Securing remote FLVs

Similar Messages

• WRT160Nv3 trouble connecting laptop using Vodafone secure remote acces

  I have a WRT160Nv3 router installed at home. My home laptops, gameconsoles and iPhone could be connected thru Cicso Network Magic. To get my netgear WGPS606 printerserver connected, I had to disable my windows firewall, connect it with CNM and enable my firewall. This works fine now. 
  Yesterday I got a laptop from my boss. This laptop has Vodafone Secure Remote Access installed in order to connect to (home) networks or with a HSDPA-card. On my homenetwork I can't get a proper connection thru VSRA, Network Magic doesn't see the laptop as a new device so it can't regocnize the mac-adres. I can connect with the windows tool but then my connection is not secured and I can not use my laptop on the company network. I've tried disabling my firewall (as I did connecting the printerserver) but this didn't work. 
  Anybody any suggestions?

  If your Wireless Network is Secured or its an Unsecured Wireless Network ? If you are able to connect to your Wireless Network using Windows Utility then its not the problem with the router. If your Computer has any other wireless Utility and if you are trying to connect to your wireless network using that Utility are you getting any error message while connecting to your wireless network?
  While using VSRA  on your computer are you getting any error message? 
  If you need to know the MAC Address of your Computer then on your computer click on Start - RUN - CMD and click Ok... In the Command Prompt window type "ipconfig /all" and hit enter and under "Wireless Network Connections" you will find the MAC address of your Wireless Network Adapter. 
  So if you have enable the Wireless MAC Filter on your Router then you can Input that MAC on your Router and click on Save Settings. 

• Secure Remote Panels?

  Question...Is there any way to secure Remote Panels?
  I've got a client with an application I wrote that he makes available to 'his' customes via Remote Panels.  He's concerned that some unauthorized person can 'tap into' the RP feed and be able to view (and possibly control) his VI.
  While this app was written using LV 8.5.1, I know that LV 2009 (and I guess 2010) have some kind of encryption built in.  Is there any way to use this to encrypt the Remote Panel image/data?
  Also, does anyone know how 'strong' the NI encryption is?  Apparently 64 bit is the strongest that can be legally exported

  Security is a relative thing.
  Back in the day when I consulted with banks on security systems I learned that the amount of money that went into protecting vault depended on how much money was in the vault. THe idea was to make it more expensive to break in.
  Same idea applies to computer security.
  The LV Web interface effectively sepeartes the front panel from the block diagram and provides the linkages between them.
  To attack that communication the atttacker must be familiar with that interaction AND be willing to do the attacking.
  Aside from one of my mentors, I know of nobody outside NI that can attack that interface and judging by his posts, he is too busy to get involved.
  So if the data in the app being served is really worth so much that the cometition would invest in doing the hacking, then the concern is valid. But if the served app's info is not that valuable, then relax and let the competition waste their money.
  Ben
  Ben Rayner
  I am currently active on.. MainStream Preppers
  Rayner's Ridge is under construction

• What is a Secure remote Control solution for ipadv3  to osx 10.8?

  I have a desktop and a laptop that I need to control via remote using my iPad 3. I am an administrator of a small network and it is against co policy to use vnc as my MacBook opens up with my access when I control it via vnc/apple desktop sharing. I need a more secure rdp like solution. I cannot use any external solutions like log me in, go to my PC... or the like. re: Against co policy.
  I opened two tickets and asked one simple question. Can apple confirm that no apple so has a secure remote access feature built in? With confirmation I can justify having to purchase or develop a solution. They would not admit it.
  Rdp is mediocre and somewhat secure. What is the issue for apple to use it for their so?
  How about Remote Desktop via a sash tunnel and lock the desktop?
  Does anyone have a simple cheap or free solution?

  Well the old VPN Client was the ONLY IPsec remote access VPN client that Cisco offered. So they wouldn't need to say "we recommend this one vs. that one" would they?
  Any migration needs to take into account new features and potential issues with the new client software. So you would need to confirm your VPN head end type, version, licensing, etc. Decide whether you want to use IKEv2 or sSL transport. Decide how you want to deploy the client software. Decide whether you want to make any changes to the features deployed given the expanded range of capabilities offered by AnyConnect, etc.
  Hope this helps. Please rate helpful posts.

