Secure IOS Configuration Template for AP's?
Hi,
I am responsible for several AP 1200's running a recent version of IOS; and while I feel as comfortable as I can about the security of the wireless traffic I'm not sure I've tightened down the AP IOS configs as well as is possible.
I've applied my knowledge of hardening our router's IOS per the NSA guidelines to some degree; but I'd like to be I'm covering all the bases I can.
Would anyone be willing to share their AP hardening tips with the forum?
Regards, Nick
Did you ever get an anwser?
Similar Messages
-
Please Vote if you find this to be helpful!
App-V: A Configuration Template for Deploying to Stateless RDS Clients on Citrix Published Desktops with Citrix UPM for Profile Management
Just posted this to the wiki:
http://social.technet.microsoft.com/wiki/contents/articles/25318.app-v-a-configuration-template-for-deploying-to-stateless-rds-clients-on-citrix-published-desktops-with-citrix-upm-for-profile-management.aspxI would not recommend this and keep the package cache and the client on the same non-persistent drive and enable the Shared Content Store. If you separate the cache and the App-V client they could get out of sync and strange behaviour can occur.
You can use a temporary local profile with Citrix UPM or UE-V and specify what to roam/save.
You can use the Shared Content Store so packages will stream over the network. When the user logs on there is a publishing phase where shortcuts etc are created for the user, this will take some time.
Are you using the App-V full infrastructure?
Are you using a boot disk, partition or PXE in combination with PVS? -
Configuration Template for SRP 521W
Hello all,
Does anyone have a recommnedation for creating a configuration template for the SRP521W? I can use the Admin-->Backup Config to get a xxx.cfg file, but I cannot edit it with notepad++.
Also, i know the config can be view via view-source:http://ipaddr/admin/config.xml, but how would I load a modified copy of this back to the router?
Thanks in advance for your time!
PhilipHi Philip,
You can load XML configurations on to the SRP using a number of different methods.
Firstly, make sure that your XML is properly formatted as follows. Configuration files can include as much or as little configuration as you need.
<?xml version="1.0"?>
Add your configuration here
Provisioning Methods
1. Resync URL
You can use the resync URL to command the SRP to collect a new configuration from a specified location. The SRP can use TFTP, HTTP or HTTPS to collect the defined configuration. Once you have created your configuration file and loaded it to a TFTP or web server, construct a URL as follows and paste it in to your browser.
http://:/admin/resync?&xuser=admin&xpassword=
For example:
http://192.168.15.1/admin/resync?tftp://192.168.15.100/myconfig.xml&xuser=admin&xpassword=admin
2. Provisioning URL configuration
As an alternative to the above, it is also possible to configure the SRP500 with a provisioning URL via the web GUI. In this case, take the configuration file URL and use it configure the "Profile Rule" configuration field, which may be found on the Voice > Provisioning page.
3. Push URL
Use an application like curl to post the XML file directly to the SRP IP address. For example:
curl -k -d @myconfig.xml http://192.168.15.1/admin/config.xml&xuser=admin&xpassword=admin -
I've updated my App-V Startup script that I use. The new version includes Event Logging as well as detailed logging, and its in PowerShell finally)
Check out the wiki!
http://social.technet.microsoft.com/wiki/contents/articles/25318.app-v-a-configuration-template-for-deploying-to-stateless-rds-clients-on-citrix-published-desktops-with-citrix-upm-for-profile-management.aspxI've updated my App-V Startup script that I use. The new version includes Event Logging as well as detailed logging, and its in PowerShell finally)
Check out the wiki!
http://social.technet.microsoft.com/wiki/contents/articles/25318.app-v-a-configuration-template-for-deploying-to-stateless-rds-clients-on-citrix-published-desktops-with-citrix-upm-for-profile-management.aspx -
Oracle Sesame Adaptater - missing template for creation of a new SAIL repo.
Hi,
I'm trying to deploy the Sesame Adaptater on my TOMCAT server.
At the point 8.9 of the doc ( http://docs.oracle.com/cd/E18283_01/appdev.112/e11828/sem_sesame.htm#BABFFEFA) I'm suppose to type in the sesame console the following comand :
"create oracle."
I got this error :
ERROR : No template called Oracle found in C:\Users\<Username>\AppData\Roaming\Aduna\OpenRDF Sesame Console\templates
By reading the Sesame doc and according to this page (http://www.openrdf.org/doc/sesame2/users/ch07.html) I suppose that I have to add in the "C:\Users\<Username>\AppData\Roaming\Aduna\OpenRDF Sesame Console\templates" directory a file based on this template :
# Sesame configuration template for a main-memory repository
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>.
