Security Manager Performance

Similar Messages

• Advanced Security Manager

  I downloaded the Advanced Security Manager from the website and installed on my PC. All functions seem to work fine with the exception of the import and export functions. Whenever I attempt to perform either of these functions, Security Manager closes.Was wondering if anyone has any thoughts on this? We're running Essbase 6.1p2 on AIX.Thanks!Jeff Richardson

  I have tried this "free" app on one of my test Essbase server. I was scared to use this app on my production server because unexpected things? may be caused by the program to corrupt my essbase.sec. I could not restart my Essbse server and i have to restored my essbase.sec from the tape backup.So anyone who used this app should be very cautious.

• Java.security.manager ?

  My understanding about Java SecurityManager is when you want to use it,
  it have to be installed. It can be installed through
  using -Djava.security.manager
  option with java command or calling setSecurityManager() in the application.
  I'm sure that WLS startup script marketed with WLS5.1
  used -Djava.security.manager
  option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
  install a SecurityManager through setSecurityManager() method?
  I'm just curious to know why they are different between WLS5.1 and
  WLS6.1/7.0.
  Thanks in advance,
  Koji Sekiguchi

  6.1 and 7.0 do not install a SecurityManager programattically. It was
  decided that most people do not make use of the added security provided
  by the security manager and that it has a significant performance hit on
  the VM (I think we found 6-7% degradation but it was a long time ago so
  I may be way off) so that it did not make sense to run with it by
  default. Instead we tell people to turn it on who need it. It seems
  better because all of the security conscious people know to look for it
  and all of the security unaware folk don't know enough to turn it off so
  they are stuck with the degradation.
  The SecurityManager is really most helpful if you are installing
  untrusted applications on your app server (something most users don't
  do). It does next-to-nothing to prevent remote attacks.
  Neil Smithline
  Koji Sekiguchi wrote:
  My understanding about Java SecurityManager is when you want to use it,
  it have to be installed. It can be installed through
  using -Djava.security.manager
  option with java command or calling setSecurityManager() in the application.
  I'm sure that WLS startup script marketed with WLS5.1
  used -Djava.security.manager
  option, however, WLS6.1 and WLS7.0's script don't use the option. Do they
  install a SecurityManager through setSecurityManager() method?
  I'm just curious to know why they are different between WLS5.1 and
  WLS6.1/7.0.
  Thanks in advance,
  Koji Sekiguchi

• Cisco security Manager Backup error

  i  am getting  the below  error  after the backup in Cisco Security  Manager 3.2
  [Sun Dec 20 00:00:05 2009]  ERROR(313): D:/backup.LOCK file exists
  Most probably another backup process is running
  [Sun Dec 20 00:00:05 2009]  Backup failed: 2009/12/20 00:00:05
  i have deleted the backup.LOCK file and tried  it is giving the same error.
  any one help me in this.
  thanks in advance.

  Update:
  WHen performing the same action through the client interface, rather than from the server interface the backup has appeared to work.
  Is this a feature?
  Needless to say I was able to run a backup.
  Steve

• Catalyst 3750x and 4510R and Cisco Security Manager

  Hi,
  I just downloaded and install trial (evaluation) version of Cisco Security Manager 4.3. In supported devices list I saw Cisco Catalyst 3750 and 4510R but when I try to add it I got for 3750:
  Invalid device: Device is a switch and cannot be mapped to a Generic Router model.
  Please verify the selected device type, OS version and device configuration
  For 4510R:
  Invalid device: Version 03.03.00.SG (N/A) is not supported for the device type of Cisco Catalyst 4510R Switch Please verify the selected device type, OS version and device configuration
  We need to make a purchase decision but for it we need to import all of our devices and perform some tests.
  Thanks in advance for your replies!
  BR, Vasily.

  I figured this out on my own -- change Compatibility mode of the installer to be Windows 8 (which is same OS version as Windows 2012) and it installs just fine.

