Any other ePO users curious why clicking Edit on a saved query never leads to a Save button, but just a Run button run the edited query?
After a few months of using the tool, I finally figured out the mystery meat user interface design trick... you need to click on the bar in the middle of the page that mentions "Unsaved Query...." and only THEN will that run button on the bottom right turn into a Save button.
Sunday, June 27, 2010
Monday, June 21, 2010
im.match.com
Seriously... dear coworkers, I'm all for you getting a date, but that I have to give a second thought to what might possibly be getting transmitted over what I have to assume is match.com's instant messenger sorta annoys me.
Love,
SR
Love,
SR
Saturday, June 5, 2010
Bluecoat -- a four letter word for this week.
Bluecoat web proxy gateways are nifty devices..do some handy things doing inline AV of all web requests, and can decrypt SSL in line as well.
They're swell until someone in your organization wants their Citrix ICA client to connect to an external provider of some sort and that external provider uses the secure ICA cruft of tcp/443. If you're an explicit proxy shop, be prepared for the device to drive you nuts trying to decode that TLS stream thinking it's standard SSL. It's not... and it'll quietly just not work. Still haven't gotten it working and am bypassing the proxy for that traffic for now.
Also, it really sorta blows when you have a device that's licensed for 1200 concurrent users, but you start seeing CPU peg at 100% at just 330 concurrent users. Apparently it's rated at 25Mbps. The day after memorial day, people seemed to be feeling a bit surfy and were pushing 30-60Mbps through ours all day. This was not a good way to find out we were sold boxes that weren't sized appropriately for our environment. Guess we get to pay them more to fire up our cold spare and do some load balancing between them in order to have some margin.
They're swell until someone in your organization wants their Citrix ICA client to connect to an external provider of some sort and that external provider uses the secure ICA cruft of tcp/443. If you're an explicit proxy shop, be prepared for the device to drive you nuts trying to decode that TLS stream thinking it's standard SSL. It's not... and it'll quietly just not work. Still haven't gotten it working and am bypassing the proxy for that traffic for now.
Also, it really sorta blows when you have a device that's licensed for 1200 concurrent users, but you start seeing CPU peg at 100% at just 330 concurrent users. Apparently it's rated at 25Mbps. The day after memorial day, people seemed to be feeling a bit surfy and were pushing 30-60Mbps through ours all day. This was not a good way to find out we were sold boxes that weren't sized appropriately for our environment. Guess we get to pay them more to fire up our cold spare and do some load balancing between them in order to have some margin.
Tuesday, May 25, 2010
McAfee: run an insecure browser so you can run our Enterprise Security Console!
So McAfee's much ballyhooed ePolicy Orchestrator -- the central management console for all McAfee's security tools--is a web-based interface that has a few pages that are broken in Firefox 3.6.3. Being the "they can't fix what they don't know about" helpful guy I am, I wanted to report the bug to McAfee. Little did I know that my deed for the greater good was about to rob me of 3 hours of my life and make me want to bang my head on the desk. Or create a blog to capture such rants.
So I _call_ McAfee's Gold support--which in the past has been my best hope of getting someone with a decent clue quotient and command of my native language. I am fortunate and get a guy who's fired up, understands the page I'm talking about, allows me to email him the screenshots I took showing a page that doesn't function at all in FF, and is quickly able to reproduce the issue with Firefox 3.6.3 and an even later version of the ePO and VirusScan Enterprise software than I have installed. We're at about 50minutes into the call when I say "Great! Can we log the bug now?'
I'm put on hold for 8 minutes and the guy returns to the phone, with a different tone, and seemingly defeated, has to report to me that he's unable to log the bug. And he emails me a link to the ePO supported platforms (kb51569) and inviting me to submit a product enhancment request (KB60021). Turns out their officially supported browsers are IE6/7/8 and Firefox... um... 3.0. Because Firefox 3.6 isn't on that list, he couldn't file a bug report.
Which of course elicited a rant I knew this guy wasn't positioned to address but needed to be voiced all the same:
"So you're telling me that McAfee, a purportedly market leading security company, is telling me an information security professional that I'm expected to run a web browser with widely known critical vulnerabilities that no self respecting infosec person has touched in 18 months (for fear of drive by downloads which by the way your AV product is pretty poor at detecting) in order to use your enterprise _security_ console? And that I need to file a product enhancement request if I want this page fixed?
