code. I have not signed up for it or anything that uses it. I work out of the city with limited internet access so not sure why I would be getting this. I only got this number about a month ago. Apparently someone else had the number before because I get texts from his family members wondering whats going on. I got one yesterday and the person didn't seem to thrilled that the number was cutoff and today I got 2 texts about iCloud Keychain which I don't even know what it is. Seems suspicious to me. If the person who use to own the number is doing it he should know it is not his number anymore because he obviously didn't pay his bills.  I'm not too sure about iCloud Keychain so just want to know my info safe?? It says it can store credit card numbers which is what gets me worried. Frankly I think it's pretty stupid to save that kind if information with any kind of app. But I don't want some random person trying to access my personal information because they are bitter they lost their number.  Please let me know as soon as possible so I can change passwords or anything that is needed.
  thanks

  If it were me, I would go to my carrier and get a new number. Since you have only had it for a month, the inconvenience would be minimal.
  Barry

• I recently bought an i phone 5, but in the home with wireless internet access, it si countinued when off, i do not know what reason.  but i go to apple store, the phone can working with Wi-Fi

  i recently bought an i phone 5, but in the home with wireless internet access , it is continued when off, sometimes can not working,
  i do not know what reason,  but i went to apple store, Ha, the phone can go to Wi - Fi and connected is good.

  but in the home with wireless internet access , it is continued when off, sometimes can not working,
  What does "it is continued when off" mean?
  And the same for "somtimes can not working"?

• A basic phone with no internet access.

  I need a phone for my son with no internet access whatsoever.  I have him set up on a plan that allows me to block data but if he has access to wifi he can still access the internet.  I am talking about non smartphones.  I am frustrated and disappointed that AT&T (or anyone else) does not offer a phone that is not wifi enabled.  Even a $9.99 tracfone gives web access!

  Thanks to both of you for your replies.  My son only needs a phone when he travels which is about 10 days out of the year so gophone is definitely the way to go.  I just found that you have to be very careful with the phone that you use.  Most phones today - even the $10-$15 flip phones - allow WiFi access.  You can block paid data use on the phone but if a phone allows for WiFi connectivity there is no way to block that access in public places where WiFi is free (i.e. airports).  I had to go with an older (used) phone to find one that did not have WiFi connectivity.  We had an old Pantech Laser laying around that worked. Then I had to have AT&T block the data to the phone.  FYI for gophones they cannot block this in the store you have to call in and do it over the phone.  This was not explained to me and so the first trip with the phone my son was accessing data.  I gave AT&T an earful as I had carefully explained I needed data blocked and was told it was done.  They credited me the data charges. I am not sure if the AT&T Z222 has WiFi capability or not.  In the specs it says it does but the salespeople at the AT&T store says it does not.  I had originally tried a $9.99 Tracfone from Walmart and was told that it did not have data access.  That information was incorrect.

• I want to install Flash on a computer with no internet access.  How do I do this?

  I want to install Flash on a computer with no internet access.  When I tried to download, I got a message that Flash is already installed.  Yes, it is, on my PC.  I want it on my laptop, too.  How do I accomplish this?

  Download the Adobe Flash Player offline FULL installer directly by right clicking one of the following links and selecting "Save target as" (IE), "Save Link As" (FIrefox) or "Download Linked File As" (Safari).
  Flash Player 12.0.0.44 for ActiveX (Internet Explorer)
  Flash Player 12.0.0.44 Plug-in (All other browsers)
  Flash Player 12.0.0.44 (Mac OS X)

• Adobe id with no internet access?

  I bought Photoshop Elements 12 (in a box) for a friend of mine. She installed it on a computer with no internet access and now the "creat adobe id or your program will quit working" dialog box keeps coming up. How can she keep her program working without an internet connection? I do not appreciate Adobe forcing people who buy physical product to register them online!

  She will have to connect the machine to the Internet at least once to activate and log-in with an Adobe ID. It does state on the box that an Internet connection is required to do this. If that is a real problem for her then, depending on where you bought it, you may be able to return it for a full refund.
  Cheers,
  Neale
  Insanity is hereditary, you get it from your children
  If this post or another user's post resolves the original issue, please mark the posts as correct and/or helpful accordingly. This helps other users with similar trouble get answers to their questions quicker. Thanks.

• IPS Signature update alerts

  Hello All,
  please can any provide the link to get the IPS signature update alerts.

  Actually, I've found the notifications through the standard notification service to be ... less than reliable - at least for IPS signature releases.
  I would suggest subscribing to the "IPS Threat Defense Bulletin", published by SIO:
  http://tools.cisco.com/gdrp/coiga/showsurvey.do?surveyCode=380&keyCode=123668_4
  It's worth noting that you might need to re-subscribe on a regular basis (slightly annoying).  I've found that they just stop showing up after 9 months or so ...

• Temporarily disable Digital Signature Checks to Install MS SQL Server 2008 with no Internet Access

  I am attempting to install a licensed copy of MS SQL Server 2008 in a Private Enclave that does NOT have Internet access on a Win2008 R2 SP1 server (that is VM - thus I can't reboot and press F8 to select "Disable Driver Signature Enforcement"
  ). The installation fails with an error of the vc_red.cab file being found either corrupt or a bad digital signature.  The file is good, but the signature has an expiration of 2011.   I understand that a DOTNET SDK v1.1 program called setreg.exe
  will enable disabling the digital signature check, but I am not permitted to use that program. 
  I might be permitted to use the "Signtool.exe" utility, but it is not clear what command sequences are necessary to disable and then re-enable the Digital Signature checks.
  I saw a thread that recommended using the command:
  bcdedit.exe /set nointegritychecks ON
  However, the comments indicated that this might not have worked.
  Are there Registry settings I can use with regedit to make the necessary changes to be able to install the application?  I anticipate running into this problem with other software when I do not have Internet connectivity.   I already tried
  downloading the Microsoft CRL files; updated the lists on the Server; and rebooted.  This did not solve my problem.  

  Hi,
  As far as I know, it is not recommended to disable digital signature check.
  Since we are not familair with installing MS SQL server, please also refer to SQL forums below to see if experts there have more insights regarding the matter.
  https://social.technet.microsoft.com/Forums/sqlserver/en-US/home
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• 2651XM IPS Signature Update?

  Hello,
  I have a 2651XM 256MB/32MB running 12.4(25) and I would like to update the IPS signature file.  I see that the last update for 256MB.sdf was from Aug 2008.  The latest IPS I found is IPS-sig-S518-req-E4.pkg from
  http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Intrusion+Prevention+System+%28IPS%29+Signature+Updates&mdfid=277801011&treeName=Security&mdfLevel=Model&url=null&modelName=Cisco+2651XM+Multiservice+Router&isPlatform=N&treeMdfId=268438162&modifmdfid=278279418&imname=Cisco+IDS+Access+Router+Network+Module&hybrid=Y&imst=Y
  I've tried the command
  ip ips sdf location flash:\\IPS-sig-S518-req-E4.pkg
  ip ips sdf location flash:IPS-sig-S518-req-E4.pkg
  but when I apply IPS to an interface and run 'show ip ips all' no signatures load and I get a message 'invalid token'.
  I also tried seeing if the latest SDM will help but nothing.
  My question is, what is it that I am doing wrong or missing?  Is my router too old to be able to get the latest signature files?
  Any advice or guidance to the right direction is much appreciated.
  Thanks

  You have a version of IOS that includes the older version of the IOS IPS feature (referred to as v4).  This release only supports signature updates using the SDF formatted files.  These files are no longer updated.
  The signature update file you found (ending in .pkg) is the signature update package supported by Cisco's IPS appliances and is not compatible with the IOS IPS feature set.
  The current IOS IPS feature (referred to as v5) also makes use of .pkg files.  You will need to upgrade the IOS of your 2651 to a release in the T train such as 12.4(24)T2 to obtain the latest IOS IPS feature release.
  You can find out more about the IOS IPS feature set here:
  http://www.cisco.com/go/iosips
    For starting with IOS IPS v5:
  http://www.cisco.com/en/US/products/ps6634/products_tech_note09186a008097db66.shtml
  Scott

• WSUS For Clients With No Internet Access

  This is more of a functional question than an issue.
  Right now I have WSUS set to 'Store update files locally' and it works great.  With an ever expanding number and size of updates, I don't have space to keep storing the necessary updates on my WSUS server.
  If I set WSUS to 'Do not store update files locally', will my clients without internet access still be able to get updates?  Many of my devices are behind firewalls that do not permit access to the internet in any form.  I'm trying to avoid adding
  storage if at all possible.
  Thanks,
  Brian

  Correct, if you set WSUS to 'do not store update files locally', then your clients without internet access will not be able to access Microsoft Update to download the files without you creating a firewall exception. Which sounds like an awkward way to do
  it.
  (1) Are you on top of your regular maintenance with WSUS, ie, declining superseded updates, running Server Cleanup Wizard in the recommended order?
  (2) Are you confident that the classification of updates being downloaded is appropriate and nothing un-needed (e.g drivers/absent OS) are being downloaded?  Have you chosen to download the space-hogging express installation files?
  (1) and (2) would be generally better practise then 'do not store updates locally', but if bandwidth is cheap or irrelevant for you, then perhaps you might be tempted to not store updates locally. In your situation where you have a reason to deny clients
  internet access, it would seem like a lot of paperwork, and technical expertise, to only allow them internet access for updates.  (plus, I'm not sure it's possible, just presume it would be)
  What are your numbers?  (size of WSUSContent, WSUSDatabase, space on drives?)