• Cisco Security Manager Advice

  Hi,
  I'm looking into Cisco Security Manager. From what I understand you can monitor and manage Cisco security appliances. I'm interested in the monitoring of our Cisco ASAs - specifically, monitoring VPN sessions and their  trending over months at a time and I would like to monitor other Cisco devices on the network for link problems/performance and such - I don't want to use Cisco Security Manager as a management point. Would Cisco Security Manager not be the right tool for this?
  We have SolarWinds and I've heard that you can assign UnDPs(Device Pollers) to devices you want to monitor, including ASAs and these pollers can give you trending for VPN sessions with graphing. I just want to make the most of our budget dollars.
  Any advice?
  Thanks, Pat.

  CSM 4.3 and above can be used to monitor VPN sessions on Cisco ASAs. You can definitely use CSM as a monitoring only solution for ASAs (without using it for management). You can also explicitly disable policy change privileges for all admins so they do not modify stuff by mistake. Note however that CSM is primarily focused on end-to-end management scenarios (including policy change, troubleshooting, reporting, etc). So you may not find all the bells and whistles in CSM for monitoring scenarios that you may find with some of the pure monitoring only solutions.

• Disabling the Security Manager

  When the J2EE 1.4 refernce server is running with the Security Manager disabled the web based admin console stops working (some sort of JACC error),although asadmin seems to work fine. Which leads to a few questions :
  1. Is there a way to disable the Security Manager and use the web console ?
  2. Are there other downstream effects to running the server without the Security Manager enabled ? What other features can/will fail?
  Its nice to see Sun putting an emphasis on out of the box security, but using the Security Manager is a real pain during development and is overkill for alot of internal deployments.

  Hi,
  There is no mechanism to disable the SecurityManager in J2EE 1.4. JACC (JSR115) is a new spec that went into 1.4 that allowed for plugging authorization provider in the J2EE. This spec makes it mandatory for us to have the security manager on all the time.
  If you turn off the security manager, the web console should not work properly as it is a web app and has security permissions defined that are interpreted by our JACC provider.
  Downstream effects of running the server with security manager disabled, will mean that all checks that we have as part of the server policy will fail and ofcourse all applications that use authorization checks will fail too.
  We have spent considerable time from this release to improve the performance of the system with the security manager enabled. You should look out for the next release coming out that will have these optimizations.

• Ensuring applications use a Security Manager

  Is it possible to enable the use of a security manager by default for Java applications?
  I understand that I can enable a security manager by using the -Djava.security.manager command-line option to java and javaw. But to utilise that I need to modify all scripts that call java/javaw, and I need to remember to include it when running all future java applications I acquire.
  These are the possibilities I've looked at:
  1. A configuration file that stores default options to those commands (similar to the ide.cfg in Netbeans). To my knowledge this feature doesn't exist.
  2. A configuration file for specifying default system properties (the -D prefix indicates it's a system property to be passed to the VM). Again, to my knowledge such a feature doesn't exist.
  3. An option in the ${java.home}/lib/java.security "master security properties file" which forces security managers by default. I couldn't find any such option. In fact, I couldn't find any solid documentation about this master security properties file on the Java web site. (The only information I found was about the JAAS extensions to this file).
  Any help will be greatly appreciated.
  There are two further options I would like to try, but they are nontrivial.
  A. Move to a Unix-based platform where the java/javaw commands are likely to be implemented as shell scripts to which the default options can readily by added. Or if they are not can be seemlessly replaced with a shell script. (I would really like to do this, I've tried to make the switch thrice in the past but have so far encountered difficulties).
  B. Build new java.exe and javaw.exe executables that invoke the originals (perhaps renamed to java-unsafe.exe) with the required default options (perhaps even reading the options from a text file a la Netbeans).
  Thanks in advance. Hopefully there is something obvious I've overlooked that does this.
  P.-S. I notice another poster raised this issue last year, but it received no replies. That post can be found here:
  http://forum.java.sun.com/thread.jsp?forum=61&thread=301657

