CCNA Topics

5 Ways to Re-enable Registry Editor When Disabled By Virus

We have already discussed how to re-enable task manager and other problems that can be solved by using the Windows Registry Editor. Now, users may experience a serious dilemma if the Registry Editor itself is disabled. This can be due to a Trojan, virus, spyware or a Malware infection to your system. Whenever this occurs, an attempt to start the editor results in the appearance of a  message declaring that “Registry editing has been disabled by the Administrator”.
This creates a setback to the solutions of various other problems using the Registry Editor. However, how much complicated this problem may seem, it’s certainly not incurable. In fact, we, in this article will discuss how simple it is to re-enable your Registry Editor. The fixes that we show here, work in Windows XP, Windows Vista and also in Windows 7.

Fix 1 : From the Run command

Click on the “Start” button and then select “Run”, or simply press “Windows Key+R”. The Run application starts and in the box copy and paste the following line :
REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
 /v DisableRegistryTools /t REG_DWORD /d 0 /f
Click OK and then reboot your computer. On restart, the Windows Registry Editor is re-enabled.

Fix 2 : By removing the regedit.com file

Another simple solution to re-enable your Registry Editor is to rename the “regedit.com”to “regedit.exe”. Sometimes, some viruses or malware loads a “regedit.com” file in the system. This “.com” file is usually a zero byte dummy file which either replaces the actual“regedit.exe” file or is added as a new file.  Now, when you type “regedit” in the “Run”box, this “.com” file is executed rather than the actual “.exe” file, since “.com” files get a greater preference than “.exe” files in the process of execution of a program.
  1. Open the drive where the Windows operating system is installed.
  2. Then open the folder named “WINDOWS” in that drive.
  3. Notice if the file “regedit” is a “.com” zero byte dummy file or not.
  4. If it is so, then delete it permanently.
In case of invasion of a worm named “W32.Navidad”, the “regedit.exe” gets renamed to“regedit.com”. In such a case you just have to rename the “.com” file by “regedit.exe”. You will now be able to access the Registry Editor normally.

Fix 3 : By editing the Group Policy

At first go to Start > Run or simply press “Windows key+R”. Type “gpedit.msc” in the Run box and click OK.
The Group Policy Editor opens up. Navigate to User Configuration > Administrative Templates>System. Now, on the right hand part of the Group Policy Editor, in the“Setting” column, double click on “Prevent Acess to Registry Editing Tools”.
The Properties box appears and here, change the property to “Not Configured”. If it is already so, select “Enable” and apply it. Then repeat the Fix 3 process to change the setting to “Not Configured”. This removes the Disable Registry Tools value successfully. Click on Apply, then OK and exit the Group Policy Editor.
Reboot your system. On resuming from the restart, the Registry Editor is enabled once again.

Fix 4 : By VB script

A different way to solve this problem is by using a Visual Basic script. Depending upon its position in the registry, the script enables or disables the Registry Editor. Doug Knox, a Microsoft Professional, created such a VB script “reg_enable.vbs”Download this VB Script. Save this on the Desktop in your system. Make sure to save this file with the extension “.vbs”.
Now follow the steps below :
  1. Double click on the downloaded file to run it.
  2. If you are prompted for an Administrative Password, enter it and press ENTER.
  3. After this is done, restart your computer.
Your Registry Editor is re-enabled on completing reboot.
Instead of double clicking on the file, you may also open a Command Prompt window by clicking Start > All Programs > Accessories > Command Prompt.
  1. Now, type cd /d %userprofile%desktop . [Replace %userprofile% by the Windows profile name of the user].
  2. Then type wscript.exe  reg_enable.vbs and press ENTER.
  3. Type EXIT and press ENTER to close the Command Prompt window.
The Disable Registry Tools policy gets removed and your can access Registry Editor normally.

