Using PKI to secure our infrastructure

Similar Messages

• Error message on every website says: whateversite 443 uses an invalid security certificate

  Every website and page, including Firefox and Mozilla webpage and even within Firefox preferences, I get an error message like this: mozilla.org:443 uses an invalid security certificate. I then must click cancel over and over to get away from the page.
  My internet is fine, and I am not having any issues with Chrome or Safari on my OS X 10.6.3. however, I prefer Firefox for many reasons. I have already tried starting in Safe mode and reset everything to default, but made no change. Also reinstalled Firefox. Please advise. Thank you!
  == This happened ==
  Every time Firefox opened
  == in April 2010 ==
  == User Agent ==
  Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.55 Safari/533.4

  Here is what I get when I try and load THIS PAGE in Firefox. I used Chrome to paste this.
  Troubleshooting Information
  This page contains technical information that might be useful when you're
  trying to solve a problem. If you are looking for answers to common questions
  about Firefox, check out our support web site.
  Copy all to clipboard
  Application Basics
  Name
  Firefox
  Version
  3.6.3
  Profile Directory
  Show in Finder
  Installed Plugins
  about:plugins
  Build Configuration
  about:buildconfig
  Extensions
  Name
  Version
  Enabled
  ID
  Modified Preferences
  Name
  Value
  browser.history_expire_days.mirror 180
  browser.places.smartBookmarksVersion 2
  browser.startup.homepage_override.mstone rv:1.9.2.3
  extensions.lastAppVersion 3.6.3
  network.cookie.prefsMigrated true
  privacy.sanitize.migrateFx3Prefs true

• Pros and Cons in using Oracle Advanced Security vs IPSEC?

  In the CIS guidelines I've read the following:
  "OAS Integrity/Encryption should only be used if required because of non-SSL clients"
  and
  "Only implement OAS if a local integrity/encryption policy does not already exist, e.g., IPSec or other means for providing integrity/confidentiality services."
  Does anyone understand the argument?
  Is it:
  A. Because you don't want/need to "double bag" your secure communications?
  B. Because it's an additional expense and other options are cheaper?
  C. Because it's difficult to configure properly?
  D. Because for some unknown reason it's not possible to use PKI with all your clients?
  E. Some other reason?
  F. All of the above?
  I just want to know which method is superior or inferior and under what options I might go for one and not the other.

  Hi,
  let me try an answer, others please comment:
  I understand the first sentence this way: "Use OAS when there are clients that don't support SSL"; if you need to provide encryption/integrity for these clients regardless, OAS provides native, non-SSL-based network encryption/integrity that is extremely easy to switch on; see here:
  http://www.oracle.com/technology/obe/11gr2_db_prod/security/network_encrypt/ntwrkencrypt.htm
  The 2nd sentence says that you don't have to double bag; if IPSec is in place (and properly configured), OAS doesn't need to encrypt SQL*Net traffic one more time.
  Hope this helps,
  Peter

• Securing our customer database

  Please,
  We're concerning about securing our database customer 10g/windows base
  The fact is that we're not admin of the server(own by the customer), but databases within are installed and administered by us. but we need to secure:
  1. our dump file ( now using windzip 11 with passwd)
  2. data files as well as the whole database to prevent the server admin to connect to the database ( we remove admin user from ORA_DBA group and changed the SQLNET.AUTHENTIFICATION_SERVICES to NONE)
  3. We also locked most of some default account
  Does anyone have ideas on how we should control our database?
  or a nice link related to database security or good book that I can Read?
  Thank you

  Certainly, it is pretty hard to protect your environment from the sysadmin in a windows or a unix like environment, since this role has access to every single byte in your database. It is pretty lengthy to try to explain a whole strategy to protect your environment, but at a glance it would be to classify your information and encrypt the most sensitive data. You can also, starting from 10gR2 use database backup encryption.
  I suggest you to refer to the advanced security for further technical details:
  Oracle® Database Advanced Security Administrator's Guide
  10g Release 2 (10.2)
  Part Number B14268-02
  You may consider techniques such as using label security.
  Oracle® Label Security Administrator's Guide
  10g Release 2 (10.2)
  Part Number B14267-02
  There are many other advices you can read at the advanced security manual
  ~ Madrid
  http://hrivera99.blogspot.com/

• HT4557 We have a wired in network in our house, we also have an apple airport for use with my ipad/our ipods/iphones, etc.  Can we use home sharing if our desktops do not have wifi?

  Hi,
  this is my first time on the support board, so hopefully I'm doing this correctly.  We have 3 desktop computers in our family, which are wired in with ethernet cables.  We also use the cables with our laptops (we have various connections throughout the house)  I have an iphone, and an ipad, my boys have ipod touches.  I purchased an airport router to use when I'm using my ipad, etc.  The boys and I would like to be able to share apps that we have purchased.  I'm wondering if there is a way to use home sharing in our situation.
  thanks!