• Secure remote login in scripts

  Hello,
  I stated this same question to also metalink discussion forum, so I'm cross posting a bit here. Sorry about that.
  I have a following business problem:
  I have two Solaris servers where in first (DBS-node) I have the database. In the other one (FILE-node) I have other part of the application using the database as a client. In this FILE-node I also have to have several maintenance scripts running from crontab.
  Currently the authentication has been made by hard coding the username/password as follows: 'sqlplus -s userid/passwd @script.sql'
  Now, I would like to get rid of these hard coded passwords in scripts. What would be your recommendation to implement this?
  If we were on the same server as the DBS, the OS-authentication (sqlplus /) would be a good option. As far I know, remotely the only option is REMOTE_OS_AUTHENT=TRUE initialization parameter. The use of this could be possible if I could filter the accepted servers for OS authentications for example in listener.ora.
  But is there a way to filter accepted servers?
  Is there other ways to implement secure logins in shell scripts?
  Oracle Advanced Security is not an option at this point.
  I'm using Oracle 8.1.7.4 on Solaris9 servers.
  Sami

  This is not a perfect solution either, but I have seen it like this:
  - Create a file with the password. The file has rw privilege for the owner only.
  - Create a shell script that first reads the file, and then starts sqlplus with the username only. This will hide the password from the crontab list.
  Something like this (sorry, my Unix shell script knowledge is not so good):
  pw=`cat pwfile`
  sqlplus -s userid << _EOF
  $pw
  @script.sql
  _EOF

• What is the command for secure remote copy ?

  What is the command for sucure remote copy ?
  The remote copy is rcp, but it is not secure or is it?

  Andy of course is spot on.
  scp -p /my/local/file [email protected]:/otherpath/to/remote/file
  Will use ssh to securely copy a file if ssh is enabled on the remote "othermac"
  rsync -e ssh is much more powerful, but in many cases scp is the best due to simplicity.

• Installing Flash Player in a Secure Remote Environment

  I am configuring a remote development environment and one of the applications I am using requires Adobe Flash 10 or higher.  My dev environment is locked down and does not connect to the internet.  I would like to know how to install Flash manually in the remote dev environment without internet access.  Is this possible? Where do I locate the manual installation package.
  Any advice is much appreciated.

  Adobe offers a couple versions of Flash Player for redistribution in enterprise environments, and they're tailored for centralized deployment and management via AD/SCUP/SCPD.
  Your organization will need to execute a distribution agreement, but it's free.  I've included links to the distribution page and system administrator's guide below.
  Adobe Flash Player Distribution | Adobe
  Adobe Flash Player Administration Guide for Flash Player 14 | Adobe Developer Connection
  Alternatively, Flash Player is bundled as a component in Google Chrome.  If you can get Chrome installed on your laptop (which can typically install without administrative rights), you should have a working Flash installation.  Depending on the compliance obligations in your particular environment; however, it might be better to have a conversation with your IT support folks about the requirement.

• Secure, Remote File Storage

  I have a general architecture question that I wanted to pose
  to everyone for feedback. I have an Extranet application based on
  CF 6.1 Enterprise which is designed to provide basic document
  management services by allowing people to upload and download
  files. The application is designed with CF and IIS on the same
  server, with a firewall, reverse proxy, etc. in front of the
  server. I have a security concern with the application in that the
  files that are uploaded are stored on the Extranet server. This was
  originally done as it was the easiest solution and made the Verity
  indexing of the document easy. However, I'd like to move the
  documents off of the server for security reasons, but 1) still give
  people the ability to upload and download docs through the Extranet
  CD application and 2) still index the documents to allow user
  searches. My question is how have others of you done similar stuff?
  What is the best way to move the files (cfftp, mapped OS drive,
  etc.)? Does indexing the files require a separate Verity K2
  license? If I recall, Verity K2 is something like $65k, which
  wouldn't be my first choice. Any thoughts?

  Kim - thanks for the quick response. Indeed, I think that a
  mapped drive is likely the easiest, quickest solution. I'm not
  sure, however, how much additional security it affords if the
  Extranet server was to become compromised. I suspect using FTP to
  transfer the files may be more secure. What I'm wondering if there
  are other ways (maybe more typical or more secure) and what can be
  done to effectively index the documents for searchability without a
  costly Verity K2 implementation. Perhaps FTP and Verity K2 is the
  answer, but I'm interested in feedback from people that have
  tackled this problem like you. Thanks again.