@prefix rep: <http://www.openrdf.org/config/repository#>.
@prefix sr: <http://www.openrdf.org/config/repository/sail#>.
@prefix sail: <http://www.openrdf.org/config/sail#>.
@prefix ms: <http://www.openrdf.org/config/sail/memory#>.
[] a rep:Repository ;
rep:repositoryID "{%Repository ID|memory%}" ;
rdfs:label "{%Repository title|Memory store%}" ;
rep:repositoryImpl [
rep:repositoryType "openrdf:SailRepository" ;
sr:sailImpl [
sail:sailType "openrdf:MemoryStore" ;
ms:persist {%Persist|true|false%} ;
ms:syncDelay {%Sync delay|0%}
Do anyone have the correct template ?
I didn't find any other thread about this problem, so I supose it's an easy issue to solve, but the Semantic Technologies are totally new for me.
ArthurI finally find the answer to my question. The template used in the tutorial is present in the sesame adapter.
I just had to extract the files into the "sdordfsesame.jar", the template is locate in "sdordfsesame.jar/org/openrdf/console/oracle.ttl".
After adding the "oracle.ttl" to the correct directory, it's work fine.
Arthur -
How to create bulk configuration files from a template for staging?
Hello,
We have created a sample configuration for ISRG2 2901 Router. The sample configuration is long, and with copy/paste it is possible to skip some lines, and it is difficult to ensure the configuration of every device is standardized due to this error possibility. What we are trying to achieve is first create a template from this sample configuration file, and then create configuration files for each device seperately and automatically. After creating this configuration instances, we want to be able to distribute the configuration files (and possibly the ios) to the devices during the staging phase. Since there are about 1000 2901 routers, creating configuration files is important?
From searching we have found the following tools:
1) CCE (Cisco Configuration Engine): This tool seems to be very efficient for distributing the created configuration files. We may use the serial number of the device, and it provides almost zero touch provisioning of the configuration files to the devices. Creating the configuration file from the template seems to be manual, i.e enter the ip addresses of the interfaces, the routing tables one by one for each device. How can we use velocity template for device configs?
2) Ciscoworks LMS Prime: It is possible to create a baseline template for the devices, and after getting the backup configuration of the routers, it is possible to compare the actual configuration of the device with the baseline template, and understand if there is any difference with each other. This is indeed very useful in order to keep the configuration standardized, we again could not find a way to create bulk configuration files from the baseline template.
3) Solarwinds Config Generator: This tool is useful for creating a configuration file from a template, but again not for automatically creating configuration files, and needs manual intervention.
4) Excel Macro: It seems that some people have achived to automatically create configuration files with using an excel macro, but we could not find a procedure or tip of how to achieving this.
5) Pearl or TCL/TK Script: Again since we are not software developers but from networking field, it is difficult to achieve a working form of this scripts or codes due to to lack of documentation and development experience.
So our problem comes down to creating a template from a sample configuration, and creating bulk configuration files from the template. Is there a specific tool or procedure to achive this purpose?
Thanks in Advance,
Best Regards,Hi,
Try this one http://www.gen-it.net
Regards,
Stuart -
Configuration file for pkcs11 security provider
Hi all,
I'm using Mandriva 2008.0 . In the jdk 1.5.0 documentation, it is given that, the security provider pkcs11 can be configured statically by adding an entry, as shown below, in the java.security file present in the directory jre/lib/security/.
*# configuration for security providers 1-6 ommitted*
security.provider.7=sun.security.pkcs11.SunPKCS11 /opt/bar/cfg/pkcs11.cfg
Where can I get the configuration file (pkcs11.cfg) from? Please direct me how to proceed.
Thanks.Hi,
I went through that Java SE6 documentation link. It describes the contents of the configuration file for pkcs11. But I couldn't find the information of where can I get the configuration file for pkcs11 security provider from.
Thanks. -
Will the security update be available for IOS 6?
Will the security update be available for IOS 6?
linrey wrote:
Not so - Apple says they have release iOS 6.1.6 to address the security problem. However no one seems to know how to get it since every request for an update only offers iOS 7. Very strange...
