List of Rules vs Severity and Vulnerability Scanning

Similar Messages

• MARS 6.1 and vulnerability scans

  Hey guys,
  I'm looking at getting the MARS 55 k9 6.1 and was wondering about the vulnerability scan tools in MARS.
  1. Are there any?
  2. What are they?
  3. What are the scheduling options?
  If MARS 6.1 doesn't have anything native can it work with something else?
  Thanks,
  Brent

  The following three security suites are supported in MARS:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp75289
  MARS has a built-in Nessus scanner, but its only meant for internal use (reducing false alarms by having more meaningful information about the attacker/victim like OS/services etc.) You cannot invoke this scanner yourself.
  Regards
  Farrukh

• Configuring NetFlow and Dynamic Vulnerability Scanning

  Hi All,
  Configuring of NetFlow and Vulnerability Scanning are done.Where and how to check the netflow and Vulnerabilty scanning?
  Thanks.

  After enabling network scanning, you can view individual scan reports from Device Management > Clean Access > Network Scanner > Reports. The report shown here is the full administrator report (Figure 13-13). The report shown to end users contains only the vulnerability results for the enabled plugins. (Users can access their version of the scan report by clicking the Scan Report link in their Logout page.)
  for more information follow up on this link:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_netsca.html#wp1050604

• MARS and Qualys vulnerability scanning integration

  What does adding Qualys vulnerability scan data to MARS allow MARS, help MARS to do?
  Does it help MARS identify an alert as a false positive in the context of a host which Qualys says isn't vulnerable OR does it do something else like when the Qualys data is retrieved simply listing each vulnerability as an incident?

  My understanding was the Qualys would inform MARS if a system was really vulnerable or not based on it's (the qualys box) information of the situation.
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgVulAs.html
  Erric

• Is it recommend to have a vulnerability scan for Cisco ASA device.

  Dear everyone. 
  I have a doubt on vulnerability scan for Cisco ASA device. Currently we have a vulnerability for network devices include firewall. But after run the vulnerability scan for cisco ASA, found nothing show in the scan report. 
  Is it recommend to have a vulnerability scan for Cisco ASA and will it be defeat the purpose of firewall?

  Do I understand are you asking can you configure the ASA to allow an external user run a scan against the internal network?
  If so, the answer is generally no. The ASA will, by default, not allow any inbound connections (or attempted connections) that are not explicitly allowed in an inbound access-list (applied to the outside interface). In most cases there would also need to be network address translation (NAT) rules configured.
  If you had a remote access VPN, you could allow the external scanner to log in via that, Then they would then have the necessary access to scan the internal systems (assuming the VPN granted access to all the internal networks)

• Audition MIDI tracks and VST scanning not working - what to do?

  Hi -
  I'm running Audition 3.0.1 as an audio only application very successfully for some time on my Dell Inspiron 1525 (Vista Service Pack 1, all updates applied; 4GB RAM).
  However, I'm now trying to use it as a MIDI multitrack sequencer and am encountering severe problems. I'd be grateful for any insights on how to solve them:
  1. On adding a MIDI track, Audition takes several minutes to add the track.
  2. On asking Audition to scan for VSTi's, it scans for some minutes, and then crashes. I own a few Arturia Virtual Synth plugins and have added one freeware VSTi dll to the Audition plugins VSTi folder.
  I suspect the delay in adding MIDI tracks is related to an initial and lengthy scan of some kind also. I notice (before I rescan for my extra VSTi's) that Audition's three internal plugins are listed and enabled twice in the plugin scan list.
  Overall, I'm very disappointed by Audition's MIDI implementation. It feels like a 'hack' that may never actually work. By comparison, as a pure Audio environment Audition is just incredible; and I would have expected the same robustness from its MIDI engine. Alas repeated attempts to get it to work have failed.
  Apart from pointers on how to solve these issues (if possible) I'd be very grateful for any experienced insght into whether using Audition's MIDI multitrack capabilities with Plugins and external synths is realistic - am I expecting too much for this to ever work?
  Thanks for your time and attention given to my issue.
  Kevin.

