RE: WMI Monitoring - Security

Similar Messages

• Metrics,monitoring security in xMII and Scan groups

  Hi all
  How does scan groups work ? (e.g. 5MIN, 15MIN etc.) Can the user choose his own time interval, e.g. he wants to schedule something to be run every 25 minutes, but we don't want to define scan groups for every possible time interval, Can we let the user control and enter the time interval he wants (e.g. every 35 minutes etc.)?
  How does security work in xmii with respect to metrics and monitors. If the user is given access to this metrics screen so he can create his own metrics, what kind of security is required and is there any issues if we do it ?
  I believe the metrics and monitoring are stored in a database, whatever database we specify when installing xMII ActivePortal. Please let me know  into how does it get stored. Can we manually add/change information in those tables to create own metrics instead of going through the xMII metrics screen.
  i want to understand whether we should give the users xMII screen to maintain themselves, or we need to build something customized
  thanks
  Veeresh

  Hi Veeresh,
  talking about Metrics Alert and Services it is very important to give an information about the xMII version you use.
  Reason: Between 11.5 and 12.0 there is a technical change  how Scan Groups will be processed. 11.5 uses Windows Schedules of the Operating System. 12.0 uses scheduled Transactions.
  The Metrics Alert and Services are given as they are and I do not recommend to do any modifications to the original pages.
  Regarding your question about the security:
  You openend already a thread to discuss this:
  [Monitors and Metrics]
  Please ask only one question per thread.
  Information regarding Metrics Alert and Services are stored in the Active Portal Database. Of course you can write into this tables creating you own userinterface - at your own risk of course. That's the way it normally works if you make changes to the standard.
  Ciao
  Martin

• WCS 5.1 (Windows) fails in opening the page under Monitor- Security

  Hi everyone!
  Did anyone experience this issue?
  The page appears empty on the right but I can see the tab with the alarms on the left.

  I have made a check but activex are enable.
  The error message is :
  Tag 'insert' can't insert page '/pages/monitor/switch/securitySummary.jsp'. Check if it exists. For input string: "79,46"

• I use a dns server by which I remotely monitor security cameras. Whilst I can log on to the site I can no longer see the camera output since upgading to FF4. Chrome still works.Think I've tried everything obvious - any ideas ?

  The frame of the video console is visible but there is no actual video. I've set the user & password to "admin" so someone could take a look if they get the opportunity. Thanks for your help.
  MAF

  Hello, yes it did & still does work on FF3. It also still works in chrome. I have to profess that I'm uncertain what the plug-in does or whether it is correctly spelled ? I can say though that I could also view the cameras through FF3 on kubuntu. Sorry if this is not very helpful.

• Monitoring a security camera

  Have you had experience connecting a security camera at home and monitoring it through Safari? My home configuration is a Mac Pro hard-wired to a router, though the router is also wireless. Ideally the camera would establish a wireless link to the router. While away from home, I'd like to be able to open a browser window into the camera, using my Macbook Pro. I have no iSight camera on the Mac Pro at home. Though less convenient, I could attach a camera to the Mac Pro through some port. Thanks!

  Welcome to Discussions, Drasticbunny
  Drasticbunny wrote:
  Have you had experience connecting a security camera at home and monitoring it through Safari?
  No.
  ... My home configuration is a Mac Pro hard-wired to a router, though the router is also wireless. Ideally the camera would establish a wireless link to the router. While away from home, I'd like to be able to open a browser window into the camera, using my Macbook Pro. I have no iSight camera on the Mac Pro at home. Though less convenient, I could attach a camera to the Mac Pro through some port. Thanks!
  (1) If you want to shop for one of the widely available dedicated internet security cameras, be sure that both the hardware and the software that is bundled with it are compatible with your internet service, router, Mac, and Mac OS version. If you ask, the seller should be able to guarantee compatibility or explain exchange privileges before you buy.
  (2) If you want to use a webcam operated by your Mac Pro, see this link for camera possibiities:
    http://discussions.apple.com/thread.jspa?threadID=2018211
  and this link to find some webcam/surveillance/nanny cam apps that may do what you want:
    http://www.ralphjohns.co.uk/EZJim/EZJimpage7.html
  EvoCam is one of the more popular apps that let you monitor security via an internet browser like Safari. Security Spy is another, but it currently has a know issue with the Safari browser when running Snow Leopard. Security Spy's download page lists certain other browsers are compatible now. Regardless of which app offers the features you want, carefully review System Requirements and compatibility info in their web pages for current status.
  EZ Jim
  Mac Pro Quad Core (Early 2009) 2.93Ghz w/Mac OS X (10.6.2)  MacBook Pro (13 inch, Mid 2009) 2.26GHz (10.6.2)
  LED Cinema Display  G4 PowerBook 1.67GHz (10.4.11)  iBookSE 366MHz (10.3.9)  External iSight