Fix 5 : By installing the UnHookExec.inf

Sometimes invasions by trojans, worms etc. edits the shell > open > command registry entries. Each execution process of an “.exe” file, executes the virus. In such a case,
  1. Visit the Symantec website and download the “UnHookExec.inf” file.
  2. Save this file on your desktop making sure that the file extension is “.inf”.
  3. Right click on this file and choose to install.
  4. With the process completed, restart your system.
Resuming Windows after reboot, restores the command registry entries and the Registry Editor is re-enabled.
Any of the above 5 fixes can be used to re-enable the Registry Editor. These fixes work in all versions of Windows.

Windows vpn

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router 
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive 
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude 
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.

Understand how to handle big data and improve organizational agility to support demands of a dynamic enterprise. Read our eBook today.

Set Up Your Own VPN, Without the Expensive Software

By Eric Geier

If you want secure access to your network when away from the office, you can setup a Virtual Private Network (VPN ). You can connect via the Internet and securely access your shared files and resources. You don't have to buy an expensive VPN server if don't have a lot of users. Windows actually provides VPN server and client functionality.

In this tutorial, we'll set up the Windows 7 or Vista VPN server and connect with Windows XP, Vista, or 7. Now let's get started!

Avoiding IP conflicts

Since VPN connections link networks together, you must be careful with the subnet and IP addressing so there aren't any conflicts. On the network hosting the VPN server, you should use an uncommon default IP for the router, such as 192.168.50.1. If you have multiple offices, assign each to a different uncommon IP/subnet, such as 192.168.51.1, 192.168.52.1, and so on.


Figure 1

Create an incoming VPN connection in Windows

To configure the Windows VPN server, you do what is described by Microsoft as "creating an incoming connection." This will be the server or host of the VPN. Among other things, you'll specify the users you want to be able to connect. Follow these steps to create an incoming connection:

Right-click the network icon in the system tray and selectOpen Network and Sharing Center.Click on Manage network connections (Windows Vista) or Change adapter settings (Windows 7).Press the Alt key to show the File Menu and click File >New Incoming connection… .Select who you'd like to give VPN access to and/or create custom accounts by clicking on Add someone. See Figure 2 for an example. When you're done, click onNext.Select Through the Internet, as Figure 3 shows, and clickNext.Such as shown in Figure 4, select the protocols you want to enable for this connection. You'll likely want to selectInternet Protocol Version 4 (TCP/IPv4), so remote users receive an IP address and can access the Internet and/or network. Plus if you want the remote user(s) to access file and/or printer shares, select File and Printer Sharing for Microsoft Networks. When you're done, click Allow access.On the next window, click Close.

Now you need to access the properties of the newly created incoming network connection and define the IP address range for VPN clients:

On the Network Connections window, double-clickIncoming Connections.Select the Networking tab and double-click Internet Protocol Version 4 (TCP/IPv4).Select Specify IP addresses and then enter a starting and ending address that's within range of your local subnet but not conflicting with the DHCP range. For example, if your router's IP is 192.168.50.1, you might enter 192.168.50.50 to 192.168.50.59 as shown in Figure 5, which would support 10 clients. If you want clients to be able to assign themselves an IP, select that option.Click OK on both dialog boxes to save the changes.

Configure any third-party firewalls

Windows will automatically allow the VPN connections through Windows Firewall when you configure the incoming connection on the host PC. However, if you have a third-party firewall installed on the host PC, you need to make sure the VPN traffic is allowed. You may have to manually enter the port numbers 47 and 1723.

Configure your IP address, dynamic DNS, and router

To enable VPN connections to the host PC from the Internet, you must configure your router to forward them to the Windows PC that's accepting the incoming connections. You specify the host PC by entering its local IP address. Therefore, before you setup the port forward, you should ensure the IP address won't change.

Start by logging into to the Web-based control panel of the router. Then go to the Network or DHCP settings and see if you can reserve the IP address for the PC so it always gets the same one. This may be called DHCP reservation or Static DHCP. Some routers don't have this feature. In this case, you'll need to manually assign the PC a static IP in the TCP/IP settings of the network connection in Windows.

