Web Security product

Similar Messages

• Downloads for different products e.g., Crawler Web Security won't take

  I attempted to download different toolbars and products such as from Crawler's Spyware and Web Security without any luck. It goes through the usual set-up windows and a window opens up to say that the downloads have been successfully completed. I cannot find them!

  Does the ext directory have the php_oci8.dll? In the original steps the PHP dir is renamed. In the given php.in the extension_dir looks like it has been updated correctly. Since PHP distributes php_oci8.dll by default I reckon there would be a very good chance that the problem was somewhere else. Since this is an old thread I don't think we'll get much value from speculation.
  -- cj

• Warning System spameater Unable to connect to Cisco Web Security Service.; URL Filter...

  My C670 ESA's have been throwing these alerts intermittently for the past few days, anyone else seeing them?
  The Warning message is:
  Unable to connect to Cisco Web Security Service.
  URL Filtering will not work correctly.
  Please verify all network, proxy and firewall settings.
  Connection to "v2.sds.cisco.com" failed.
  The last error seen on this connection: "Request failed with code: 28 (Connection time-out)"
  Version: 8.5.6-092
  Looks like it is open on port 443 and currently up.  Hitting it with a browser gives me:
  https://v2.sds.cisco.com/
  After an error or two they go away and appear OK.   
  Checking the logs I don't see a way to verify URL lookups are working, is there a way?
  Also, I setup URL filtering six months ago and had it set to only trigger on (-10)-(-9.5) and saw about an 80% false positive.  It has improved over the past six months drastically but still catching mostly advertising URLs and allowing all phishing URLs right through.  I've yet to see it block a phishing URL.
  Jason

  After lots of trial and error, I was able to eliminate this problem.  What I wound up doing is defining the XE service again in the listener.ora file:
  SID_LIST_LISTENER =
    (SID_LIST =
      (SID_DESC =
        (SID_NAME = XE)
        (ORACLE_HOME = C:\ProgramData\oraclexe\app\oracle\product\11.2.0\server)
  I know that typically you should not have to do this, especially since I already had defined DEFAULT_SERIVCE_LISTENER = (XE) at the bottom of the listener.ora file.  Explicitly defining the XE service in the listener.ora file allows the listener to find it while the system is running under the Cisco AnyConnect VPN.  The only hiccup I found by doing this is that the XE service is discovered twice by the listener when the system is NOT running under the Cisco AnyConnect VPN.  It still works OK.  The listener just seems to ignore the repeated definition of the XE service (see output below):
  C:\ProgramData\oraclexe\app\oracle\product\11.2.0\server\bin>lsnrctl service
  LSNRCTL for 32-bit Windows: Version 11.2.0.2.0 - Production on 13-JUN-2013 10:03:15
  .......(omitted output).......
  Service "XE" has 2 instance(s).
    Instance "XE", status UNKNOWN, has 1 handler(s) for this service...
      Handler(s):
        "DEDICATED" established:0 refused:0
           LOCAL SERVER
    Instance "xe", status READY, has 1 handler(s) for this service...
      Handler(s):
        "DEDICATED" established:0 refused:0 state:ready
           LOCAL SERVER
  Service "XEXDB" has 1 instance(s).
    Instance "xe", status READY, has 1 handler(s) for this service...
      Handler(s):
        "D000" established:0 refused:0 current:0 max:1022 state:ready
           DISPATCHER <machine: DEV-M-137GF, pid: 5544>
  (ADDRESS=(PROTOCOL=tcp)(HOST=DEV-M-137GF.paychex.com)(PORT=58257))
  The command completed successfully
  If anyone has a cleaner solution for this problem, please let me know.  Otherwise, I am moving forward with what I did.
  Thanks.....Paul

• Minimum Number of registered custom id:s/numbers to be registered for purchasing all F-secure products from network

  How many custom-id:s / custom-numbers etc. customer has to register(minimum)in order to purchase All f-secure products on ALL possible platforms?

  The list of consumer fs-profucts i'm interested in can be found here(all of them,all possible platforms),i quess
  https://www.f-secure.com/fi_FI/web/home_fi/downloads
  from my point of view,the "desired state" would be the possibility to administer these products(licences etc) with single user-id and one customer number (sso-login etc..)
  In the meantime,it's Okey,if you'll try to keep these in minimum..