• NI Server remote connection security

  Hi,
  I searched all the NI site and all the Labview help but couldn't find answers. My intention is to run one or more VI Server on an unsecure TCP/IP network. I would like to allow remote access using Open Application Reference node. We have Academic Site License so I have access to most recent version of almost all NI software. Related to this I have the three following questions:
  1) I'd like to limit the access to certain VIs and certain VI servers (if there will be more than one server) on user level. The IP address level access rights are not enough since multiple users may have the same IP address. There is a feature in Labview 8.0 called Domain Account Manager with which I can create domains and create users and user groups. Can I use this information to limit access to VIs running on a VI server? There seems to be a NI Security: Get Access Rights Method which is more or less undocumented. Where can this be used?
  2) How is the connection created by Open Application Reference and used in remote VI calls secured? Is the connection encrypted or can it be made encrypted using strong cryptography? How is the user information passed to the VI server when user logs in to a Domain Account Manager account? How is the user identity secured after the login during the session when user accesses security controlled resources?
  3) What is the NI Labview related roadmap for authentication, access control, accounting and security of remote connections? I would really appreciate if the roadmap would include features that would allow secure remote access to any labview resources with user level dynamically controllable access control. I also would like to see some kind of session management so that passive users could be automatically logged out.  I would also appreciate if each instance of re-entrant VI (or class objects in the future) could have different access rights that could be defined when VI (object) reference is opened. Now anybody who has access to a certain VI can access the dataspace of any reentrant instance of that VI.
  Tomi Maila

  It seems nobody knows... I assume no answer means no security at all. I suppose I have to write my own API for remote application calls then.
  I guess the following solution may work for user level security on remote VI calls. Put VI server behind a VPN capable firewall. This firewall is taking the responsibility of access control. Allow only VPN connections to pass trough the firewall. Allocate a unique IP-address for each VPN connection. Now each user has a separate dynamic IP-address. Since open application reference calls can be allowed/denied on the IP-address basis, this functions as a user level access control. However this is really overkill solution. Does anybody come up with anything simpler? Of course some other secure certificate based connection can be used instead of IP-sec based VPN.
  Tomi
  Message Edited by Tomi M on 06-05-2006 04:15 PM
  Tomi Maila

• I have 3dparty software wirelessly with a cryptographic authentication system without my consent (seems to be new technology developed by stanford) obtaining ownership of my iPhone 4s software and controlling it with remote device to jail break. Now what?

  I have 3rd party software wirelessly injected and used on my iphone with a cryptographic authentication system without my consent (seems to be new technology developed by stanford and apple security is not updated for this technology) obtaining ownership of my iPhone 4s software and controlling it with remote device to jail breaking my phone, adding and removing software, changing settings all from a remotely controled device from different location (I have a Mac address I'd of this device to know for sure). Almost undetectable. When I look at the legal section of my phone it shows a list of all the unauthorized 3rd party software "as is" copyright encrypted on the phone.  This is the most basic way to legally steal software of any kind.  Because of this legalality 3rd party ownership have total control of certain software correlated with hardware use including visualization technology, etc.  most people luckily will never have this happen to them so it's unlikely many readers have not a clue of what I'm saying currently.  Either way, without needing to obtain specific warranty of any kind "as is" copyright control makes system restores not a solution because the source code is not directly encrypted on the actual hardware device only a copy right notice must appear on the specific device 3rd party software validation making it extremely difficult for me to take control of the situation. Apple claims their iOS technology prevents this type copyright obstruction from being possible, however, according to my phone a new form of technology was used developed by Tom wu of Stanford university called the STANFORD SRP AUTHENTICATION TECHNOLOGY which uses Some form of cryptographic authentication system and uses quote "secure remote password" which seems to suceed in hacking iOS apple technology apple claims is not possible to jailbreak an unstolen phone or without the owners consent As well as loading the device with 3rd party copyright Notices to make all of this legalized. My phone shows atleast 30 pages worth of legalized 3rd party copyright permissions! Yesterday my apple care provider labeled me a jailbreaker and refused to look at my legal documented proof which completely blew my mind because it voides my apple care contract I spent 100 on. This employee did not take all factors into consideration and made quick assumptions as well as verbally speaking to me as I'm an automatic criminal. I left the store yesterday with no payed insurance help on a problem I had no control over and couldn't prevent, leaving with voided contracts. This is an apple users worst nightmare and I have spent days researching all of this like i am some kind of lawyer only to be able to use my phone the way it should and spent alot of money on.  I can legally backup any claim I have just wrote above currently and have a large source of data collected to prove apple is wrong in voiding insurance support on this issue. The problem lies in apple avoiding and not wanting to believe their software can legally be obtained ot "hacked". Yet still labeled a jailbreaker basically.. What should I do????? Been to local apple store 3 times and rebooted my phone as well sprint service restore 4 times and spoke with reps twiice on the phone. Spoke with my phone provider who said apple has full control over these matters so they can't help me.  My case is according to apple "still open"...Anyone else heard of this or of Stanford's office of technology licensing? Maybe I need to buy a blackberry again or just use a landline so I can stop being my own lawyer and focus on other productive areas in life instead of this horrible mess. I shouldn't have to prove to apple I not a jailbreaker they should have to prove I'm one before voiding support I desperately need!!