Once you have figured out the IP address, find the virtual server or port forwarding settings in the router's web-based control panel. Then create an entry forwarding port 1723 to the local IP address of the PC, such as Figure 6 shows. Don't forget to save the changes!

 
Figure 6.

If your Internet connection uses a dynamic IP address, rather than a static one, you should signup and configure a dynamic DNS service. This is because when you configure the remote clients, you have to input the Internet IP address of where the host PC is located. This will be a problem if the IP changes. However, you can sign up for a free service, such as from No-IP, and input your account details into the router so it will update the hostname with your IP. Then you'll have a hostname (such as yourname.no-ip.org) to input into remote clients, which will always point to the current Internet IP address of your host PC.

Now everything on the server side should be configured and ready to go. Next you need to setup the clients.

Create outgoing VPN connections in Windows

Now that you have the server setup, you need to configure the computers which you want to connect from, called the VPN clients. Here's how to in Windows Vista and 7:

Right-click the network icon in the system tray and selectOpen Network and Sharing Center.Click Set up a connection or network (Windows Vista) orSet up a new connection or network (Windows 7, as shown in Figure 7).On the wizard, select Connect to a workplace, and clickNext.Select Use my internet connection (VPN).Type the Internet IP address or hostname into theInternet address and enter something for the Destination name. See Figure 8 for an example. You'll probably want to keep the other options disabled. Click Next to continue.Enter a User name and password that was selected when you created the incoming VPN connection, and click Next to try to connect. It will attempt to connect using the following protocols: SSTP, PPTP, and then L2TP.Once connected, click Close.

Windows may by default assign the connection as a Public Network, limiting sharing functionality. Therefore you probably want to change this. If you aren't prompted to do so, open the Network and Sharing Center and clickCustomize (Windows Vista) or the Public network link under the connection name (Windows 7). Then on the popup window, select Work Network.

Here's how to create and outgoing VPN connection in Windows XP:

Open the Network Connections window and click Create a new connection.Select Connect to the network at my workplace, and click Next.Select Virtual Private Network connection, and clickNext.Enter a name for the connection, and click Next.Select Do not dial the initial connection, and click Next.Type the Internet IP address or hostname, and click Next.Click Finish.

Limiting VPN traffic

By default, all the Internet traffic on the VPN client will pass through the VPN rather than the local Internet they are connected to. This is great if they are using a public connection, like a port in a hotel or Wi-Fi hotspot, since it keeps their browsing private. However, if they are on a trusted network, like at their home or remote office, this just might be wasting bandwidth. To limit the traffic that passes through the VPN connection:

On the Network Connections window, right-click the VPN connection and select Properties.Select the Network tab and double-click Internet Protocol (TCP/IP).Click the Advanced button and uncheck Use default gateway on remote network (see Figure 9).Click OK on the dialog boxes to save changes.

Now the VPN client will use the local Internet connection when browsing websites. It will only use the VPN connection when a server or IP address isn't reachable via the Internet, such as when accessing shares on the VPN host network.

Connecting to the VPN

In Windows XP, you can connect and disconnect by opening the Network Connections window and right-clicking the VPN connection. In Windows Vista, you can click the network icon in the system tray, click Connect to, and then select the connection. In Windows 7, click the network icon in the system tray and select the VPN connection.

After you connect, you should be able to access the shared resources on the VPN host network. Keep in mind; you may have to manually access shares (e.g. ip_address_of_computer or file://computer_name/) rather than browsing in My Network Places or Network.

Cyberoam details

1. Cyberoam iView
1.1. Cyberoam iView Presentation
1.2. Visio Stencils
1.3. FAQ
1.3.1. Cyberoam iView - Introduction
1.3.1.1. What is Cyberoam iView ?
Applicable to : On Cyberoam Appliance, Open Source Software, Appliance
Cyberoam iView is a logging and reporting solution that provides organizations with visibility into their networks for high levels of security, data confidentiality while meeting the requirements of regulatory compliance.

With Cyberoam iView, organizations receive logs and reports related to network activities, intrusions, attacks, spam and blocked attempts, both internal and external, enabling them to take rapid action throughout their network.