• WMI query through ASA Firewall

  I'm a newbie - please be patient
  We have an ASA firewall that has several DMZ VLANs.
  A support company that responsible for the SQL Servers wants to use WMI to query server health.
  Their monitoring server currently on the internal lan, eight SQL servers on the internal lan and six of the SQL Servers are in the DMZ.
  Two of the SQL Servers in the DMZ are 2003x32 Standard Edition and four are 2008R2x64 Enterprise Edition
  The question is the ports that need to be open for Windows 2003 is concerningly large tcp/1025-65535, tcp/135
  What are everyone’s thoughts on opening up such a large range?
  Is there a better way of doing this – unfortunately getting the monitoring software rewritten is not an option and nor is going Linux
  Thanks
  PS - if this has already been asked can someone point me to the discussions

  Hi
  I would say that that is a No No
  But that depends on the environment, for some (most) i woulds say its not ok, but some might feel that they do not need that much security.
  WMI is a bit tough on firewalls.
  But there are ways to limit the ports used by WMI
  fx you can set it to use Fixed ports. and so on.
  Sure it makes the server guys a little less happy since it does not work from the start and they have to make some changes but the added security is well worth the fight.
  Here is a link to solarwinds for people with the same problem.and an answer that seems to work
  (i have not tested this) from ASH J Kent. (almost at the bottom)
  http://thwack.solarwinds.com/forums/68/application--server-management/21/server--application-monitor/16415/wmi-monitoring-through-firewal/
  Here is one from MSDN
  http://msdn.microsoft.com/en-us/library/windows/desktop/bb219447(v=vs.85).aspx
  Good luck
  HTH

• Untrusted Connection - when I try to add a security exception, NOTHING happens

  A game company Web site I go to all the time has just started giving me Untrusted Connection messages. I was able to visit it with no problems as recently as a few hours ago, but now I just get a page that says "You have asked Firefox to connect securely to [site], but we can't confirm that your connection is secure" and goes on to explain about security certificates and so on.
  When I click "I understand the risks" then "Add exception", an "Add Security Exception" dialog box comes up as expected. However, when I click "Confirm Security Exception" on that dialog box (with or without clicking "Get Certificate" first), LITERALLY NOTHING happens. I don't mean I get an error message, or some result I'm not expecting, or even that the dialog box disappears. When I say nothing happens, I mean quite literally NOTHING happens. The button is not greyed out, yet clicking it has absolutely no effect. This leaves me with no means of closing the dialog box except clicking "Cancel", and therefore no means of accessing the site.
  I've seen similar problems mentioned on this site, but mostly they either have the button greyed out (mine isn't) or they get a conflicting message saying the certificate is fine and doesn't need replacing (I don't). I have not seen anyone else post about my version, where everything looks normal and internally consistent yet the "Confirm Security Exception" button is non-functional.
  This is not the first time I've had this problem, but it's the most annoying in that this time, it's affecting a site I normally visit several times a day rather than one I don't care that much about. As far as I recall, in my hands the "Confirm Security Exception" button has NEVER functioned, with the problem even surviving a near-total replacement of the hardware including the hard drive Firefox lives on.

  Make sure that you do not run Firefox in (permanent) Private Browsing mode (Never Remember History).
  *https://support.mozilla.org/kb/Private+Browsing
  *Tools > Options > Privacy > Firefox will: "Use custom settings for history"
  *Deselect: [ ] "Always use private browsing mode"
  Check out why the site is untrusted (click "Technical Details to expand that section) and if this is caused by a missing intermediate certificate then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  Note that some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.