• Ask the Expert:Cisco Web Security

  With Ryan Wager
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about design, configuration and troubleshooting of the Cisco Web Security Solutions including Cisco Ironport WSA and Cisco ScanSafe with Cisco experts Kiran Sirupa and Ryan Wager. Kiran Sirupa is a technical marketing engineer in the product marketing team for the Cisco IronPort Web Security Appliance product line. He also works on documentation, partner ,and system engineering training. Kiran has been working in the Cisco Security Technologies group for more than six years. Ryan Wager is a technical marketing engineer at Cisco in the product management team for the ScanSafe Web Security platform. He is heavily involved with the product's integration with the Cisco Integrated Services Router Generation 2 platform, along with documentation, training, and testing of all new products and features. Before joining the product management team, Wagner spent two years as an implementation engineer helping ScanSafe's largest customers implement the platform into their networks.
  Remember to use the rating system to let Kiran and Ryan know if you have received an adequate response.  
  They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security sub-community, discussion forum shortly after the event. This event lasts through October 7, 2011.. Visit this forum often to view responses to your questions and the questions of other community members.

  Yes, the IronPort WSA will support all the security functions including Anti-Virus, Anti-Malware, Anti-Spyware, Web Reputation when working in conjunction with an existing proxy.
  There are two conditions:
  1. WSA acts as an upstream proxy - In this case, the authentication will be handled by your existing proxy, but the WSA is the first layer of defense. The WSA will perform a lookup in its web reputation database based on the destination. Also, The WSA can scan the http response with Anti-Virus, Anti-SpyWare and Anti-Malware software. However, since the WSA doesn't have user authentication information, you can only apply global controls for Acceptable Use.
  2. WSA has to go through an existing upstream proxy - In this case, the WSA has all the security functionality. In addition, it also handles the authentication. Hence, you can apply role based controls.
  You may refer to the following links for more information:
  WSA Product Literature: http://www.cisco.com/en/US/products/ps10164/prod_literature.html
  Cisco Security Reports: http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html
  Cisco Security Intelligence Operations: http://tools.cisco.com/security/center/home.x

• Ask the Expert: Service Delivery Manager for Cloud Web Security with Alex Chan

  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the recommended practices for Cisco Cloud Web Security (CWS).  Cisco Cloud Web Security (CWS) provides industry-leading security and control for the distributed enterprise, with Cisco expert Alex Chan.
  October 27, 2014 through November 7, 2014.
  Learn how users are protected everywhere and anytime, when using CWS through Cisco worldwide threat intelligence, advanced threat defense capabilities, and roaming user protection. Create a virtual space to learn and ask questions about best practice when implementing Cloud Web Security offerings for various customer requirements and environments. Alex will also answer questions about Easy ID, CWS as SAML Service Provider, Deployment Options (such as ASA, ISR, WSA, Workgroup based Connector and AnyConnect Web Security agent.
  Remember to use the rating system to let Alex know if you have received an adequate response.
  Because of the volume expected during this event, Ali might not be able to answer each question. Remember that you can continue the conversation on the Security community, sub-community shortly after the event. This event lasts through November 7, 2014. Visit this forum often to view responses to your questions and the questions of other community members.

  Cisco CWS platform is one of the Cisco products that maintain collaboration with Cisco PSIRT, and there are few security vulnerabilities related to CWS were being monitored by PSIRT, which you can find out more about in: http://tools.cisco.com/security/center/home.x#~blog.
  Another Cisco entity known as "SenderBase" that is powered by Cisco Security Intelligence Operations (SIO) will provides a view into virus threat intelligence collected from CWS cloud traffics. For more information about "SenderBase", please visit this web site: http://www.senderbase.org

• Security product standard guidelines

  Hi
  Can some one help me out in giving the information about maintaining the security product standard in web dynpro java applications.
  Regards
  Sudheer varma

  Hi,
  for maintaing scurity using web dynpro for abap :[http://help.sap.com/saphelp_nw04s/helpdata/en/af/0489ce55002f44a8c927371bedf719/content.htm]
  security standards of webdynpro for java:[http://help.sap.com/saphelp_nw04/helpdata/en/15/0d4f21c17c8044af4868130e9fea07/frameset.htm]
  [http://www.securitytracker.com/alerts/2008/May/1020097.html]
  hope it hlps..
  Regards,
  Khushboo

• Mobile Web Security

  What is the piece of the WSA product that allows my mobile clients to be monitored and protected from the web threats when not on the local network? Is it just WSA cloud security?
  How does this work? Do I push my local network WSA policy to a web based controller to replicate my organization policy and they sync to the cloud for it?

  You can get mobile clients covered a couple of ways:
  1. in a 'hybrid' mode, where you put the web client module on them (part of Anyconnect), which redirects traffic to the Cisco Cloud Web Security.  There is a seperate license for this.
  2. When vpn'd in via Anyconnect, you can tell the ASA to change the client's proxy settings to go to the WSA and they'll use the WSA's explicit mode to get filtered (explicit mode is always enabled on a WSA, even if you're using WCCP...)  This doesn't cover then when they aren't VPN'd in...

