Security for Internal WLAN
I'm trying to figure out the best way to set up authentication on my WLAN for my internal users. I want to use certificates but I'm not exactly sure what layer 2, layer 3 and AAA settings I need to configure for certificates. If I do certificate authentication is that enough or do I also need to use something like RADIUS authentication?
Anyone got any good docs or recommendations on how to configure my WLAN for certificate authentication? Also, I'm curious what methods other people are using to secure their internal WLANs.
Thanks.
If you're looking for WLAN authentication, I would recommend PEAP. It requires all users to use their AD credentials and synchronizes with your AD infrastructure via RADIUS. You can use your own RADIUS server or ACS / AD for authentication.
I've used it in the past and it is very good.
The first link gives you some detail on PEAP.
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas0900aecd801764fa.html
The second link is a configuration guide.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml
Ven
Similar Messages
-
Wlc 5508 : guest users to be configured only give access for internal SAP application
Hi,
I have one new requirement with one of the client.
I have wlc 5508 with 6.0 firmware. I need to have one guest wlan which will have access only for internal SAP application.
I have gone through cisco document for internet guest users , where web page will be redirected with user name and password once it is authenticated , we can access internet.
Provided if we have access list configured in wlc ... for internet access only /
what about this mentioned scenario ?
can anybody suggest on the same ?Hi Vinod,
Go for the ACL on any Router or the switch.. i prefer not on the WLC..
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
Here is the link as well to do it on the WLC
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Lemme know if this answered ur question..
Regards
Surendra -
Database: Oracle8i Enterprise Edition Release 8.1.7.0.1
OS: Linux 7.1, Kernel 2.4.2-2
I have not been able to set the password for internal. I have tried using orapwd with parameter remote_login_passwordfile = exclusive under init<sid>.ora file. It did not work. I have tried changing the password for sys using alter user sys identified by <somepassword>. It did not work. I have logged into an sqlplus session under user sys and issued-- password internal. It also did not work. Does anyone know how to setup/change the password for internal?
The disturbing thing about this is that there is no password required for user internal. All one has to do is type-- sqlplus internal-- and it will log a user into Oracle as user sys with sysdba priviledges enabling one to do just about anything to the database they want to. This is a serious security problem.
Did I miss something? Has anyone else had this problem and fixed it?Hi,
every system user (UNIX) belonging to group "dba" - but nobody else - can login to oracle via sqlplus or svrmgrl as "user" internal without being asked for password. So the only security issue is to protect the UNIX server/UNIX account!
Pay attention: the connect internal is no longer supported with Oracle9i!
Regards,
Thomas. -
It was advised on a radio program to get Security for Macs as they are becoming a target. Is this the case?
Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Hi,
Can you please suggest how to implement this set-up? Two wlan's to be created internal and guest, where guest will be directed to Internet only. WLC deployed on this set-up. Internal users must be authenticated, kindly suggest mechanism. can i do mac-address filter with WPA2 for internal? If i am to implement ACL preventing Guest to access Internal VLAN, would this work?Hey Joseph,
Please find the steps below.
1) Create seperate VLANs for Guests and Internal staff.
2) You can use VACLs for blocking inter VLAN traffic from your L2 swithc or if ther is a router simple ACL would do the trick.
3) You can setup a local AD server which can be used for authenticating internal staff
(No need for guests to authenticate via this AD)
There are many ways to achieve, I need the exact setup.
The one that you have posted is ambiguous as it is unclear whether there is a router/L3 swithc between the WLC and ASA or ASA itself is acting as an L3 device and serving your routing purpose.
Please rate helpful posts..
Ameya -
Java.security.ProviderException: Internal error: lose session with active o
Our ap server is crashing unexpectedly after running for a period of time. The system is Solaris 10 and Sun App Server 8.1 EE.
The stack trace is:
java.security.ProviderException: Internal error: close session with active objects
sun.security.pkcs11.SessionManager.closeSession(SessionManager.java:197)
sun.security.pkcs11.SessionManager.access$000(SessionManager.java:48)
sun.security.pkcs11.SessionManager$Pool.release(SessionManager.java:253)
sun.security.pkcs11.SessionManager.releaseSession(SessionManager.java:155)
sun.security.pkcs11.Token.releaseSession(Token.java:245)
sun.security.pkcs11.P11SecureRandom.engineNextBytes(P11SecureRandom.java:98)
java.security.SecureRandom.nextBytes(SecureRandom.java:413)
java.security.SecureRandom.next(SecureRandom.java:435)
java.util.Random.nextInt(Random.java:188)
com.sun.enterprise.util.uuid.UuidUtil.getNextInt(UuidUtil.java:142)
com.sun.enterprise.util.uuid.UuidUtil.getNextRandomString(UuidUtil.java:146)
com.sun.enterprise.util.uuid.UuidUtil.generateUuid(UuidUtil.java:50)
com.sun.enterprise.util.uuid.UuidGeneratorImpl.generateUuid(UuidGeneratorImpl.java:25)
org.apache.catalina.session.ManagerBase.generateSessionId(ManagerBase.java:993)
org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:796)
org.apache.catalina.session.StandardManager.createSession(StandardManager.java:292)
org.apache.coyote.tomcat5.CoyoteRequest.doGetSession(CoyoteRequest.java:2365)
org.apache.coyote.tomcat5.CoyoteRequest.getSession(CoyoteRequest.java:2202)
org.apache.coyote.tomcat5.CoyoteRequestFacade.getSession(CoyoteRequestFacade.java:838)
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:265)
com.localmatters.mvc.web.filter.AptasServletRequestWrapper.getSession(AptasServletRequestWrapper.java:184)
com.localmatters.mvc.web.filter.AptasServletRequestWrapper.getSession(AptasServletRequestWrapper.java:170)
com.aptas.etosha.web.handler.ExceptionResolver.getModelAndView(ExceptionResolver.java:76)
org.springframework.web.servlet.handler.SimpleMappingExceptionResolver.resolveException(SimpleMappingExceptionResolver.java:174)
com.aptas.etosha.web.handler.ExceptionResolver.resolveException(ExceptionResolver.java:96)
org.springframework.web.servlet.DispatcherServlet.processHandlerException(DispatcherServlet.java:915)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:739)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:663)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:394)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:348)
javax.servlet.http.HttpServlet.service(HttpServlet.java:747)
javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
com.aptas.etosha.filters.InterceptorFilter.doFilter(InterceptorFilter.java:56)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:137)
com.localmatters.mvc.web.filter.AbstractSpiderFilter.doFilter(AbstractSpiderFilter.java:94)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:137)
com.localmatters.mvc.web.filter.EtoshaFilter.doFilter(EtoshaFilter.java:107)
Any help most welcome
Thanks
MikebrosThis issue seems like either a JDK bug or a JVM bug. Do you see any hs_err_pidxxxx.txt files created when appserver gets crashed? If so this is a JVM bug. You could try to upgrade your appserver's jdk to the latest version - 1.5.0_09 and/or ask for help in Java security related forum.
-
ClassCastException: weblogic.security.acl.internal.FileRealm
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?) method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives the exception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
ThxHi Kumar,
I took a look at config.xml
Looks like you do not have an alternate realm hooked into WebLogic and that is the
source of the problem.
If you try to cast anything to CachingRealm and call methods on it, when you don't have
an alternate realm, then the cast will fail with ClassCastException.
For example, take a look at the very, very simple JSP code
<%@ page import="
import java.util.*,
import weblogic.common.*,
import javax.servlet.*,
import javax.servlet.http.*,
import java.io.*,
import weblogic.security.*,
import weblogic.security.acl.User,
import weblogic.security.acl.Security,
import weblogic.security.acl.Realm,
import weblogic.security.acl.CachingRealm,
import weblogic.security.acl.*,
import java.security.acl.*,
import java.security.acl.Permission,
import java.security.Principal,
import javax.servlet.http.*,
import weblogic.html.*,
import weblogic.common.internal.WLColor
"%>
<%
response.setContentType("text/html");
BasicRealm basicRealm = Security.getRealm();
try {
((CachingRealm) basicRealm).clearCaches();
} catch (ClassCastException ce) {
out.println("There is a class cast.. getRealm ain't no returned a
CachingRealm");
out.println("This probably means that you don't have a pluggable realm hooked
into WebLogic.");
out.println("No pluggable Realm = no Cachingrealm!");
%>
This JSP will give you a class cast if you do not have some alternate realm hooked up
(LDAP, NTREalm, UnixRealm, RDBMSRealm)
But will work just fine if you do have an alternate realm hooked up .
I think that this is what you are seeing.
Hope this helps
Joe Jerry
kumar wrote:
Hi Jerry,
Thanks for your response.
I have attached my config.xml . It is a very small config.xml with all the default
configurations. Please look at it ..
Thx
Jerry <[email protected]> wrote:
Hi Kumar,
Do you have an alternate realm hooked into WebLogic (LDAP, UNIXrealm,
NTRealm,
CustomRealm)?
Thanks,
Joe Jerry
kumar wrote:
Hi,
I am trying to create new user through the CachingRealm.newUser(?,?,?)method..What
I do is -
weblogic.security.acl.BasicRealm baseRealm =
(weblogic.security.acl.BasicRealm)weblogic.security.acl.Security.getRealm();
weblogic.security.acl.CachingRealm realm = (weblogic.security.acl.CachingRealm)
baseRealm;
However it is not able to classcast to CachingRealm , it gives theexception -
java.lang.ClassCastException: weblogic.security.acl.internal.FileRealm..
Do I need to do anything else ?
Thx
Name: config.xml
config.xml Type: XML Document (text/xml)
Encoding: base64 -
Authorization object for Internal order
Hi experts,
My requirement is while creating the PO using the internal order as reference i need to check the internal order is valid for that user or not.
Is there is any standard authorization object for internal order is available using which i can validate the internal order by assigning this authorization object in the user role.Hello,
When you try to create internal order and once you get the error.
Open another session with /OSU53
This gives you the details of authorization objects or transaction codes you are lacking.
Provide this to security administrator of your team.
Hope your problem will be solved.
Regards,
Ravi -
I just want to make sure I am as safe as possible with all the internet hacking that has been in the Media. I have a Mac Mini that was purchased in Aug. 2013. Is it suggested to use an additional layer of internet security such as ESET® Cyber Security Pro - Internet Security for Mac ???
Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software.
☞ Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in everyemail attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It's as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
[CAUTION] CC for international students - SelfScore
According to user jsucool76 - who contacted the company directly - they do not report to CRAs if no SSN is supplied during application (one is not required). If a customer then gets a SSN and supplies it to SelfScore they claim they will then start reporting to CRAs. It is not clear at this time what CRAs they report to, if they "backdate" to the time you originally opened your account with them, and then how often they report. So request more details before embarking on this Original post: I know this question has been asked here a few times. I came across this and thought i would share. It seems like a fantastic product.
Highlights:
- CC that only international students can apply for
- No SSN required. You apply by sending them your passport copy, immigration form (to prove you are a student), visa copy and a babk statement
- Starting limit $1000; no clue if it can grow
- no AF or from what i can tell no other BS fees
- APR 0% for 6 months, then 13-23% variable
- 1% cashback on all purchases
Www.selfscore.com
It appears to be a startup banking on the fact that international students have a lower default risk than the general US population. My assumption is they like to see some assets (although i don't know how much is enough - is 1k enough? 5k?). They probably don't HP.
Anyway, unless i am missing something this SelfScore seems to be a dream product for international students who want to establish credt historyHello! This is Alee, Content Director of SelfScore. First of all, thanks for your interest and for taking the time to research our credit card. Based on what's mentioned here, I thought I'd clarify a few facts about our card: -We DO report to credit bureaus once you link an SSN to your SelfScore account-We offer a real credit card, not a debit card or secured credit card-We DO NOT require a cash deposit This is a real credit card for international students that allows you to build a proper US credit history. It is an introductory-level card with a low spending limit and fair APR (these numbers vary based on our users' individual circumstances) plus cash back and no annual fees. We are former international students who wanted to help younger versions of ourselves access US credit while they study. We're neither a predatory service nor a dream come true. We're offering fair credit to those who deserve it: a population of international students whose creditworthiness could not be measured by existing metrics. We use alternate verification methods such as ability to repay, education, and personal funding sources to substitute for traditional (and outdated) verification methods. If you are an international student interested in our card, sign up for our waitlist. If you want a more detailed answer to anything mentioned here, please contact [email protected] Hope this helps! -Alee
-
Hi All,
i have deployed the EAR in SAP WEbAS 6.40. after deployment, server internally copied ear into several locations. i can easily reverse engineering them. How can i provide a security for the ears that have been copied by the server after deployment.
Thanks & Regards,
NagaLaxmiHi,
I'm not sure what you mean by providing security. Do you mean preventing access to the ear or preventing reverse engeneering?
regards,
Dion -
CALLER ID not working for International incoming calls
Hi,
I've a strange issue where CALLER ID not working for International incoming calls, it shows INTERNATIONAL UNKNOWN NUMBER in the phone display, but the number shows correclty in Verizon Call assistant !!!
Any clue?yashshankar wrote:
Hi
I recently purschased an Online number but the caller id does not work for incoming calls.How do we resolve this problem?.
Regards
Yash
You didn't mention what country your Online Number is in. Not all of Skype's Online Numbers are eligible for use as Caller ID when calling telephones or sending SMS messages. If your number is from one of these countries (Chile, Denmark, Estonia, Hong Kong, Poland, Sweden, the UK and the US), then it can be used this way. Otherwise, you can use a mobile number from countries other than Japan or Mexico as Caller ID with Skype, after the number goes through a verification process where Skype sends SMS messages with codes to that number.
To get to these settings, log into your Skype account here on the Skype web site using the "Account" link at the top of this page. You'll see a screen that would include your current Caller ID settings, and a link to change that. If your Online Number is from one of those countries I referenced above, just select it and you're done.
Hope that helps!
Patrick
Location/Ubicacion: Arizona USA
Time Zone/Hora Local: UTC/GMT -7
If this message has adequately addressed your issue, please click on the “Accept as Solution” button. If you found a post useful then please "Give Kudos" at the bottom of my post, so that this information can benefit others.
Si esto mensaje le ha ayudado, por favor haga clic en "Aceptar como solución". Si encuentra un mensaje útil, por favor "Da Kudos" al final del mensaje, por lo que esta información puede beneficiar a otros.
I am not a Skype employee. No soy un empleado de Skype. -
Memory Dump :FBL5N No roll storage space of length 1753104 available for internal storage.
Dear Friends,
I am getting below error during T-Code FBL3N Report. No roll storage space of length 1753104 available for internal storage.
Our Server' RAM size is 24 GB,and existing parameters are as below
ztta/roll_area: 6500000
ztta/roll_extension:2000683008
abap/heap_area_total:2000683008
abap/heap_area_dia: 5000000000
abap/heap_area_nondia: 2000683008
em/initial_size_MB: 4092
Please suggest Parameter to be change.
Details Dump log ST22
Runtime Errors TSV_TNEW_BLOCKS_NO_ROLL_MEMORY
Date and Time 04.03.2014 10:18:48
|Short Text |
| No roll storage space of length 1753104 available for internal storage. |
|What happened? |
| Each transaction requires some main memory space to process |
| application data. If the operating system cannot provide any more |
| space, the transaction is terminated. |
|What can you do? |
| |
| Try to find out (e.g. by targetted data selection) whether the |
| transaction will run with less main memory. |
| |
| If there is a temporary bottleneck, execute the transaction again. |
| - |
| |
| If the error persists, ask your system administrator to check the |
| following profile parameters: |
| |
| o ztta/roll_area (1.000.000 - 15.000.000) |
| Classic roll area per user and internal mode |
| usual amount of roll area per user and internal mode |
| o ztta/roll_extension (10.000.000 - 500.000.000) |
| Amount of memory per user in extended memory (EM) |
| o abap/heap_area_total (100.000.000 - 1.500.000.000) |
| Amount of memory (malloc) for all users of an application |
| server. If several background processes are running on |
| one server, temporary bottlenecks may occur. |
| Of course, the amount of memory (in bytes) must also be |
| available on the machine (main memory or file system swap). |
| Caution: |
| The operating system must be set up so that there is also |
| enough memory for each process. Usually, the maximum address |
| space is too small. |
| Ask your hardware manufacturer or your competence center |
| about this. |
| In this case, consult your hardware vendor |
| abap/heap_area_dia: (10.000.000 - 1.000.000.000) |
| Restriction of memory allocated to the heap with malloc |
| for each dialog process. |
| Parameters for background processes: |
| abap/heap_area_nondia: (10.000.000 - 1.000.000.000) |
| Restriction of memory allocated to the heap with malloc |
| for each background process. |
| Other memory-relevant parameters are: |
| em/initial_size_MB: (35-1200) |
| Extended memory area from which all users of an |
| application server can satisfy their memory requirement. |
| Note which actions and input led to the error. |
| |
| For further help in handling the problem, contact your SAP administrator |
| . |
| |
| You can use the ABAP dump analysis transaction ST22 to view and manage |
| termination messages, in particular for long term reference. |
| |
|Error analysis |
| The internal table "\CLASS=ZCL_IM__GTA_TAX_CODE\METHOD=IF_EX_FI_ITEMS_CH_DATA~C |
| HANGE_ITEMS\DATA=GT_BSIK" could not be enlarged further. |
| |
| Memory location: "Session memory" |
| |
| You attempted to extend the data structure for the management of the |
| memory blocks for table "\CLASS=ZCL_IM__GTA_TAX_CODE\METHOD=IF_EX_FI_ITEMS_CH_D |
| ATA~CHANGE_ITEMS\DATA=GT_BSIK". However, the 1753104 bytes required for |
| this were no longer available in the specified memory area. |
| |
| The amount of memory requested is no longer available. |
|How to correct the error |
| |
| Try to decide by analysis whether this request is |
| reasonable or whether there is a program error. You should pay |
| particular attention to the internal table entries listed below. |
| |
| |
| |
| |
| |
| |
| If the error occures in a non-modified SAP program, you may be able to |
| find an interim solution in an SAP Note. |
| If you have access to SAP Notes, carry out a search with the following |
| keywords: |
| |
| "TSV_TNEW_BLOCKS_NO_ROLL_MEMORY" " " |
| "ZCL_IM__GTA_TAX_CODE==========CP" or "ZCL_IM__GTA_TAX_CODE==========CM001" |
| "IF_EX_FI_ITEMS_CH_DATA~CHANGE_ITEMS" |
| |
| If you cannot solve the problem yourself and want to send an error |
| notification to SAP, include the following information: |
| |
| 1. The description of the current problem (short dump) |
| |
| To save the description, choose "System->List->Save->Local File |
| (Unconverted)". |
| |
| 2. Corresponding system log |
| |
| Display the system log by calling transaction SM21. |
| Restrict the time interval to 10 minutes before and five minutes |
| after the short dump. Then choose "System->List->Save->Local File |
| (Unconverted)". |
| |
| 3. If the problem occurs in a problem of your own or a modified SAP |
| program: The source code of the program |
| In the editor, choose "Utilities->More |
| Utilities->Upload/Download->Download". |
| |
| 4. Details about the conditions under which the error occurred or which |
| actions and input led to the error. |
| |
|System environment |
| SAP-Release 700 |
| |
| Application server... "NEWPRD1" |
| Network address...... "10.0.0.1" |
| Operating system..... "Windows NT" |
| Release.............. "6.0" |
| Hardware type........ "16x AMD64 Level" |
| Character length.... 16 Bits |
| Pointer length....... 64 Bits |
| Work process number.. 19 |
| Shortdump setting.... "full" |
| |
| Database server... "NEWPRD1" |
| Database type..... "ORACLE" |
| Database name..... "PRD" |
| Database user ID.. "SAPSR3" |
| |
| Terminal................. " " |
| |
| Char.set.... "C" |
| |
| SAP kernel....... 700 |
| created (date)... "Sep 17 2012 22:56:00" |
| create on........ "NT 5.2 3790 Service Pack 2 x86 MS VC++ 14.00" |
| Database version. "OCI_10201_SHARE (10.2.0.4.0) " |
| |
| Patch level. 353 |
| Patch text.. " " |
| |
| Database............. "ORACLE 10.1.0.*.*, ORACLE 10.2.0.*.*, ORACLE 11.2.*.*.*" |
| SAP database version. 700 |
| Operating system..... "Windows NT 5.0, Windows NT 5.1, Windows NT 5.2, Windows |
| NT 6.0, Windows NT 6.1, Windows NT 6.2" |
| |
| Memory consumption |
| Roll.... 16192 |
| EM...... 1826770240 |
| Heap.... 0 |
| Page.... 40960 |
| MM Used. 1815573536 |
| MM Free. 2717408 |
|User and Transaction |
| |
| Client.............. 500 |
| User................ 1651 |
| Language key........ "E" |
| Transaction......... " " |
| Transactions ID..... "ED4EA3E3AB0AF11DA318E61F131BC713" |
| |
| Program............. "ZCL_IM__GTA_TAX_CODE==========CP" |
| Screen.............. "SAPMSSY0 1000" |
| Screen line......... 6 |
|Information on where terminated |
| Termination occurred in the ABAP program "ZCL_IM__GTA_TAX_CODE==========CP" - |
| in "IF_EX_FI_ITEMS_CH_DATA~CHANGE_ITEMS". |
| The main program was "RFITEMGL ". |
| |
| In the source code you have the termination point in line 64 |
| of the (Include) program "ZCL_IM__GTA_TAX_CODE==========CM001". |
| The program "ZCL_IM__GTA_TAX_CODE==========CP" was started as a background job. |
| Job Name....... "RFITEMGL" |
| Job Initiator.. "BASIS" |
| Job Number..... 09115400 |
|Source Code Extract |
|Line |SourceCde |
| 34| MANDT TYPE BSEG-MANDT, |
| 35| BUKRS TYPE BSEG-BUKRS, |
| 36| BELNR TYPE BSEG-BELNR, |
| 37| GJAHR TYPE BSEG-GJAHR, |
| 38| BUZEI TYPE BSEG-BUZEI, |
| 39| QSSKZ TYPE BSEG-QSSKZ, |
| 40| KTOSL TYPE BSEG-KTOSL, |
| 41| HKONT TYPE BSEG-HKONT, |
| 42| END OF TY_BSEG, |
| 43| |
| 44| BEGIN OF TY_FINAL, |
| 45| BUKRS TYPE BSEG-BUKRS, |
| 46| BELNR TYPE BSEG-BELNR, |
| 47| GJAHR TYPE BSEG-GJAHR, |
| 48| END OF TY_FINAL. |
| 49| |
| 50| DATA: CW_ITEMS TYPE RFPOSXEXT, |
| 51| GT_BSIK TYPE STANDARD TABLE OF TY_BSIK, |
| 52| GW_BSIK TYPE TY_BSIK, |
| 53| GT_BSAK TYPE STANDARD TABLE OF TY_BSAK, |
| 54| GW_BSAK TYPE TY_BSAK, |
| 55| GT_BSEG TYPE STANDARD TABLE OF TY_BSEG, |
| 56| GW_BSEG TYPE TY_BSEG, &nbsap basis wrote:
|Information on where terminated |
| Termination occurred in the ABAP program "ZCL_IM__GTA_TAX_CODE==========CP" - |
| in "IF_EX_FI_ITEMS_CH_DATA~CHANGE_ITEMS". |
| The main program was "RFITEMGL ". |
| |
| In the source code you have the termination point in line 64 |
| of the (Include) program "ZCL_IM__GTA_TAX_CODE==========CM001". |
| The program "ZCL_IM__GTA_TAX_CODE==========CP" was started as a background job. |
| Job Name....... "RFITEMGL" |
| Job Initiator.. "BASIS" |
| Job Number..... 09115400 |
First of all try to optimize code. -
Is anyone set up to use anycast for internal DNS?
Good Afternoon,
I've been considering using Anycast to provide some redundancy for internal DNS lookups. Configuring DNS and subsequent slave zones in Leopard is easy enough and as I understand it, Anycast is just a way of configuring routers so that one IP address can resolve to many different machines.
I see some of the benefits of using Anycast in that we can have the same 2 dns ip addresses in perpetuity and that as long as one node is up, people will be able to get out.
So my question to you guys: Has anyone done this? If so, is there anything I need to look out for before I start? Is there something you wish you'd known before you started down this path.
I'd love to hear your experiences and read any documentation you might have kept. I thought Mr Hoffman's write up on his DNS services was really excellent btw.
Cheers,
daveDo you have a particularly large infrastructure?
IP Anycast is usually implemented via BGP announcements from your router(s), with each router using the BGP tables to determine the 'best' server to use. If you're doing this for internal DNS then that assumes you're already running IBGP.
Even then, BGP is a pretty dumb protocol - all it does is say 'hey, here's how to get to a.b.c.d IP address'. It has no idea whether the specific server/service you're after is available at that address.
In other words, even if you setup IP Anycast via IBGP you'll still have clients routing to a dead server unless you can somehow update your BGP tables when a server goes down. Not a trivial task for most routers.
It sounds like what you really want is more load balancing than IP Anycast. There are numerous load balancers than can do this. Another option (if your DNS servers are physically close) is to use some kind of failover process so that the second server assumes the role (and IP address) of the first server should it fail (and vice versa). That option is built-in to Mac OS X Server (although it takes a little command-line jiggling to get it working).
Then again, the whole point of defining multiple DNS servers on the client is that the client will automatically fail over to alternate servers if it doesn't get a response from the first - in other words, the clients already have built-in failover for DNS (although the user will notice lookup delays when the primary server is offline). -
GR/IR Account - one for internal vendor and another for external vendors
Hi Experts,
Can I have two GR/IR accounts - one for internal vendors and another for external vendors? Please let me know.
Thank you.
with regards,
Muthu Ganapathy.Hi Muthu,
GR/IR accounts are not dependent on Vendors, they are dependent on Materials, to be precise on Plant/Valclass.
You can post to 2 different GR/IR accounts if you set up 2 different classes. then it is possible.
For setting up the same. Go to T.code : OBYC, Transaction : WRX.
Here Setup different GR/IR accounts per val.class.
Letme know if you need further info
Thanks
Kalyan
Maybe you are looking for
-
This error message keeps popping up overtime I try to play an iTunes bought tv show from my mac book pro to my apple tv "An error occurred while connecting to the AirPlay device "Living Room Apple TV". An unknown error occurred (406)." Does anyone kn
-
Does not open. Instead Microsoft error message "encounters a problem and needs to close". I have already tried the uninstall & reinstall "solution". What else can I do. I have a paid for document I would like to read. Thanks.
-
FCP Dropped Frames on HD Capture - No Warnings
Hi, I've been having a devil of a time capturing HD video on my Mac Pro (specs below). I'm capturing about 45 minutes of video from a MiniDV HD camcorder (Sony HDR-HC5). Not sure what camera shot the footage. It seems that every time I capture, FCP c
-
Expert Dept should display based on GL account in Pur Req
Hi Guys, In ME51N, when enter GL account number for line item in 'Account Assignment' Tab, Expert department(MRT controller) should display automatically from Ztable. Expert dept : eban-dispo GL Acct : ebkn-sakto when we choose Line item type is
-
Retention Policy Recurrence Not Working
I have created a Retention Policy which starts a workflow (see below). The workflow starts a Task Process to remind the owner to review a document and then decide whether it needs to be deleted or kept. If they choose to delete the document, it get