• The connection was reset + Secure connection failed

  Hello, I am using firefox on the web and I keep encountering the same error message that the connection was reset when I try to access webpages. Following the article at https://support.mozilla.org/en-US/questions/1024256 did not solve the problem as it only fixed it for google.com and no other website, however when I hold down shift and reload the page it will reload, sometimes in basic html. Operating in safe mode will bring up these pages in basic text without graphics.
  Sometimes, it will instead show the message Secure Connection Failed for trusted websites such as news agencies.
  I have disabled my themes and add-ons but the problem still persists.
  I woud like some guidance on how to go about fixing this problem. Thanks! :)

  Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details" to expand this section.
  If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the <b>issuer of the certificate</b>.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.
  Boot the computer in Windows Safe mode with network support (press F8 on the boot screen) as a test to see if that helps.
  *http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

• WCS 4.1.83.0 alarm dashboard not updating security issues

  Hello,
  Not sure if the topic title made much sense but basically what is happening is this:
  I just finished getting 4.1.83.0 installed on a fresh server with no backup restorations. My 4404 WLC's (x2) are on version 4.1.171.0.
  I have been receiving an influx of WPA MIC errors on both controllers, that were previously showing up on the alarm dashboard of WCS (on an older version), but ever since the upgrade, they are not appearing on the dashboard at all.
  I have just added the controllers, some alarms are updating (rogue APs for one), and I have also tried refreshing the config through WCS.
  I can't seem to find anything on the 4.1 WCS config guide, so if anyone could point me in the right direction it would be appreciated.
  As a note: The controllers have both reported these WPA MIC errors since I added the controllers to WCS, but no info was updated on the alarm dashboard.
  Thanks,
  Jeff

  Hi,
  We don't have any chokepoints nor do we have a location server.
  Is that the reason why the security alarms aren't being flagged? If so then cisco should have documented that in the release notes.. on the previous version we weren't having this issue under the same conditions (security alarm was flagging).
  Just in case it's not clear where this is happening - I'm concerned about the panel on the bottom-left of the screen (java applet). Also when I go to monitor->security, there are no alarms (no previous/cleared either) when there should be.

• Firefox repeatedly demands verification of security exception for certain secure sites, no matter how many times I confirm that it is secure.

  Not all secure sites have this problem. There are certificates for these cites in my list of certificates, but they don't seem to work.

  It shouldn't be necessary to make an exception for certificates unless some intermediate certificate aren't send or a site has a self signed certificate.<br />
  It is also possible that your security software is monitoring secure connections and sends its own certificate instead of the certificate from the server.
  Also check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  * https://support.mozilla.com/kb/Secure+Connection+Failed

• How to Configure Solution Manager for 1.Download SuppPacks 2. Monitoring 3

  We recently upgraded to ECC 6.0 and installed Solution Man., very vanilla.  Basically just to get the Key to do the upgrade with.
  I would really appreciate it if someone could share any documentation that would provide guidance on how to now further configure SolMan for the following
  1.  Monitor our Landscape which comprises of ABAP ECC (java is installed though not actively using), and SAP BI 7.0
  Sandbox, Dev, QAS and Prdn  for BOTH ECC & BI
  2. Download Support Patches from SAP Marketplace (currently we have had to donwload the long way with download manager creating a message to get them apporoved whew... this is work..)
  3. Add messages to SAP Market Place (thru SolMan)
  4 Possibly monitor security and manage userids etc (if possible)
  And if there is functionality that will make the BASIS experience better I would definitely appreciate it.  We don't need the help desk as we already have it ,but, we may take advantage of Project documentation
  I would really really appreciate it if someone could advise
  Kind Regards & Thank You
  Maria

  Hi Maria,
  With solution manager you can definitely do a world of things, below is a list inclusive of the features you wanted:
  1. Dowload SP-Stacks, etc - you will have to configure Maintenance Optimizer for this (MOPZ).
  2. Monitoring - you can monitor your ABAP and JAVA stacks using the monitoring features of CCMS which is embedded in Solution Manager, please have a look at the monitoring setup guide (for NW04S) in the Service Marketplace. Basically, it uses agents such as SAPCCMSR for JAVA Stacks and SAPCCM4X for ABAP stacks.
  3. You can also configure availability monitoring using th same guide as above - this uses the CCMSPING tool.
  4. You can monitor your business processes using the BPM/BPMon features of solution manager - you will also get this guide in http://service.sap.com/solutionmanager.
  5. You can scheule your earlywatch alerts (EWAs) in solution manager system - have a look at the following link for this:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e0f35bf3-14a3-2910-abb8-89a7a294cedb
  6. You can also have DBACOCKPIT on your Solution Manager system and have it tomonitor backups, etc on your satellite systems. For thsi have a look at SAP notes 1028624, 1025707 and 1027146 (and the DBACOKPIT guide in SAP Note 1028624).
  Hope this is helpful. Kindly award points if useful.
  Thanks, Dibya

• Toshiba Bulletin Board warns about poor security

  Hi all.
  I've noticed this since I got my laptop (L500-1XL) that every few days a message comes up, then disappears but a red warning sign is left on the security section of the Bulletin Board, and if I hover the pointer over it, it says "poor".
  What does that mean?
  What am I supposed to do with that vague information?
  Anyone else have that problem?
  I have anti-virus installed, updated, running, is registered with Windows and Windows doesn't register a problem.
  I've a firewall running fine.
  I don't get it! What's poor?

  Hi
  I think it has nothing to do with the notebook security.
  The Toshiba bulletin board provides a lot of information;
  Networks/Wlan, PC health monitor, security, PC diagnostic, Eco utility
  Maybe the notification means WLan signal strength ?:|
  Sorry but its really hard to say what it is without having more details
  However, here is an Toshiba Bulletin website from Toshiba:
  http://laptops.toshiba.com/research-center/technology-guides/toshiba-bulletin-board-software
  Here an Toshiba Bulletin video:
  http://forums.computers.toshiba-europe.com/forums/thread.jspa?threadID=52212

• Secure connection error pops up on every website. How do I disable it?

  keep getting certificate warnings on all websites.

  Some firewalls monitor secure connections and send their own certificate instead of the certificate from the web server.<br />
  You can check that if you click through the steps and get the certificate and look at the issuer.<br />
  In such cases you need to install the root certificate of that firewall to make Firefox recognize the issuer of the certificate or disable monitoring secure connections (port 443).<br />
  See also http://kb.mozillazine.org/Firewalls and [[Firewalls]]<br />

• Security Audit Log FULL. What happens??

  Hi there,
  Can anyone tell me what will happen when the Security audit Log file is full on OS-level. Will the system stop? Is the file overwritten?
  Best regards,
  Joris

  Hello Joris ,
  1 ) Is the file overwritten? -> No
  2 ) Will the system stop? -> Yes , if there will no free space on drive / file system SAP system will stop.
  How to delete :
  1.      To access the Security Audit Log reorganization tool from the SAP standard menu, choose Administration à System Administration à Monitor à Security Audit Log à Reorganization.
  The Security Audit: Delete Old Audit Logs screen appears.
         2.      Enter the Minimum age of files to delete (default = 30 days).
  This value must be > 3.
         3.      Activate the To all active instances indicator to delete the audit files from all application servers. Leave the indicator blank if you only want to delete the files from the local application server.
         4.      Activate the Simulation only indicator if you do not actually want to delete the files. In this case, the action is only simulated.
         5.      Choose Audit Log à Continue
  Regards ,
  Santosh Karadkar

• Website box says, ' this connection is untrusted, can't confirm it's secure'.

  I'm trying to open a secure website. a box comes up, it reads:
  'this connection is untrusted... can't confirm connection is secure... this sites identity can't be verified... this error could mean someone is trying to impersonate the site.' I called the company and they said it is my browser. I don't know what to do?

  Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
  Check out why the site is untrusted and click "Technical Details" to expand this section.
  If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the <u>issuer of the certificate</u>.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.