• Demo License for Virtual Image of Web Security

  Hello,
  I had downloaded the latest image for Virtual WSA.
  But I am not able to get the demo  license for that.
  It is showing the message "Access to the page resitricted."
  Thank you -- and you helpp will be appriciated..
  regards
  Hozefa

  Hello,
  You should have privileges as long as you are logging into the site using your CCO ID. If you do not have one please register for a CCO ID on www.cisco.com and you should have access to get a demo license. If you are logging in with your CCO ID and its still giving you the error message then you will need to reach out to your Cisco Account manager to provide the demo license. I apologize for any inconvenience this causes.
  Best Regards,
  Michael Hautekeete
  Customer Support Engineer
  Cisco Content Security - Web Security Appliance
  http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
  https://supportforums.cisco.com/community/netpro/security/web
  https://supportforums.cisco.com/community/feeds?community=2091

• Web Security Essentials

  Hi,
  We purchased a Cisco ASA5512- 250 VPN Bundle, we want to evaluate Web Security Essentials so have purchased the SSD120 disk and installed into the hot plug slot. I am now struggling to find out what to do next, is there a software package I need to install into the ASDM, there isn't a great deal of information on this topic on the forums. If someone could point me to how the best way to get this running. The firewall is not in production as yet but need to get this installed ASAP.
  Thanks In Advance

  Hi Paul,
  1. HTTPS decryption is currenty not supported. It's in a roadmap and should be supported in one of next SW releases.
  2. CDA is mapping ad-user to machine IP as you already wrote. So if users are sharing same IP (in a terminal server environment for example) this is not supported configuration. I'll try to find out if there is someting in the roadmap.

• How to determine which of the Oracle security products have been installed

  Hello!
  I would like to determine whether or not the Oracle security products have been installed for an Oracle database.
  The Oracle security products are:
  * Oracle Database Vault
  * Oracle Audit Vault
  * Oracle Configuration Management
  * Oracle Total Recall
  * Oracle Advanced Security
  * Oracle Data Masking
  * Oracle Label Security
  * Oracle Secure Backup
  * Oracle Database Firewall
  So what I thought is to look at the "DBA_REGISTRY" table which displays information about the components loaded into the database.
  But on the other hand there also is the "V$OPTION" view which lists database options and features.
  Does anybody know, how I could correctly determine whether or not each of the product is installed?
  I guess for "Oracle Database Vault" I should query V$OPTION, but what should I do with the other ones? And in case DBA_REGISTRY would be the right table, how would the comp_ids look like for the products?
  SELECT 'Oracle Database Vault' , nvl( (SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault'),'FALSE') FROM sys.dual
  OR
  SELECT 'Oracle Database Vault' , nvl2( (SELECT 'valueFound' FROM DBA_REGISTRY WHERE comp_id = '??????' AND status NOT IN ('INVALID', 'REMOVING' , 'REMOVED')),'TRUE','FALSE') FROM sys.dual
  Thanks in advance
  Kai

  Hi kai;
  There are some script avaliable on net, first please check them and run it on test server first!
  http://www.google.com.tr/#hl=tr&biw=1259&bih=793&q=installed%2Bproducts%2Boracle&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=71a534c4a5161590
  Secondly you can check oraInventory and also oratab file or you can run runInstaller and can check Installed product tab on installation screen
  Regard
  Helios

• SAP.Web.Security.TicketException: MYSAP_INVALID

  We recently updated our portal to the following:
  J2EE Engine 6.40 PatchLevel 108290.313
  Portal 6.0.20.0.0
  Previously sap.web.security dll worked fine but now I get this exception
  SAP.Web.Security.TicketException: MYSAP_INVALID
  I have tried all the suggestions in this forum and nothing works.  Does anyone have the orginal source code for this dll or a working solution ?
  the following code does get the ticket if I remove the handler from the web.config.....
              Dim cookieString As String = HttpUtility.UrlDecode((Request.Cookies("MYSAPSSO2").Value).Replace("!", "%2B"))
              Dim ticket As SAP.Web.Security.MySapSso2Ticket = New SAP.Web.Security.MySapSso2Ticket("verify.pse", cookieString)
              Dim objUsr As SAP.Web.Security.MySAPSso2Identity = New SAP.Web.Security.MySAPSso2Identity(ticket, cookieString)
  so why does the handler fail ?  driving me crazy.