  I suppose this answer is aimed at BOTH your posts re Audition MIDI implementation etc.
  First Audition MIDI does work, albeit at a "basic" level.  Yes, it always does seem to take a long time for a MIDI track to open in Multitrack view.  Not sure why, but I suppose it's something I've come to expect as "the norm".
  Second, the problem with AA crashing when scanning your VSTis is almost certainly caused by one or more of those VSTis being slightly "outside" the strict VSTi specification as laid down by Steinberg.  The same is true of certain VSTs as well.  It appears, and you will find other posts on here and on the AudioMasters forum confirming this, that AA expects full adherence to the letter of the specification.
  To help resolve which of your VSTis is causing the crach, the only "tried and tested" method is to remove ALL the .dll files from their current location (cut and paste them to another folder) then return them to your designated VSTi folder, one at a time.  Ensure you allow AA to scan that folder afresh after each separate .dll is moved back; almost certainly at least one of them will cause AA to crash and you will know which one(s) are not compatible with AA.
  In your other post you ask whether AA can work with external MIDI synths/modules, as well as VSTis, and again I would have to say that yes, it does.  However, again you have to be sure that each new hardware/software item you are adding to AA will actually work successfully and not cause AA to crash.
  In my case I have a total of five external keyboards/synthesizer modules operating successfully with AA, together with a number of VSTis (including EMU Proteus VXR and 4Front Technologies TruePianos, to name but two that I use regularly).  As I think may be suggested by the above, I do have an external USB 4-in 4-out MIDI interface to allow me to use any or all of those external units together.
  HTH.
  Jeff

• Repeated ASA 5510 failed vulnerability scan (OpenSSL error)

  We are getting vulnerability scanned by a PCI company and keep getting failures that state "OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG".  I've opened two TAC cases and TAC said that this vulnerability was addressed several versions back (we're currently running version 8.2.2 on our 5510 ASA).  TAC made several small changes to attempt to address this issue but we keep failing with the same message.  Has anyone ever failed their scan with this error and if so, what did you do to address this error?
  Here is the detailed error:
  OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
  Ciphersuite Change Issue
  Synopsis :
  The remote host allows resuming SSL sessions.
  Description :
  The version of OpenSSL on the remote host has been shown to allow
  resuming session with a different cipher than was used when the
  session was initiated. This means that an attacker that sees (e.g.
  by sniffing) the start of an SSL connection can manipulate the OpenSSL
  session cache to cause subsequent resumes of that session to use a
  cipher chosen by the attacker.
  See also :
  http://openssl.org/news/secadv_20101202.txt
  Solution :
  Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later.
  Risk factor :
  Medium / CVSS Base Score : 4.3
  (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
  Plugin output :
  Session ID :
  4e4c1b0b13d5e48b5421479419da1c95f8ca01da3f83eed7494f2d254389c9ec
  Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
  Resumed Cipher : TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
  CVE : CVE-2010-4180
  BID : 45164
  Other references : OSVDB:69565
  Thanks,
  John

  Hi John,
  The Cisco bug ID filed to track this vulnerability is CSCtk61443. You can read the details here:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtk61443
  The vulnerability will be fixed in an upcoming release of 8.2.4.8. Please open up a TAC case to request this image for your ASA.
  Hope that helps.
  -Mike

• Ports (vulnerability scan)

  I ran a vulnerability scan on a 2960 switch and some "ports" (I don't even know if this is the right way to call them) showed being open or that needed to be reviewed. I really need to know what they are and if I need to keep them or need to get rid of them. How do you disable "ports" (I am not talking about the actual ports on the switch ex. gig1/0/1) on a cisco switch? The ports are 4786 tcp, 67 udp, 161 udp, 162 udp, 1975 udp, 2228 udp, and 49688 udp.

  udp/67 is bootp (used by DHCP). The switch listens on that port if it is either a DHCP server itself or is setup to provide "ip helper" service which is used to translate local segment end users broadcasts to a unicast packet which is then forwarded to your DHCP server elsewhere.
  udp 161 and 162 are used by SNMP. Best practice has SNMP restricted to SNMP v3 (with authentication and privacy or encryption) and an access-list applied to define your permitted SNMP servers.
  The high numbered ports are usually a sign that the device (or a user session on it) is logged into something remotely and that's the random port is selected from the >1024 range (sometimes known as "ephemeral" ports since they come and go somewhat at random) to use as its source port. As long as the session is open, the devices will be "listening" on that port for replies.
  Good link for port number reference.