  Have a look here...
  http://macmost.com/setting-up-multiple-ios-devices-for-messages-and-facetime.htm l

• How can I use home sharing between our iphones (create playlists from both accounts at once)

  How can I use home sharing between our iphones, so that we can create playlists with songs from both of our libraries?  We share a Macbook Pro (separate accounts) and each have the new iphone, but when I have my iphone and try to create a new playlist, I can only grab songs from one account.  Is there a way to create a playlist using both accounts since we are sharing?
  Does it have to be created within iTunes first on our Mac?

  The short answer: because Home Sharing isn't designed for sharing apps, and apps aren't designed to be shared.
  The longer answer:  Think of it like this...
  You download some music in iTunes.  With Home Sharing, another user can listen to it by streaming it over the network.  But the data itself is on your computer.  If you turn off the computer or take it off the network, the other user can't access it.
  But if you send another user the app, they aren't just streaming the data- they installed it on their iOS device.  Because they weren't the one that purchased it, such a transfer could easily be considered "piracy" or "stealing," and nobody likes that (least of all, Apple). 
  When iTunes sees this app, it obviously recognized it, as if saying, "Hey, how did you get this app on your device, if I have no record of you purchasing/downloading it from the iTunes store?"
  post edited to correct spelling errors

• My wife and I each have an apple ID and share one macbook pro. Is it possible to use the iCloud on our shared macbook pro and our two separate iPhone 5's and not get each others information confused?

  My wife and I each have an apple ID and share one macbook pro. Is it possible to use the iCloud on our shared macbook pro and our two separate iPhone 5's and not get each others information confused?

  Once you setup your wife's account you can enable fast user switching to make it easy to switch accounts:
  OT

• Me and my wife both have iPhone for iTunes I use same laptop now our contacts are all mixed up. I want to delete our old synchronize a/c. To start up freshly. How can I do that?

  Me and my wife both have iPhone for iTunes I use same laptop now our contacts are all mixed up. I want to delete our old synchronize a/c. To start up freshly. How can I do that?

  Anyone at all can advise- still not sorted :-(

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• I am the founder of a non-profit organization, a donor had just given us her used iBook G4.  What do I need to do to wipe out her "stuff", change username and password, start all over new.  We will use this iBook in our learning center in Saigon, Vietnam

  To good citizens of the MAC world,
  I am the founder of a non-profit organization, we are caring for 6,200 orphans and street kids in Vietnam.  A donor had just donated her used iBook G4 for us to use in one of our several "learning centers" in Vietnam.  Folks sometimes donating PC but this is the first time we ever received a MAC.. :-)  I would like to know how to start this iBook all over new: change username and password.  I am looking so forward to bring it to Saigon in a few days and let our children experience MAC ... I am a 2 years MAC users and I have no intention to return to the Dark side.  Please help. I have the original OS disk.  Thank you so much.

  There should be no need to zero the hard drive.
  Using the Restore discs that came with the iBook when it was new, restore the system software using the appropriate instructions which you can find through a link contained in this Apple Knowledge Base article:
  http://support.apple.com/kb/HT1561?viewlocale=en_US
  Good luck with it.

• I have an HP Laserjet 5m monochrome printer that I have used for years with our three Mac computers

  HP Laserjet 5m monochrome printer C3917A (1997)
  Operating system: OSX 10.7.4
  Error message: Printer busy
  No known changes made to system or configuration
  I have an HP Laserjet 5m monochrome printer that I have used for years with our three Mac computers (two on OS X Lion and one on  Leopard). I'm using ethernet to connect to a router and then my computer (although I have also tried to connect directly to no avail.) We went away for 2 weeks, returned and got “Printer busy” for all 3 computers. I reset the printer to factory settings. Same problem. By the way, the printer says READY. I then went to System prefs and clicked ‘–‘ in the Print & Scan section to remove the printer. When I tried to add back the printer, nothing shows up. I now remember that this may be because the means of communicating with the printer has now changed and that I had found the printer by somehow adding its address settings (or something). Can anyone help me to reconnect with the printer? 
  This question was solved.
  View Solution.

  Download and install this: http://support.apple.com/kb/DL907
  Reset the printing system:
  - Go to System Preferences > Print & Scan
  - Right (or control) click in the rectangle listing your printers and select Reset Printing System.
  WARNING - this will delete ALL of your printers!
  - Select the plus sign to re-add a printer. Select the Defualt tab on the top of the window. Look for the printer, select it and wait until the "Add" button becomes available. Click it.
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP

• How do I reconnect using SSL/TLS security in Dreamweaver using Windows 7?

  I am using an old version of Dreamweaver on Windows 7.  When I try to upload a file, I get a message saying that I need to reconnect using SSL/TLS security mechanisms.  Is this a setting in Dreamweaver or Windows 7?  Thanks for any help or suggestions.

  It sounds like it is a requirement of the server, not Dreamweaver or Windows7
  Dreamweaver, even older versions, can connect using both FTP and SFTP. But SSL/TLS are on the HTTP protocol, not FTP, so I don't understand why you would get such an error using DW file upload.

• Completion Insight not working correctly when using Enterprise User Security (EUS) logon

  This is a pre existing issue we've experienced with SQL Developer, though I've only just worked out what is causing the issue it is present in previous versions of the tool, up to the current 4.0.EA2.
  We experience issues with the Completion Insight functionality of SQL Developer.
  When we log into a database using Enterprise User Security i,e authenticating against OID, the schema of the database account is prefixed to any reference to public synonyms, ie all user_%, all_%, dba_% and v$% views.
  When I change the authentication of the database account back to normal database authentication the schema prefix correctly isn't shown. It simply suggests the synonym name of the views.
  An example of this is as follows when attempting to query the DBA_TABLES view:
  The database account is ORADBA and has DBA privs.
  The EUS user that is mapped to the ORADBA schema is dbutler.
  The ORADBA user is configured to authenticate externally (against OID).
  I login with my dbutler directory credentials:
  If I start typing:
  select * from dba_tabl
  The object name is suggested as ORADBA.dba_tables
  If I change the authentication of the ORADBA account back to database authentication, the prefix is no longer present.
  i.e If I start typing:
  select * from dba_tabl
  The object name is suggested as dba_tables

  If you're not using DB 10.2 this is the "expected" behavior for the DB. See also metalink note 351170.1 "Enterprise Users Can Connect to a Database when the OID Account is Disabled"
  regards,
  --Olaf                                                                                                                                                                                                                                                                                                                                                                                                                   

• I have a question about using multiple ipads in our school.  Each of our teachers have a iPad and AppleTV in their classroom.  The issue is, with our classrooms so close in proximity to one another, is there a way to pair teacher

  I have a question about using multiple ipads in our school.  Each of our teachers have a iPad and AppleTV in their classroom.  The issue is, with our classrooms so close in proximity to one another, is there a way to pair teacher #1 iPad to its AppleTV without effecting/projecting onto the adjacent teachers #2 classroom AppleTV?

  Not as such.
  Give the AppleTV units unique names and also enable Airplay password in settings with unique passwords for each teacher.
  AC

• Expanding "Roles" to edit ADF BC Entities using ADF BC Security

  hi,
  I created a test application using the ADF Business Components Technology stack.
  I wanted to use "ADF BC Security" instead of "ADF Security" as we encountred problems with "ADF Security" ...
  I also configured the ADF BC module to enforce the security etc... as mentionned in the JDev developer's guide.
  the problem:
  I wanted to edit the authorization for a given BC entity, by right clicking on the entity then choosing edit > authorization > new > read, update, update when new > chose "role"
  the problem is that I always find 6 roles:
  oc4jadmin, as_control ,etc.....
  I edited the system-jazn-data.xml to add my "own" roles , but they do not appear in the list of choice of roles, when I want to edit the entities authorization as mentionned above.
  can someone help please?
  thank you.

  thank you Frank for the answer. but it does not solve the problem.
  I know where tofind the system-jazn-data, i even find 3x "system-jazn-data.xml" in the JDev 1032 folder. I even inserted my "own" roles into these 3 files to see, maybe it works. but not.
  after restarting JDev 1032 , the problem persists, I still can not list my own roles when I edit the authorization of an ADF BC Entity.
  can somenone help please?
  thank you.
  PS: here the extract of my system-jazn-data.xml, with the "own roles" in bold:
            <roles>
                 <role>
                      <name>oc4j-administrators</name>
                      <display-name>OC4J Admin Role</display-name>
                      <description>Administrative role for OC4J</description>
                      <guid>5280445217CB11DCAF10CD54D443D9D4</guid>
                      <members>
                           <member>
                                <type>user</type>
                                <name>oc4jadmin</name>
                           </member>
                           <member>
                                <type>user</type>
                                <name>JtaAdmin</name>
                           </member>
                      </members>
                 </role>
                 <role>
                      <name>ascontrol_appadmin</name>
                      <display-name>ASControl App Admin Role</display-name>
                      <description>Application Administrative role for ASControl</description>
                      <guid>5280445617CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>users</name>
                      <display-name>users</display-name>
                      <description>users role for rmi/ejb access</description>
                      <guid>5280445417CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>ascontrol_admin</name>
                      <display-name>ASControl Admin Role</display-name>
                      <description>Administrative role for ASControl</description>
                      <guid>5280445517CB11DCAF10CD54D443D9D4</guid>
                      <members>
                           <member>
                                <type>user</type>
                                <name>oc4jadmin</name>
                           </member>
                      </members>
                 </role>
                 <role>
                      <name>ascontrol_monitor</name>
                      <display-name>ASControl Monitor Role</display-name>
                      <description>Monitor role for ASControl</description>
                      <guid>5280445717CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>my_own1</name>
                      <guid>E460913021EA11DC8F0A77098E9E0856</guid>
                      <members>
                      </members>
                 </role>
                 <role>
                      <name>oc4j-app-administrators</name>
                      <display-name>OC4J Application Administrators</display-name>
                      <description>OC4J application-level administrators</description>
                      <guid>5280445317CB11DCAF10CD54D443D9D4</guid>
                      <members>
                      </members>
                 </role>
            </roles>