  Ok so I added the code to the wiki in the attachment area. Hopefully Wiki mods don't delete it.  This works perfectly for our purposes and config.
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/snippets/home&
  SSOTest.rar.jpg
  PortalSecurity.rar.jpg
  Right Click and save the files then remove the .jpg extension.  Open with WinRAR or Winzip.
  You will have to generate your own public key so take a look at the assemblyinfo.vb file.
  Steps to create your own public key
  C:DevelopmentPortalSecurityKeyFile>sn -k keyfile.snk
  Microsoft (R) .NET Framework Strong Name Utility  Version 1.1.4322.573
  Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
  Key pair written to keyfile.snk
  C:DevelopmentPortalSecurityKeyFile>sn -p keyfile.snk publickey.snk
  Microsoft (R) .NET Framework Strong Name Utility  Version 1.1.4322.573
  Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
  Public key written to publickey.snk
  C:DevelopmentPortalSecurityKeyFile>sn -t publickey.snk
  Microsoft (R) .NET Framework Strong Name Utility  Version 1.1.4322.573
  Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.
  Public key token is [should display your Public Key Token]
  Other config...May not be necessary as you can change the code to do whatever you want.
  - Note 442401 - Web server filter for SSO to third-party systems
    (https://service.sap.com/sap/support/notes/442401)
  Extract the zip file attached to this SAP Note.  Follow the instructions in the SAP Note and the instructions in the "filterdocs" directory of the unzipped files. 
  For our environment, I copied the iss6_sso.dll (for IIS 6) and the verify.properties files into the "inetpubscripts" directory.  (There is a "verify.properties" file attached tot the source for your reference).  Note the reference to a verify.pse file in the 'verify.properties' file.  It should point to wherever the verify.pse file is, which in our case is "c:secverify.pse".   I also copied the WPSSO_V3.DLL file from the "C in
  ti386" directory to the system32 directory. 
  - Note 304450 - Single-Sign-On with SAP logon tickets in non-SAP systems
    (https://service.sap.com/sap/support/notes/304450)
  This SAP Note points the developer to SAPSSOEXT in SAP's software download area.  Use SAPCAR to unzip the downloaded file and follow the instructions in this SAP Note and the instructions in the DOCS directory (a PDF and a README.TXT file). 
  PDF Note:  The comments portion of the MySapEvalLogonTicketEx function declaration (Section 3.2 of the PDF) indicates that an environment variable named SSF_LIB must be created/exist.  It should point to the location of the SSF-compliant security library (ie: SAPSECU.DLL in the system32 directory).

• Mexico Digital invoice - SSF without an External security product

  Hi All,
  We are in the process of implementing Digital Invoice for Mexico. I have few queries regarding this.
  1. Can the digital signature be achieved with out any external security product ?
  2. If it is possible, then will it comply with the legal requirements for Mexico.
  I came across a SAP document wherein it was mentioned that "If you are using the user signature as the signature method, you require an external security product that is connected to your SAP system through SSF." Does  it mean that SAP standard SAPSECULIB supports only system signature  and not user signature ?
  Any pointers regarding the digital Signature implementation steps will be appreciated.

  Hi Sri,
  Would you pls check the installation of the security toolkit on your application server?
  Which security product do you use?
  The standard security product is SAPSECULIB (library sapsecu.dll).
  Please check the SSF initialization messages which are contained in each dev_w## developer trace (transaction ST11). When successful, the initializaion messages look like this:
  N  =================================================
  N  === SSF INITIALIZATION:
  N  ===...SSF Security Toolkit name SAPSECULIB .
  N  ===...SSF trace level is 0 .
  N  ===...SSF library is /usr/sap/<SID>/SYS/exe/run/sapsecu.dll .
  N  ===...SSF hash algorithm is SHA1 .
  N  ===...SSF symmetric encryption algorithm is DES-CBC .
  N  ===...sucessfully completed.
  N  =================================================
  General information for SAPSECULIB can be found in SAP note 354819.
  Best regards,
  Christoph
  P.S.: Please reward points for useful information.

• Cisco ISE or NAC Guest with web security (IronPort) integration

  All,
  We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.
  Has anyone there implemented such scenario?
  Thank you!

  I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?
  Thank you!

• Adding SAN through web-security and Creating CSR for Tomcat (CUCM 10.5) to be signed by Third Party CA

  Hi Guys,
  Wondering if Any one has done this or could suggest the needful,
  We are running CUCM 10.5 cluster and currently using self-signed certificate for Tomcat. Now, we would like to get it signed by Third party CA.
  Just to be clear that we are doing this for Jabber clients so they should not get prompted for certificate Invalid.
  Now the issue; The CUCM is using IP address as hostname and for that reason we had to add the desired IP address under SAN (alternate name) through set web-security command. We did that successfully and restarted the Tomcat service and when we run the Show web-security command, it does show the added SAN;
   altNames: 2 names
            1) UCS-CUCM-UB.domain (dNSName)
            2) 10.x.x.x (dNSName)
  But when we try to generate the new CSR, it didn't contain the modified SAN, just the first one i.e only 1) UCS-CUCM-UB.domain (dNSName)
  Is there anything we missed here to get the added SAN being populated in the new CSR ?
  Regards
  M

  Hi Gordon,
  Thank you for your prompt response. For recommendation, you are right but we don't want to initiate that change for now unless, there is no other option left.
  While Generating new CSR, under SAN, there is only Parent Domain field which is populated with our domain name. How should I add the IP address there ?
  Regards