Nothing strange about it. iOS update only allows the installation of the latest release based on the hardware it detects you are using. The 6.1.6 update is only available to those devices that CANNOT run iOS 7, like the iPhone 3Gs. For any device capable of running iOS 7, the iOS update system will ONLY offer the option of updating to iOS 7.0.6, regardless of whether the device is still running iOS 6 at the time you try to update it.
That is how the iOS update system has always worked - you simply cannot update to a lesser iOS release then the most recent for your particular hardware. -
Secure Configuration Guide for Lion?
Is Apple going to release a secure configuration guide for Apple, as it has for its past OS X operating systems? It doesn't yet exist on the Secure Configuration Guide page on Apple's site.
i'm also interested in reading this document.
i posted the same question before reading your post.
https://discussions.apple.com/message/19256352#19256352 -
I am trying to configure BFD for static routing on a 2431 running IOS 15.1(2)T to detect and route around simple multihoming faults. According to Cisco Feature Navigator, BFD for static routes is supported on c2430-ik9o3s-mz.151-2.T.bin. But when I follow the config guide steps to configure it, IOS does not recognize the commands, such as:
ERC3-IAD2431-3(config)#int fa0/0
ERC3-IAD2431-3(config-if)#bfd ?
% Unrecognized command
ERC3-IAD2431-3(config-if)#
and:
ERC3-IAD2431-3(config)#ip route static bfd fa0/0 172.19.113.241
% BFD is not supported on FastEthernet0/0
ERC3-IAD2431-3(config)#
Am I missing some prerequisite, or restriction?Vignesh,
As requested:
ERC3-IAD2431-3#show version
Cisco IOS Software, 2400 Software (C2430-IK9O3S-M), Version 15.1(2)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 19-Jul-10 16:23 by prod_rel_team
ROM: System Bootstrap, Version 12.3(7r)T2, RELEASE SOFTWARE (fc1)
ERC3-IAD2431-3 uptime is 1 week, 20 hours, 31 minutes
System returned to ROM by reload at 15:45:52 EDT Mon Oct 27 2014
System restarted at 15:47:56 EDT Mon Oct 27 2014
System image file is "flash:c2430-ik9o3s-mz.151-2.T.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco IAD2431 (R527x) processor (revision 4.1) with 250880K/11264K bytes of memory.
Processor board ID FHK1444F1GM
R527x CPU at 225MHz, Implementation 40, Rev 3.1
2 FastEthernet interfaces
48 Serial interfaces
2 Channelized T1/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
63K bytes of non-volatile configuration memory.
System fpga version is 250027
System readonly fpga version is 250027
Option for system fpga is 'system'.
126976K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102
ERC3-IAD2431-3#show int fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is 5475.d026.3019 (bia 5475.d026.3019)
Description: Uplink to TWC/Avaya VoIP Network
Internet address is 24.30.210.144/27
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
40541 packets input, 6155984 bytes
Received 20517 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
149623 packets output, 22178324 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
17 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
ERC3-IAD2431-3#show int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 5475.d026.301a (bia 5475.d026.301a)
Internet address is 172.19.113.242/29
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:44, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
14829 packets input, 3324508 bytes
Received 7916 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
78596 packets output, 7819210 bytes, 0 underruns
0 output errors, 0 collisions, 13 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
ERC3-IAD2431-3#
Thanks,
Alfy -
Harvard Outline Template for Pages iOS version ipad and iphone
Is there any way to create a Harvard Outline in the Pages ios 8 version for ipad and iPhone? If not can anyone recomend and App that does?
Syrian_Kiwi wrote:
The iCloud based Pages doesn't support Arabic... :-/
You are correct, the new iCloud version also doesn't support any Indic script. Use the feedback link to ask Apple to fix that before it leaves beta status. The iCloud webapps have a separate forum at
https://discussions.apple.com/community/iwork/iwork_for_icloud_beta -
Hello, dear colleagues.
We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info).
Send Message, Disconnect, Logoff options works only for users in Administrators group.
I can't to configure permissions for Remote Desktop Users, specific user or AD group.
To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
RDP-Tcp, Security tab, add specific user account , AD group or configure
advanced permissions
for Remote Desktop Users.
But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
Thanks.
P.S. If move specific user from Remote Desktop Users group to Administrators group on
Windows Server 2012 R2 - it works.Hi,
You can prevent administrators from changing the permissions for a connection by applying the
Do not allow local administrators to customize permissions Group Policy setting.
This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Apart there is one command with which you can set the permission for that check the related
article. Additionally checkthis
thread for more detail.