  For those following this thread I've managed to make one step towards ensuring that no Java code is run locally without a Security Manager.
  It's an OS-level solution protecting against code run by double-clicking a jar file. (Admittedly this is not something I do often, but it's a start).
  The OS is Windows 2000 Professional. To add this protection, I performed the following steps.
  1. Choose the 'Tools'|'Folder Options...' menu item from within Windows Explorer.
  2. Within the 'File Types' tab, select the 'JAR' extension and click 'Advanced'.
  3. Click 'New...'.
  4. Type something like 'run with manager' in the 'Action' field. Type cmd.exe /c "java.exe -Djava.security.manager -jar "%1" %* & pause.exe" in the other field. Click OK.
  5. Ensure that this 'run with manager' action is the default. (I believe that the 'Set Default' button is supposed to do this. It did not do so for me. On my setup the default action was always the action with the earliest alphabetically-listed name.)
  sudheesh_j: Do you have any recommendations as to how to contact Sun? Should I post a Feature Request, or is there a list or email address that I should contact?

• " plug-in name does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari Security "Manage Website Settings"?

  Hi,
  Wondering why "<plug-in name> does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari > Security > "Manage Website Settings"?
  Have been trying to get to the root cause of the problem but did not find much on this. I am trying to figure out what can get the warning to go away completely than using the Allow/Always Allow options for the plug-in
  Thanks,
  Shyam

  Hi Linc,
  Thank you for your response. Here is the screenshot of the warning that I am talking about.
  Here is what I do:
  1. Launch Safari and open its Preferences. I have Safari 7.1 installed on my machine.
  2. Click Security Tab and click Manage WebSite Settings
  3. A window opens showing me all the Plug-ins that I have (listed on the left hand side).
  4. One of them is the Adobe Reader plug-in. When I click Adobe Reader, the following details about the plug-in show up on the right
  I was referring to the highlighted section that warns me about this plug-in not using the highest level of security for Safari Plug-ins.
  Note: I do not see this for all my plug-ins (QuickTime, Adobe Flash Player don't give me this warning) which tells me that there is a way to make the warning go away.
  Thanks again,
  Shyam

• Need security management software for OS 8.6 through 9.2

  Are there any security management softwares available these days for OS 8.6 through OS 9.2? Something which lets the computer owner turn off firewire and USB is what I'm looking for. It would be nice to be able to allow only some selected USB devices, like a keyboard and a printer or scanner, and still disallow external drives or thumb flash drives, but turning off all USB would be useful on machines which don't need USB keyboards, like beige or B&W PMG3 computers or G3 iBooks.

  Are there any security management softwares available these days for OS 8.6 through OS 9.2? Something which lets the computer owner turn off firewire and USB is what I'm looking for. It would be nice to be able to allow only some selected USB devices, like a keyboard and a printer or scanner, and still disallow external drives or thumb flash drives, but turning off all USB would be useful on machines which don't need USB keyboards, like beige or B&W PMG3 computers or G3 iBooks.

• Rmi with security manager not working in netbeans

  Hello i'm trying to use rmi but get the error java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve) when i run it in netbeans. here is my code
  public static void main(String[] args) {
          if (System.getSecurityManager() == null) {
              System.setSecurityManager(new SecurityManager());
          try {
              String name = "Compute";
              Compute engine = new ComputeEngine();
              Compute stub =
                  (Compute) UnicastRemoteObject.exportObject(engine, 0);
              Registry registry = LocateRegistry.getRegistry();
              registry.rebind(name, stub);
              System.out.println("ComputeEngine bound");
          } catch (Exception e) {
              System.err.println("ComputeEngine exception:");
              e.printStackTrace();
      }It works if i don't have a security manager and it works with a security manager if i don't use netbeans to run it and use the command line. i need to use a secuirty manager because the client code is running in eclipse and it moans that there is no security manager if i run it without one
  this is the error i get when running with no security manager
  java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
       java.lang.ClassNotFoundException: takenoteremote.Compute (no security manager: RMI class loader disabled)
  Please help

  I have sort of got it to work, i took out the security manager and used the code base parameter on the command line, and put my interface into a jar file. I can only get it to work though on the command line, if i run it in netbeans it doesn't find the class in the jar file it needs.
  Any ideas?