• Questions on Rules-Based ATP and Purchase Requisitions for STOs

  Hello experts,
  We are working on rules-based ATP configuration and have several questions about the functionality.  Iu2019m hoping that some of you are using this functionality and can help give us direction.
  In our environment we have multiple distribution centers and multiple manufacturing plants.  We want to confirm sales orders against stock and production orders in any of those plants, depending on the locations that have stock or planned production.  For example, we will place a sales order against plant A.  If there is not enough stock in plant A then rules-based ATP will use location determination to check in plant B, then C.  The scope of check on the ATP check will include stock and released production orders.  We will configure plant A as the u201Cconsolidation locationu201D so if stock is found in plants B or C then stock transport orders will automatically be created to move the stock to plant A before shipping to the customer.
  We have configured rules-based ATP and this functionality is working well in our Development system.  The ATP check is executed and uses the rules-based ATP to find eligible stock in other plants.  The system is also creating purchase requisitions to move the stock to the consolidation plant. 
  Our first concern is that there doesnu2019t appear to be any firm linkage between the sales order and the resulting purchase requisition.  For example, if we create sales order 123 for plant A and the rules-based ATP finds stock in plant B it automatically creates a purchase requisition 987 to move the stock from plant B to plant A.  However, there doesnu2019t appear to be a linkage between sales order 123 and purchase requisition 987.  For instance, if we delete sales order 123 the purchase requisition doesnu2019t get deleted. 
  Our second concern is that the quantity on the purchase requisition can still be confirmed against later sales orders.  For example, say the above scenario resulted in a purchase requisition 987 that consumed all the stock available in plant B.  We then create a second sales order 456 for the same product.  Plant A is out of stock so the rules-based ATP looks in plant B.  We would expect that plant B would also not have any stock because itu2019s all been consumed by the purchase requisition.  Instead, the system creates a second purchase requisition to move quantity from plant B to plant A.  Itu2019s as if the system doesnu2019t realize that the purchase requisition 987 is already planning to move stock out of plant B.
  Does anyone have any thoughts or suggestions on these two scenarios?  Is there a way to configure the system so there is a hard linkage between the sales order and the purchase requisition so that if the sales order is deleted then the purchase requisition is also deleted?  Should ATP realize that purchase orders are consuming inventory and not allow later sales orders to confirm against that same inventory?  Any advice or experience would be greatly appreciated.
  Thanks,
  David Eady
  Application Delivery Team Lead
  Propex, Inc.

  Hi,
  The scheduling is done in SCM, and from there, whenever the RBA is triggered, the calculation is done always with the old route in SCM. Until you get back to R/3 this is when your route is determined. But the ATP check is always with the original route. So the idea would be that you change the values of the route while still in APO, this is possible via the user exit. Should be done in scheduling in APO.  
  Hope this information is helpful.
  Regards,
  Tibor

• New Value addition in Restricted List under Rules not getting reflected

  Hi,
  I have created a custom rule for a custom profile. In the rule i have configured a metadata named as Reviewer. Under restricted values of reviewer i have put in 2 values.
  It is getting reflected properly in the profile check in form.
  But now when i add a new value, it is not getting reflected. Is restart required to get that field populated with new value ?. I have already published the schema base and static files.
  Please suggest.
  Regards,
  Boopathy P

  In your metadata field definition, your field is defined as having an option list. Does the value you just added to the restricted list also exist in the overall list of values for the field?
  For example, your list has values "a", "b", and "c". In your profile restricted list, you have "a" and "b". Now have you added "d" to the restricted list, which does not appear in the defined list for the metadata field?