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Packer Arch: a template for building Arch base boxes for Vagrant
I thought some people might be interested in my Packer Arch project. It is a bare bones Packer template and installation script that can be used to generate a Vagrant base box for Arch Linux. The template works for both Vagrant's default VirtualBox provider as well as the VMware provider.
If you're not familiar with Vagrant, it's a way to "create and configure lightweight, reproducible, and portable development environments"...basically an incredibly easy way to spawn temporary virtual machines that you can use for testing/developing anything. In my case I launch Arch VMs to test out Ansible automated configuration tasks that I use to manage some personal servers. Anyway, hope somebody else finds it useful.
https://github.com/elasticdog/packer-archAbsolutely right. I purposefully wanted to recreate a system that you'd see either out in the wild when purchasing a VPS, or what you'd have after performing a fresh installation from the latest ISO on your own hardware. Even though my end goal was to test Ansible, I didn't include its dependency of Python 2 directly in the build process, but kept things as minimal as possible and use a bootstrap script to handle dependencies after the fact. If you're interested in using Ansible to manage Arch hosts, I did write a quick blog post on my bootstrap process:
Developing Ansible Playbooks for Arch Linux with Vagrant
...and another project I published called Hyperboriarch has some good examples of doing initial configuration tasks with Ansible (securing ssh, configuring ntp, simple iptables firewall setup, etc.):
https://github.com/elasticdog/hyperboriarch
</self-promotion>
Last edited by elasticdog (2013-09-27 19:04:04) -
NCS WLAN Configuration Template Problems
Hi All,
I'm trying to set up WLAN Configuration templates on our new NCS server. The version of NCS is 1.1.1.24 and the version of our WLC is 7.2.103.0. I have two problems:
1. I do not see an option for AAA Override. Has this been renamed to something else in NCS?
2. I do not see a way to assign a WLAN ID in the template. This is important as I use it as a RADIUS attribute in our ClearPass guest wireless service.
Thanks,
JasonYeah, it's a bit hidden.
For the AAA Overide, it's actually under the Security > AAA Servers.
As for setting the WLAN ID, this is not a configurable option from NCS. It will just build the next one that is available.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Ok, this is a bit off topic, but let me put this up:
1. On a windows 7 with the latest Java, I am accessing a Java page
http://nlvm.usu.edu/en/nav/frames_asid_190_g_1_t_1.html
2. This page doesn't have a trusted certificate, as its an educational purpose one, anyway, I get the message :
"Your security settings have blocked an untrusted application from running."
3. Referring to : http://www.java.com/en/download/help/appsecuritydialogs.xml : I can as a Admnistrative user go in and goto Control Panel, Get to Java (32-bit) and open it up
Then I can go to Security and add the exception there.
My issue is with users who are non-administrators.
So I would like to know if anyone else has had a similar requirement where they had to do something in the Java Control Panel and used an ADM template, one they created or one available somewhere to configure it globally.
Regards,
Ramu
Ramu V RamananHi,
try a web search.....
http://www.bing.com/search?q=admx files or java RT
you can write your own admix files for the Java RT settings or usually the software vendor offers a template for corporate users.
or you could use procmon.exe to monitor which registry keys are changed by the java RT security console.
Regards.
Rob^_^
Maybe you are looking for
-
How do I switch from my iTunes account to my wife's?
I have two MacBook Air's registered to my Apple ID and my wife and I have been sharing an iTunes account tied to my Apple ID. Now that she finally has an iPhone after my iPhone 5S purchase, we decided it would be easier to "register" one MBA to her
-
Multiple devices with different song lists
I use a PC for iTunes and I recently got a new iPhone. Even after doing the backup before plugging in my new iPhone, I somehow managed to lose the 1000+ songs that I had uploaded from CDs onto iTunes. Long story short, I followed instructions to try
-
DS XI3.2 SP1 - Problem when starting RFC server from management console
Hi, We're using DataServices XI 3.2 SP1 FP1 on a windows 2008 server 64bits to load SAP BW. We have set up an external system in SAP BW called "DI_SOURCE" and then successfully created a RFC server interface (DI_SOURCE) within the management console.
-
SmartCard reader not working on EliteBook 6930p
Driver sp41982 installed. XP Pro SP3 OS. Any SD card inserted is not detected. Laptop is leased so could this be a service call?
-
HP 15 r-150 HDMI no signal not working
HDMI port not working !!! HDMI no signal!!!