• Windows 2008 r2 Cluster not starting - "unable to create security manager worker queues"

  Hello, following a power outage, we got a serious cluster error preventing the start of the cluster.
  We are trying to interpret the only four lines the cluster.log generates :
  00000330.000016cc::2014/09/26-10:44:06.348 ERR   [WTQ] bogus file creation failed, 2
  00000330.000016cc::2014/09/26-10:44:06.348 ERR   [WTQ] bogus file creation failed, 2
  00000330.000016cc::2014/09/26-10:44:06.348 ERR   [CS] Unable to create SecurityManager worker queues, 2
  00000330.000016cc::2014/09/26-10:44:06.363 ERR   Error 6
  AND if starting clussvc manually :
  Got ERROR_FILE_NOT_FOUND(2)' because of 'Error while creating the Security Manag
  er's Thread Pool' in
      000007fe:fd69940d( ERROR_MOD_NOT_FOUND(126) )
      00000000:001ff190( ERROR_MOD_NOT_FOUND(126) )
  We suspect a DLL problem (because of mod not found), but we are unable to find the ones involved even with process monitor.
  clusdb hive seems ok.
  The situation is serious, can anybody help, please ?

  Hi RodV,
  This error usually caused by cluster service fails to open a 
  handle to the \NUL device, Device manager shows the device instance in error state.
  Please check whether the following register value still exist, if not please backup your current registry then add the it.
  HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NULL\0000\CONTROL
  ActiveService REG_SZ Null
  I am glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Problem with Advanced Security Manager

  Hi
  I am using the advanced security manager to migrate security from Essbase 7 server to Essbase 11 server. The users who are externally authenticated on essbase 7 server are under native security mode on the Essbase 11 server after security import.Does the Advanced security manager put all the users (whether they are externally authenticated or under native security mode) in native security mode after import?
  Please help

  Hello 831221
  In version 11 "native" means that the users are stored in OpenLDAP (once Essbase was externalized).
  You would only be able to create "external" users if the Shared Services have been connected to an external User Source (e.g. MSAD) prior to
  importing the users.
  best regards
  .T

• Security manager not used with JNDI ?!

  Hi,
  I have a simple stand-alone java app that does a JNDI lookup
  and subsequent method invocation on the returned session bean.
  I never explicitly install a security manager and am wondering
  why there are no security problems getting the bean proxy
  and any subsequent code downloads from the WebLogic server.
  Seems like this would never work under under pure RMI, so
  what's going on in this case?
  Thanks, Garry

  Hi,
  According to the screenshot, it seems like compatibility problem, What's the type of your system?
  In addition, you can refer to the link below to view its compatibility list.
  http://gallery.technet.microsoft.com/LocalGPOmsi-Excellent-MS-2593b2eb
  Roger Lu
  TechNet Community Support

• Saving Password for a pdf file in HP Client Security Manager

  Hello,
  I want to save the password for a pdf file in the Password Manager of the HP Client Security Manager Software but the symbol for the entry of the password is not appearing on the top right of the screen. If I use the registered fingerprint a dialog opens where the Client Security Manager asks which account it should use to login. But i can't add a password for the file. The login for websites is perfectly fine. 
  Do you have any idea how to fix that?
  Is there a way to manually enter password for files?
  Thanks in advance.

  Thanks for the information.
  Suggest you to try uninstall and re-install the latest version which is - 8.3.3.1762. The direct link is:
  http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?sp4ts.oid=5405363&spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState%3Didx%253D%257CswItem%253Dob_129972_1%257CswEnvOID%253D4060%257CitemLocale%253D%257CswLang%253D%257Cmode%253D%257Caction%253DdriverDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
  If this does not fix, then suggest you to log a call with technical support.
  Please do post any progress on this.