• Is the Nightly 12.0a1 64 bit icon in the start menu for Windows 7 supposed to have a jump list for frequent pages visited and tasks (open new tab, open new window, enter private browsing)?

  Both my standard Firefox icon and Waterfox icon have jump lists in the start menu and taskbar. Even the pinned Nightly icon in the taskbar shows this, but it doesn't show in the start menu. Just odd to see that the icon in the start menu doesn't offer this feature considering it does in the taskbar. I've reinstalled several times but it doesn't seem to change anything.

  There are hidden settings that control the display of jump lists, check these to make sure that they have been enabled.
  Type '''about:config''' into the location bar and press enter, accept the warning message, and a list of preferences will be displayed.
  In the search box at the top type '''taskbar.lists''', it will then display a small number of preferences. Check the values of the following preferences (you can double-click on them to change the value)
  * '''browser.taskbar.lists.enabled''' - should be set to true to enable jump lists
  * '''browser.taskbar.lists.frequent.enabled''' - set to true to have the frequent sites displayed
  * '''browser.taskbar.lists.tasks.enabled''' - set to true to have the tasks displayed
  * '''browser.taskbar.lists.recent.enabled''' - set to true to have the recent sites displayed
  By default the first 3 settings are true, the last is false.

• Need a list of all services, processes and servers

  Hi experts,
  i'm totally new to this but i need a list of all services, processes and servers. Is there a easy way to get them?
  I try to create a tool where you are able to virtually shutdown servers and then you can see what happends to the services and processes. Hope someone can help me.
  Thanks
  btw - sorry for my english

  i'm not sure if you all understand what i'm trying to do so i'll ty to explain it
  first i'll try to explain how i understand SOA
  - there are several servers on which the services run
  - a service is only runnable if his server is active
  - a process consists of several services
  - if one of these services isn't runnable anymore the whole process isn't runnable too
  - there are user who use one or more processes
  - if one of the used processes is not able to run the user will be affected
  the tool i'm trying to write should automatically import the descriped information (server-, service-, process- and userlists) from a given SAP-Systemand then you can switch virtually a server to see which services, processes and user would be affected.
  This would be fine if you want to shut down a server for maintance work or something like that.
  so i hope you understand my problem and you are able to help me
  again i want to excuse for my english and my wimpy knowledge about the SOA Architecture of SAP

• Selection of Distribution Rule in Incoming and Outgoing Payment

  There is an option of selecting the distribution rule in Incoming and Outgoing Payment having transaction of Account type but the requirement is of having the selection of distribution rule having transaction of Customer and Vendor (Invoice wise and Payment on Account)

  What is the purpose for distribution rules in Outstanding invoice list in incoming payment? I try to attach the analysis there and post incoming payment but it will not appear in Journal entries which defeat the main purpose.
  The problem face by customer is that they had many outlets and finance department in HQ needs to monitor daily collection from each outlets.
  The desired outcome by customer is:
  Dr Bank  [profit center=Outlet A]   XXX
  Cr     Customer                                   XXX
  Eventually print out reports in XLR as
                                   Outlet A     Outlet B    Outlet C
  Bank                          XXX            XXX          XXX
  Regards
  Thomas
  Edited by: Rui Pereira on Dec 4, 2008 2:15 PM