  Mullaly75 wrote:
  I assume u guys don't understand what open source software is
  Yes, I think most of us do understand what open source software is. It sounds as if you don't. Here's some information:
  Open-source software (OSS) is computer software that is available in source code form: the source code and certain other rights normally reserved forcopyright holders are provided under an open-source license that permits users to study, change, improve and at times also to distribute the software.
  Open source software is very often developed in a public, collaborative manner. Open-source software is the most prominent example of open-sourcedevelopment and often compared to (technically defined) user-generated content or (legally defined) open content movements.
  from http://en.wikipedia.org/wiki/Open_source_software
  Yes, Tom Wu of Stanford wrote a paper on something called Secure Remote Access Protocol. It's a form of Asymetric Key Exchange and has nothing to do with hacking anything. It's actually intended to protect data.

• How to resolve security sandbox violation (Error#2148) in Flex 3 on XP?

  Hi,
  When I tried to access an image on c:\ (on XP), I get the following error:
  *** Security Sandbox Violation ***
  Connection to file:///C:\DBFiles\3.jpg halted - not permitted from http://localhost/test-debug/test.swf
  -- Remote SWFs may not access local files.SecurityError: Error #2148: SWF file http://localhost/ullmanphp-debug/ullmanphp.swf cannot access local resource file:///C:\DBFiles\INDSprintOrgChart.pptx\3.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
  at flash.display::Loader/_load()
  at flash.display::Loader/load()
  It looks like some sort of mismatch on security settings. I have done the following so far (based on what I got by googling....)
  1. Flex comipler setting additional compiler arguments:  -use-network=false
  2. I have added a crossdomain.xml on the source directory with these lines...
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
  However, error is still appearing. How do I fix this for testing on my local machine. I cannot move to a webserver at this time.
  Thanks!.

  How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
  Security.sandboxType has one of the following values:
  remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
  localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
  localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
  localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
  application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
  Any input on how to set it would be greatly appreciated. Thanks!

• Remote Desktop Connection With Custom Certificate on Windows 8.1 fails

  I'm trying to establish a secured remote desktop connection without success.
  The setting
  There are some local pcs with windows 8.1 Pro and windows 7 Pro, no server-edition. I've created a self signed ca-certificate with openssl for Windows. I used this to sign custom certs for the local windows-pcs, which are installed at mmc -> certificate
  snap-in for local computer -> My Certificates -> Certificates. The networkdriver has the right to read the key. The sha1-fingerprint of the custom signed certs are registered at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  -> SSLCertificateSHA1Hash = sha-1 hash of the custom local cert. Additionally the revocation-list is restrained to the local list by setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp -> UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors
  = 1.
  The results
  The connection form win 8.1 to win 7 works. The connection info confirms that it is a veryfied connection. The connection to windows 8.1 fails after entering the credentials with error: No connection possible. Network Level Authentication is set, but other
  level don't work as well. The log (Event Views -> Applications and Services Logs -> Microsoft -> Windows -> TerminalServices-RemoteConnectionManager -> Admin) says "Remote Desktop Services has taken too long to load the user configuration
  from server" and "The Local Security Authority Cannot Be Contacted" (error 0x80090304)
  Aditional information
  The connection via linux (remmina) works for win 7 and win 8.1, but I have no information about the encryption. It is the same with the Microsoft Remote Desktop Tool for Android.
  Maybe it is accociatet with a different cert handling by Windows 8.1 but I couldn't find further information or a solution in the internet.
  Best regards
  abditus