Of course the answer was a sheepish yes, "or you can use IE8."
And sadly, the heinousness didn't end there.
So I try to be a good soldier, understand that platform qualification for a company McAfee's size is a sticky wicket and takes a lot of QA time (which apparently is in short supply there given recent events), and I submit the product enhancement request per their KB60021 instructions. For VirusScan enterprise enhancements you end up at a third party site https://mcafee.acceptondemand.com/ that requires registration. I roll my eyes a bit, register, get the confirmation email. Try to login in Firefox, and it won't work. Try in IE8... and it won't work either... but _it_ wants to download an ActiveX control.
An ActiveX control? From a third party website I've never heard of? To submit a feature request for a market leading endpoint security company? Ironically about lack of Firefox support?
Fail. Times 2.
At this point I gave up and emailed my (sympathetic) sales contact about how crazy it was.
Ultimately my ticket was transferred to another support technician who offered to submit the FMR for me (Feature Modification Request, but it's more fun to think of it in terms of an exasperated "Well, F* Me Running"). Though he had to make it generic requesting Firefox 3.6 support.
And I'm sure by the time they officially support that, I'm sure it'll be an abandonned branch of FF with several unpatched critical vulns too.
Corollary: This makes a good argument against web based security consoles in favor of rich clients. On the other hand, that'd invariably be developed in Java ... and only certified to run on critically vulnerable versions of the JVM.
Forget it, we're doomed.
So I _call_ McAfee's Gold support--which in the past has been my best hope of getting someone with a decent clue quotient and command of my native language. I am fortunate and get a guy who's fired up, understands the page I'm talking about, allows me to email him the screenshots I took showing a page that doesn't function at all in FF, and is quickly able to reproduce the issue with Firefox 3.6.3 and an even later version of the ePO and VirusScan Enterprise software than I have installed. We're at about 50minutes into the call when I say "Great! Can we log the bug now?'
I'm put on hold for 8 minutes and the guy returns to the phone, with a different tone, and seemingly defeated, has to report to me that he's unable to log the bug. And he emails me a link to the ePO supported platforms (kb51569) and inviting me to submit a product enhancment request (KB60021). Turns out their officially supported browsers are IE6/7/8 and Firefox... um... 3.0. Because Firefox 3.6 isn't on that list, he couldn't file a bug report.
Which of course elicited a rant I knew this guy wasn't positioned to address but needed to be voiced all the same:
"So you're telling me that McAfee, a purportedly market leading security company, is telling me an information security professional that I'm expected to run a web browser with widely known critical vulnerabilities that no self respecting infosec person has touched in 18 months (for fear of drive by downloads which by the way your AV product is pretty poor at detecting) in order to use your enterprise _security_ console? And that I need to file a product enhancement request if I want this page fixed?
Of course the answer was a sheepish yes, "or you can use IE8."
And sadly, the heinousness didn't end there.
So I try to be a good soldier, understand that platform qualification for a company McAfee's size is a sticky wicket and takes a lot of QA time (which apparently is in short supply there given recent events), and I submit the product enhancement request per their KB60021 instructions. For VirusScan enterprise enhancements you end up at a third party site https://mcafee.acceptondemand.com/ that requires registration. I roll my eyes a bit, register, get the confirmation email. Try to login in Firefox, and it won't work. Try in IE8... and it won't work either... but _it_ wants to download an ActiveX control.
An ActiveX control? From a third party website I've never heard of? To submit a feature request for a market leading endpoint security company? Ironically about lack of Firefox support?
Fail. Times 2.
At this point I gave up and emailed my (sympathetic) sales contact about how crazy it was.
Ultimately my ticket was transferred to another support technician who offered to submit the FMR for me (Feature Modification Request, but it's more fun to think of it in terms of an exasperated "Well, F* Me Running"). Though he had to make it generic requesting Firefox 3.6 support.
And I'm sure by the time they officially support that, I'm sure it'll be an abandonned branch of FF with several unpatched critical vulns too.
Corollary: This makes a good argument against web based security consoles in favor of rich clients. On the other hand, that'd invariably be developed in Java ... and only certified to run on critically vulnerable versions of the JVM.
Forget it, we're doomed.
Subscribe to:
Posts (Atom)