• Error : Severity and Description Path Resource Location Creation Time     Id

  i have this error :
  Severity and Description Path Resource Location Creation Time Id
  invalid character or markup found in script block. Try surrounding your code with a CDATA block. essai/src essai.mxml Unknown 1236103965593 182
  my source is attach code
  Many thanks for your help , 
  Lionceau,

  look my source :
  <![CDATA[
  import mx.controls.Alert;
  import com.adobe.rtc.events.SessionEvent; //utilisé
  pour les trois blocs
  import com.adobe.rtc.messaging.UserRoles; //utilisé
  pour les trois blocs
  import com.adobe.rtc.collaboration.AudioPublisher; //
  AudioPublisher me sert pour la gestion du microphone
  import com.adobe.rtc.collaboration.AudioSubscriber; // me
  sert pour choisr l' aboné écouté
  //import com.adobe.rtc.collaboration; // me sert pour la
  gestion du microphone
  //import com.adobe.rtc.clientManagers;// me sert pour la
  gestion du microphone
  import com.adobe.rtc.events.StreamEvent;// pour le son
  (audio xml)
  import mx.events.ItemClickEvent; //pour le son ( audio xml)
  import mx.controls.Label;
  import mx.core.UIComponent; // me sert pour la gestion du
  microphone
  import flash.events.EventDispatcher;// me sert pour la
  gestion du microphone
  // import com.adobe.rtc.components:ResizableCanvas; amettre?
  //debut bloc share
  import
  com.adobe.rtc.sharedManagers.descriptors.FileDescriptor;
  import mx.utils.UIDUtil;
  import mx.collections.ArrayCollection;
  import com.adobe.rtc.collaboration.FileSubscriber;
  import com.adobe.rtc.sharedManagers.UserManager;
  import com.adobe.rtc.messaging.NodeConfiguration;
  import com.adobe.rtc.events.CollectionNodeEvent;
  import com.adobe.rtc.collaboration.FilePublisher;
  import com.adobe.rtc.sharedManagers.FileManager;
  [Bindable]
  private var applicationTitle:String = "File Publisher
  Example";
  // list of managers
  private var _fileManager:FileManager;
  private var _filePublisher:FilePublisher;
  private var _fileSubscriber:FileSubscriber;
  private var _userManager:UserManager;
  // our datagrid dataprovider will use this collection
  [Bindable]
  private var _fileDescriptors:ArrayCollection = new
  ArrayCollection();
  // file sharing group id, it is similiar to that of folder
  concept
  private var _groupid:String = "_filePublisherExample";
  //fin bloc share
  //debut bloc camera
  import com.adobe.rtc.events.UserEvent;
  import com.adobe.rtc.events.SharedPropertyEvent;
  import com.adobe.rtc.events.ConnectSessionEvent;
  import mx.controls.Button;
  import com.adobe.coreUI.controls.CameraUserBar;
  import mx.core.UITextField;
  import com.adobe.rtc.events.SharedPropertyEvent;
  import com.adobe.rtc.sharedModel.SharedProperty;
  import com.adobe.rtc.collaboration.WebcamSubscriber;
  import mx.containers.VBox;
  import com.adobe.rtc.events.UserEvent;
  import com.adobe.rtc.sharedManagers.StreamManager ;
  import
  com.adobe.rtc.sharedManagers.descriptors.StreamDescriptor ;
  private var currentSubscriber:WebcamSubscriber ;
  private var sharedProperty:SharedProperty ;
  * This example shows how the camera component can be used
  with a publisher and a
  * number of subscribers. The publisher has a big view while
  subscribers have a small view.
  * A shared property is used to pass the stream to the
  publisher's user interface.
  * Every user is provided with play and pause handlers.
  private function onCreationComplete():void
  sessionManager.roomManager.autoPromote = true ;
  sessionManager.roomManager.guestsHaveToKnock = false ;
  sharedProperty = new SharedProperty();
  sharedProperty.isSessionDependent = true ;
  sharedProperty.sharedID = "webcamShare2" ;
  sharedProperty.connectSession = sessionManager ;
  sharedProperty.subscribe();
  sharedProperty.addEventListener(SharedPropertyEvent.CHANGE,onChange);