  I solved the problem!
  The default openssl certificate signature algorithm is md5RSA but it doesn't work with windows 8.1.
  It is at least sha1RSA needed.
  By adding "default_md = sha1" to the openssl.cnf you create certs with sha1RSA and it works fine.
  Beste Gegards
  abditus

• Security Sandbox violation, opening links in Flash player

  Hi,
  I have a swf content and its content served from a content management server say for eg, http://www9.abc.com into the html file which is served from http://qwww9.abc.com The links embedded in the flash were not working, when these links are clicked I get this error when tried with Flash debugger player.
  *** Security Sandbox Violation ***SecurityDomain 'http://qwww9.abc.com/' tried to access incompatible context 'https://www9.abc.com/sample.swf'
  I had set a crossdomain policy file in a custom location in the content management server for this issue, but with the Flash player 9,0,115,0 this stopped working due to default policy change to "master-only". I will not be able to have this policy file in the root folder of the content management server or have the policy set in the HTTP response header.
  Is there anyother solution for this issue, for having the links work without setting the crossdomain policy file?
  Thanks in advance...

  How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
  Security.sandboxType has one of the following values:
  remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
  localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
  localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
  localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
  application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
  Any input on how to set it would be greatly appreciated. Thanks!

• IGS: Vulnerability "security hole in level 3"

  Hi!
  We are using SAP ERP 6.0 system with an ingetrated IGS 7.0
  We already changed IGS according to sap note 896400 to the version 7.00 (Patch 15)
  When we run scan on demand we get the following information: 
  A security hole in level 3 was found at server ServerX.
  Vulnerability-Level [highest]: 3
  Vulnerability-Level [highest counted]: 0
  Vulnerability Details
  Date: Sun 10 May 2009  1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 100806
  Vulnerability: External Server Registration is possible at sysnr 3
  ToDo: Secure remote registration of RFC programs (only possible in SAP Basis
  7.00 and later)
  CertRef: M906071
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 101802
  Vulnerability: IGS HTTP Administration is enabled and this version has
  reported vulnerabilities at sysnr 3
  ToDo: Upgrade to a higher patch level, i.e., for BC-FES-IGS 6.40 Patch Level
  17 or higher and for  BC-FES-IGS 7.00 Patch Level 07 or higher
  CertRef: SAP 34/09
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  End of Vulnerability Details
  Question:
  What we have to do to avoid s security holein level 3?
  Thank you very much!
  regards

  Do you solved tye probllem below. ???  Can you help me.
  I have the same problem.
  What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
  Thanks,
  Vulnerability Details
  Date: Sun 10 May 2009 1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:

• IGS: Vulnerability (security hole in level 3 was found)

  Hi!
  We are using SAP ERP 6.0 system with an ingetrated IGS 7.0
  We already changed IGS according to sap note 896400 to the version 7.00 (Patch 15)
  When we run scan on demand we get the following information: 
  A security hole in level 3 was found at server ServerX.
  Vulnerability-Level [highest]: 3
  Vulnerability-Level [highest counted]: 0
  Vulnerability Details
  Date: Sun 10 May 2009  1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 100806
  Vulnerability: External Server Registration is possible at sysnr 3
  ToDo: Secure remote registration of RFC programs (only possible in SAP Basis
  7.00 and later)
  CertRef: M906071
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 101802
  Vulnerability: IGS HTTP Administration is enabled and this version has
  reported vulnerabilities at sysnr 3
  ToDo: Upgrade to a higher patch level, i.e., for BC-FES-IGS 6.40 Patch Level
  17 or higher and for  BC-FES-IGS 7.00 Patch Level 07 or higher
  CertRef: SAP 34/09
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  End of Vulnerability Details
  Question:
  What we have to do to avoid s security holein level 3?
  Thank you very much!
  regards

  Do you solved tye probllem below. ???  Can you help me.
  I have the same problem.
  What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
  Thanks,
  Vulnerability Details
  Date: Sun 10 May 2009 1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor: