Justify Security on a point to point circuit

Similar Messages

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• RE: How to secure an access point signal.

  Hi everyone,
  I have difficulty making my access point wireless signal secure. My network setup is simple, Modem to Router to Homeplug 1st floor, (secure wireless signal),
  2nd floor (secure signal). Problem when comes to 3rd floor, signal too weak, so I place Homeplug to Access Point. (wireless works well but not secured).
  Tried calling D-link support but was told that I need to fix static IP address before things can work. What the **** is that? Was told many technical issue about sub-net different, etc. Lastly the setup disc don't work with a Mac. (HaHa).
  Thank you all in advance for the solution.

  How are you going to connect them?  cat5 or coax?
  cat5 instructions:
  Can I use my wireless or an extra router along with the Verizon provided router?
  coax instructions:
  Can I get an ethernet connection in a room with only coax?

• Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks

  I recieved this Cisco Advisory e-mail today. I have 1200 access points that I upgraded yesterday to 12.3(7)JA2, in which this problem was corrected. In the advisory it states to upgrade to this software release and to make a configuration change on each radio interface. I made this change on Dot11Radio0 interface and it took. I have 2 more interfaces ( Dot11Radio0.2 and Dot11Radio0.75) in which I get an error when I try to make this configuration change. I don't quite understand these interfaces, so I would like to know if I really need to make this change on the other 2 interfaces or is making the change on the 1st one enough. Any information is certainly appreciated. Thanks, Laurie Coles

  Since you have subinterfaces configured, you are apparently using
  VLANs on your APs. The ARP table is only relevant for the VLAN
  with the management IF, that is the native VLAN.
  For all other VLANs it's simply bridging, therefore no ARP table,
  and therefore this vulnerability doesn't apply here.
  So your only concern should be the native VLAN, and unless you
  need wireless access for managing your APs the best way for
  securing this would be to not configure a SSID for this VLAN.
  Then the only access to the AP would be over the Ethernet-IF.
  The security advisory is more important for APs configured
  without VLANs where wireless clients and the management IF
  of the AP are in the same (W)LAN.

• WRT300N Secure (WEP) Access Point detected as unsecured - can't connect

  |I'm using WRT300N (firmware version 1.03.6) router as my wireless network.  It's encrypted (WEP). Couple of of wireless computers (WIndows 2000 & WIndows XP,Sp2, using G adapters) can detect this wireless network correctly and connect to it. However, couple of my computers with Windows XP, SP2 media center 2002 are unable to detect the network correctly.  They detect the correct SSID network but always show it as "unsecured wireless network" whereas it is setup as Encrypted secured network (WEP).  So I can never connect to the network. When I power down my router, these computers then do not see the network, and when I repower the router, the network is detected again but not correctly as I mentioned above.
  The connection setup is identical for the computers which connect correctly. I've reset the Router/modem, restarted the computers, redone the router setup again but no success. 
  Any help will be greatly appreciated.
  Thanks & Regards,
  Irfan R

  First of all, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
  Also, in the computer, go to your wireless software, and go to "Preferred Networks" (sometimes called "Profiles" ). There are probably a few networks listed. Delete any network named "linksys". Also delete any network that you do not recognize, or that you no longer use.  Also, delete your current network (this will clear any old settings).  Reboot computer.  Return to "Preferred Networks".  Re-enter the info (SSID, encryption (if any), and key (if any) )  for your current network. Then select your current network and make it your default network, and set it to automatic login. You may need to go to "settings" to do this, or you may need to right click on your network and select "Properties" or "settings".  Reboot computer.  You should connect automatically to your network.
  If you still have trouble connecting, in the computer, temporarily turn off your software firewall, including Windows Firewall, and see if that helps.
  Hope this helps.
  Message Edited by toomanydonuts on 12-03-2007 11:57 PM

• Point-to-point Vs 1-to-n scenario  using XI- Architecture qtn

  Hi All,
  If we want to avoid p-p interfaces using XI, do we keep secnario like
  If we have e sources, reciving similar info, but with different cannonical, and going to target(SAP) as one IDOC.
  Receiver determination ?
  1. S1-XI(XI As bsuiness system), S2- XI(XI As bsuiness system), S3-XI(XI As bsuiness system) and then XI-SAP(IDOC) ?
  or
  2. S1-SAP, S2-SAP, S3-SAP ? if this is the case, how do u justify it is not point-point
  3. S1-BPM,S2-BPM, s3-BPM, and thenBPM-SAP is possible, but want to avoid BPM ?
  Thanks

  Hi,
  I understand xi reduces TCO, but technically if u look at if u have want to reduce no of sources to go thru xi to finally one interface to SAP
  S1-XI, S2-XI, s3-XI ( these three similar cannonical with slight change)
  XI-SAP ( above 3 fit into one type of idoc interface)
  to avoid p-p, which one correct way of doing and is good fit ?
  1. S1-XI(business service XI)
  S2-XI(business service XI)
  S3-XI(business service XI)
  and then one interface XI-SAP
  OR
  2. S1-SAP (via XI, here receiver determination is taking sender source S1 to SAP  )
  S2-SAP (via XI, here receiver determination is taking sender source S2 to SAP  )
  S3-SAP (via XI, here receiver determination is taking sender source S3 to SAP  )
  2nd scenarion, it is still kind of Point-point ?
  OR
  3. S1-BPM
  S2-BPM
  S3-BPM
  and then one interface BPM-SAP
  which one is correct way of doing and why?

• RV082 DMZ Configuration Question - Point to Point

  Hello,
  We have 2 offices in different countries both using the RV082 router.  Currently both offices have an internet connection on WAN1 and that is working fine.
  We are adding a Point to Point circuit between the two offices, and my question is on the RV082 configuration on each side.
  I was going to configure WAN2 in DMZ mode on each router, then connect the point to point circuit to the WAN2 port.  On the China side, the DMZ IP will have to be a private address (192.168.177.1), while the DMZ port on the San Diego side will be a public IP. 
  We need internal computers to be able to go to the internet normally through WAN1, but also go through WAN2 if they are trying to reach the other network.  I will be adding routes on each RV082 for this.
  Is there anything wrong with this configuration?  Do I need to change the routers from Gateway to Router mode?  Does it matter if the DMZ WAN2 port has a private IP address?
  Any advice or tips are greatly appreciated!
  Thank you in advance,
  Eric

  Thanks Tom but that thread is not exactly what I was looking for.  Mainly I just want to know if the RV082 can act as a fully functioning router with the two WAN ports going to different networks.  So the LAN side would hit the router, look at the routing table and know which WAN port to go out of.  Using the DMZ seems like it will work, but I have never tried it so I wanted to throw it out there and see if anyone has done this before.

• MPLS vs Point-to-Point over Citrix Performance Difference

  We run Citrix at our remote locations. We have two circuits at each location. One is a point to point for backup and the other is an MPLS circuit that is our primary. Both circuits are T-1 speeds.
  We have all thin clients at our remote locations. When communication goes through the point to point circuit it utilizes much more bandwidth. Maybe 1.2 Mbps on average but when we communication through the MPLS circuit only 800 Kbps of bandwith is actually being used.
  Can anyone explain this? I was thinking that maybe MPLS does a faster job of switching the packets across the WAN and that the Citrix does not need to use as much bandwidth because of this. This analyis was completed across all of our sites and in each case Citrix uses more bandwidth on a point-to-point vs an MPLS circuit. I have not had any users complain when accessing either ciruits.
  What do you think is causing this?

  Hi,
  I fully agree with Swaroop. Being an instructor teaching many MPLS classes I was frequently confronted with the opinion MPLS is "faster" as it is "switching". This is not true and I always countered this - provocantly - stating that MPLS is reducing throughput, so it is slower! What I mean writing this: given a certain topology for IP forwarding and turning on MPLS on it will increase the overhead (additional overhead by adding labels) and thus reduce end to end IP throughput. The lookup is done by the same algorithm (CEF) at wire speeds for IPv4 and labeled packets - there is no speed gain for either technology.
  Do not get me wrong, this does not mean MPLS is "bad" and in fact the difference between pure IPv4 forwarding and MPLS forwarding is marginal and most likely irrelevant for any real environment. The advantages of MPLS are plenty and thus a marginal throughput difference is not the most important thing to consider.
  I guess the idea of "switching is faster than routing" stems from the fact that there were times, when IPv4 forwarding ("routing") was done in CPU, thus was slow, whereas L2 forwarding ("switching") was done in hardware and thus was faster. It dates back to those days where we used AGS+ (an old router, which is EOS, EOL and most likely even EOeBay ;-) and f.e. Cat5000.
  Now coming back to the observed behaviour in the original post there might be some reasons to explain it:
  1) different L2 overhead as pointed out by Swaroop, especially as I would assume rather small average packetsizes.
  2) Additional traffic on the P2P link not sent through the MPLS cloud - check your routing, if it is exactly the same for both links.
  3) Measurement artefacts - as Swaroop pointed out. Is the load interval the same for both interfaces? I would rather use a packet analyzer than only go for a "show interface" to get precise values.
  Hope this helps!
  Regards, Martin

• How seriously do we take this point system?

  Seriously, do points matter? Do you want them? Why if so, why, if not? Are points any good? Do points make you feel more secure? Are points pointed and sharp or are they blunt and blunted? Do points encourage you to answer questions or do they discourage you?
  Points are not a line... but connecting two pints makes a line... So do points awarded in an answer draw aline and stop all further discussion?
  I've been following threads in DW General and AI General. I notice that threads, by and large, stop far sooner than they would have. I put that down to the lack of participants for various reasons and the 'Correct' answer flag. So much knowledge and information is not being shared.
  True, a lot of the posts came from the NNTP side... but a lot also came from the web side... these forums are killing all spontaniety.
  However, the killers are:
  1/ Lack of NNTP
  2/ Points
  3/ Correct answers

  Thanks Jacob - that's my friend Patty - how odd that she was able to give 3 lots of 'helpful answer' stars instead of two. I don't see the 'punishment' angle though.
  Hi I'm Kath's friend Patty and now I'm feeling bad. I came to the forums to ask questions of the experienced people and I received incredible help that I was so grateful for. Now I see my thread referenced from Jacob like I did something wrong. I didn't mark correct answer because Jacob led me to believe that capitalization is an area that is ambiguous so there is more than one correct answer. So obviously I didn't do something right. I marked every response as helpful because it was (except for Ramon's response that wasn't directed at me).
  Geeze, if a person asking for help needs to understand the point system, somebody better make it clear to us. I didn't even know I was the one that was supposed to check the helpful or correct answer box until Kath told me that. On another thread when I marked correct, thinking that I could choose helpful or correct as many times as it was responded to, the thread showed as "Answered" and I didn't think that was good. Because if my question shows "Answered" why would anyone waste their time giving their input.
  Jacob you helped me tremendously and I feel bad that I don't understand the point system enough to give you the proper praise and gratitude that I feel. And I learned early on back in the "good old days" of the Adobe forums that there isn't really one "correct answer" there are many ways to accomplish a task.
  Patty

• Error while confgiuring Siebel Bi Publisher Security Model..

  Hi,
  Steps Done
  1)     Imported the BIPSiebelSecurityWS.XML
  2)     Replaced Existing address with the specific address of the Siebel Server
  3)     Enabled Local Super user checkbox, entered a Super user name and password
  4)     Configured the Siebel Security Model by pointing the Siebel Web Service end point with Siebel Username/Pwd
  5)     Restarted the Bipublisher
  6)     When I try to login to Bi Publisher with Siebel Credentials I am getting the error
  The server cannot be used due to configuration error, please contact admin..
  Please let us know the necessary steps ..

  Login using the credentilas used for super user. Siebel user do not work here, it will only fetch the responsibilities here as a roles for that super user.
  Thanks,
  Ravi kanth

• PI/XI Security.

  Hi there ,  as a security administrator , what are the ways in which you define security in PI/XI . Also , when defining roles do you generally go for SAP standard roles in ABAP/Java stacks. How do you go about it. If anyone who has implemented XI security , could you please contribute . Thanks in advance.
  -Priya

  >
  JAI wrote:
  > This might help.
  >
  > Security
  That link points to this forum. I assume that you were viewing a specific thread but used the URL address bar (which is different most of the time). Rather right-click the "Thread" and copy that (via the properties or as a shortcut to the clipboard.
  On the other-hand, perhaps you were suggesting searching? I am not aware of any such thread here which provide a "cook-book" for PI security, but some articles and blogs and security guides on service.sap.com will have some information in them.
  @ Priya: In the meanwhile, if you ask specific questions, then chances are good that they can be answered specifically.
  Cheers,
  Julius

• Best Settings for making a Secure, Reliable Disk Image?

  Hi guys!
  Can anybody direct me to the best settings that can be used to make a secure Disk image using the MacOS X disc utility?
  I wish to make my computer family friendly, yet keep my proffessional and private files secure/private and innaccesible to children and unautorized individuals. I have heard that files saved inside encrypted images (password protected) are also not indexed in the finder wich is perfect for the privacy I seek (this is true right?).
  I know how to access the tools, but the right settings for making a trustworthy image remain elusive. Already tried with some of the formats and information placed inside...started becoming glitchy and unreliable, even after removing the files and making them unencrypted again.I'm abaout to try with the HFS+ format.
  I cannot lose the files I wish to protect. But I need to secure them and if anything, be capable of backing up the image by copying it into a HFS+ formated external hard drive every once in a while. Can this be done?
  Is there a risk of data loss in the encryption process? One of my external drives (FAT 32) even started to make unrelated neighboring folders "disappear" after making an image inside ( I though I could make an image anywhere and save stuff securely at that point...but nearly losing the entire cashe of info made me backtrack and simply avoid the process until i'm sure of what I'm setting up---so many compatibility problems!)
  • Don't know what settings to use.
  • Some say there is a small chance of a disk image being damaged or corrupted (for no reason whatsoever)...but having trouble right off the bat, with a brand new image worries me. WHAT ARE THE RISKS? Is the system unrefined and unrealiable?
  I plan to make the Image a sparse file,using the HMS+ format, 400GB....regular encryption. I plan to copy all my sensitive stuff inside and delete unprotected copies. Risky? Are images unreliable in general? or where my glitches abnormalities?---Can the images hold collections of files or do they become more unrealiable the bigger they get (what I fear). I don't wan't to have to make dozens of images to protect my files.
  Can a external drive be formated to HMS+ and accept  a drag and dropped copy of a 400GB image? FAT32 will just not accept it. Would there be risk of the image being damaged in the transfer? NOTE that copying the data into an external drive would be to have a secure backup of the data. If I can't trust the backup to be carbon copy intact...it isn't a backup.
  Securing files is really proving to be bothersome, despite having "refined" tools at my disposal.
  Thanks for your help!

  Do you place your backups on external disks? Are your external disks formatted HFS+?
  Can HFS+ Disk image be Drag dropped into a HFS+ formatted external disk in order to copy them? or is the process blocked like what happens to large Disk images in FAT 32?
  I'm trying to lock on to the right format to apply to everything. My steps will be:
  Make the image: So far a sparse image in HFS+ format, 400 GB, No partition map.
  Drag sensitive work to Disk image. Once transfer in complete delete originals.
  Format an external disk into the journaled HFS+ format. Drag drop Secure disk image to back it up.
  Do you see any problems with this process? Anything i'm missing?

• Security/session questions

  Hi,
  I have some security/session questions for you guys.
  My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
  Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
  Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
  Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
  Hope someone got the time to help me out.

  I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
  Following are the main changes in my application: (Introducing spring security)
  Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
  The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
  On the server:
  web-xml:
  <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>
              /WEB-INF/config/web-application-config.xml
              /WEB-INF/config/web-application-security.xml
          </param-value>
      </context-param>
      <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
      <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      </listener>
      <servlet>
          <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <init-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>/WEB-INF/config/flex-application-config.xml</param-value>
          </init-param>
          <load-on-startup>1</load-on-startup>
      </servlet>
  flex-application-context:
  <flex:message-broker>
          <flex:secured/>
      </flex:message-broker>
  web-application-context:
  I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
  <bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
          <security:custom-authentication-provider/>  
  </bean>
  web-application-security:
  <http entry-point-ref="preAuthenticatedEntryPoint" />
      <beans:bean id="preAuthenticatedEntryPoint"
          class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
      <!-- Securing the service layer -->
      <global-method-security>
          <protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
      </global-method-security>
  On the client:
  private function login():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken;
      token = cs.login(username, password);
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
  private function logout():void {
      var cs:ChannelSet =  ServerConfig.getChannelSet(loginRemoteObject.destination);
      var token:AsyncToken = cs.logout();
    // Add result and fault handlers.
    token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler));

• Add Security API to ess~cat project

  Hi All,
  I am trying to add the com.sap.security.api.jar to the esscatsap.com project (ESS - Working Time). I can add the file using "Add External Jars..." in project properties->java build path->libraries, but when I rebuild the project the jar file is lost and so I am unable to deploy with the security jar. Has anyone run into a similar issue? Any ideas?
  Thanks,
  -Kevin

  you have to add jar file like this
  DC meta data-used dcs(right click)-add DC-seelct track-select sc(SAP_JEE) there you will find the com.sap.api.security.sda
  reward points if helpful

• New iPad prompted with "Security Questions" on App Store. Need Reset but can't Reset, actually ...

  Just bought the new iPad. When trying to purchase from the App Store I get a message asking me to answer the "Security Questions" that follows, since it is the first time I am buying apps from the new device. Well, I forgot all my security answers. Then, when I go to the "manage your account" section on the "My Apple ID" page and select "Password and Security" (as explained in the Apple ID FAQ section at their support site), I am prompted with another "Please answer your security questions" check point before I can proceed. Well, like I said, I forgot all my security answers ... See, now I am caught in an endless loop and spent already 2 hours searching for a phone number or email support address at the Apple page, and could find none for that matter. I am stuck with 20 USD worth of credit in my Apple ID and cannot use it!!!
  Thus, I would like to know how may I "RESET" my security questions so that I may continue using my Apple ID?
  Kind regards to you all,
  Thanks for the patience,

  This should help you.......but I am with Ralph on this......How do you choose questions and answers only you should know and then not remember either?  Next time write the questions and answers down somewhere, then store them in a safe place for future reference.  I keep all my passwords and security questions/answers in a safe location in case of a situation like this:
  Go to:
  https://appleid.apple.com/
  Click Manage My Account, and sign in.  Go to the Password and Security section. If you've forgotten your answers, there will be a link just under the security questions fields where you can have a reset email sent to your Rescue email address.  You had to give Apple a Rescue email address when you created your security questions and answers.  You should keep that handy as well.