  sessionManager.userManager.addEventListener(UserEvent.USER_REMOVE,onUserRemove)
  * @private
  protected function onUserRemove(p_event:UserEvent):void
  if ( sharedProperty.value &&
  p_event.userDescriptor.userID == sharedProperty.value[0]) {
  sharedProperty.value = [] ;
  * When the main big stream changes, all users can view it
  via the sharedProperty.
  private function onChange(p_evt:SharedPropertyEvent):void
  if ( currentSubscriber != null ) {
  clickedContainer.removeChild(currentSubscriber);
  currentSubscriber.close();
  currentSubscriber = null ;
  if ( sharedProperty.value == null ||
  sharedProperty.value.length == 0 ) {
  return ;
  currentSubscriber = new WebcamSubscriber();
  currentSubscriber.connectSession = sessionManager ;
  currentSubscriber.subscribe();
  currentSubscriber.webcamPublisher = webCamPub ;
  currentSubscriber.publisherIDs = sharedProperty.value ;
  currentSubscriber.addEventListener(UserEvent.USER_BOOTED,onCleared);
  currentSubscriber.addEventListener(UserEvent.STREAM_CHANGE,onCameraPause);
  clickedContainer.addChild(currentSubscriber);
  invalidateDisplayList();
  * If the big image is stopped, clear it.
  private function onCleared(p_evt:UserEvent):void
  if ( sessionManager.userManager.myUserRole ==
  UserRoles.OWNER ) {
  sharedProperty.value = [] ;
  * Clicking on the small image below makes it large.
  private function onClick(p_evt:MouseEvent):void
  if ( (p_evt.currentTarget is WebcamSubscriber) &&
  !(p_evt.target.parent is CameraUserBar)) {
  sharedProperty.value = (p_evt.currentTarget as
  WebcamSubscriber).publisherIDs;
  * Handler for a user pausing the camera.
  protected function onCameraPause(p_evt:UserEvent):void
  var userStreams:Array =
  sessionManager.streamManager.getStreamsForPublisher(p_evt.userDescriptor.userID,StreamMan ager.CAMERA_STREAM);
  if (userStreams.length == 0) {
  trace("onCameraPause: no userStreams");
  return;
  for (var i:int = 0; i< userStreams.length ; i++ ) {
  if (userStreams
  .type == StreamManager.CAMERA_STREAM ) {
  break;
  var streamDescriptor:StreamDescriptor = userStreams;
  if ( streamDescriptor.streamPublisherID ==
  sessionManager.userManager.myUserID ) {
  sessionManager.streamManager.pauseStream(StreamManager.CAMERA_STREAM,!streamDescriptor.pa use,streamDescriptor.streamPublisherID);
  * Handler for a user stopping the camera.
  private function onBooted(p_evt:UserEvent):void
  if ( (p_evt.currentTarget is WebcamSubscriber) &&
  (p_evt.userDescriptor.userID == sessionManager.userManager.myUserID
  || sessionManager.userManager.myUserRole == UserRoles.OWNER)) {
  webCamPub.stop();
  if ( (p_evt.currentTarget.parent as VBox).getChildAt(1) is
  Button ){
  ((p_evt.currentTarget.parent as VBox).getChildAt(1) as
  Button).label = "Start" ;
  if ( sharedProperty.value && (sharedProperty.value
  as Array)[0] == p_evt.userDescriptor.userID ) {
  sharedProperty.value = [] ;
  ]]>
  </mx:Script>

• I upgraded my iPad (3rd gen) to iOS 7.  When I go to iTunes and look at the summary and to the "Apps" list tab, iTunes stops working and shuts down.  What can I do?  I am using a Windows 7 machine.

  I upgraded my iPad (3rd gen) to iOS 7.  When I go to iTunes and look at the summary and to the "Apps" list tab, iTunes stops working and shuts down.  What can I do?  I am using a Windows 7 machine.

  Hi thanks for the encouragement.  It's not that the severs are "swamped", iOS 7 has been successfully installed.
  I can't access the apps list in iTunes because it *****
  down.  Its pretty frustrating because many of my apps require me to manually transfer files into iTunes first to view
  them.  Not sure if the servers being swamped is an issue for me, unless they release a bug fix through another version of iTunes.
  Has anyone else had this problem?  My iPad is pretty useless unless I can access my app list in iTunes....