Cyberoam iView comes in three flavors.
·        On-Appliance Cyberoam iView – An integral part of Cyberoam security appliances.
·        Open Source Cyberoam iView – A Software which can be installed on Windows and Linux.
·        Cyberoam iView Appliance – A dedicated appliance for logging and reporting.
Given below is the matrix showing flavor-wise feature availability.
 
 
Feature
On-Appliance Cyberoam iView
Open Source Cyberoam iView
Cyberoam iView Appliance
Reporting for multiple Cyberoam security appliances
No
Yes
Yes
Reporting for other Networking solutions
No
Yes. Offers reports for following Networking Solutions:

UTM:
·        SonicWALL
·        FortiGate
·        Cisco ASA

Proxy:
·        Squid

Linux Firewall:
·        Netfilter

Web Server:
·        Apache

Smart Wireless Router:
·        NetGenie

Billing and Bandwidth Management Solution:
·        24Online

Endpoint Security:
·        eScan
Yes. Offers reports for following Networking Solutions:

UTM:
·        SonicWALL
·        FortiGate
·        Cisco ASA

Proxy:
·        Squid

Linux Firewall:
·        Netfilter

Web Server:
·        Apache

Smart Wireless Router:
·        NetGenie

Billing and Bandwidth Management Solution:
·        24Online

Endpoint Security:
·        eScan
Reporting across multiple devices and multiple locations
No
Yes
Yes
Report Bookmarks and Bookmark Groups
Yes
Yes
Yes
Report Custom View
Yes
Yes
Yes
Trend Reports
Yes
Yes
Yes
Integration with ConnectWise
Yes
No
No
Applications and Application Groups
No
Yes
Yes
User Management
No
Yes
Yes
Email Notification
Yes
Yes
Yes
Export Reports
PDF, MS-Excel and HTML Export
PDF and MS-Excel Export
PDF and MS-Excel Export
Data Management
Yes
Yes
Yes
Manual Purge
Yes
No
No
Disk Usage Limit Setting
No
Yes
Yes
Chart Preferences
Yes
No
No
Custom Logo
Yes
No
No
Backup and Restore
No
Yes
Yes
Audit Logs
No
Yes
Yes
Logs Archives
No
Yes
Yes
Compliance Reports
Yes
Yes
Yes
 
                                                                                                                                                            Document Version: 1.0 – 11 February, 2014
 
 
1.3.2. Open Source Cyberoam iView - Download and Installation
1.3.2.1. From where do I download Open Source iView?

Applicable to : Open Source Software

Cyberoam iView is an Open Source software. It can be downloaded only from www.cyberoam-iview.com.
 
                                                                         
                                                                   Document Version: 1.0 – 11 February, 2014
1.3.2.2. What is the hardware requirement to install Cyberoam iView?

Applicable to : Open Source Software

Given below is the table of hardware specification to install Cyberoam iView:
ComponentRecommendation
ProcessorPentium IV with 2GHz
RAM2GB (Minimum)
Hard Disk DriveSATA or SCSI hard disk with minimum 30GB disk space


                                                                 Document Version: 1.0 – 11 February, 2014
 
1.3.2.3. Can I install Cyberoam iView on Linux?

Applicable to : Open Source Software

Yes, Cyberoam iView has two installers one for Windows and one for Linux. Given below is the list of versions supported
:
Windows:
  • Windows 2000
  • Windows XP
  • Windows 2003
  • Windows Vista
  • Windows 7
Linux:
  • Fedora 10+
  • Opensuse 11
  • Debian 5.3 
  • PCLinux 2009
  • Ubuntu 12

                                                                                                Document Version: 1.0 – 11 February, 2014

1.3.2.4. How do I install Cyberoam iView on Linux?

Applicable to : Open Source Software

Please refer to Cyberoam iView Linux Installation Guide

                                                        


                                                                                                                           Document Version: 1.0 – 11 February, 2014
1.3.2.5. What is the procedure to install Cyberoam iView on Windows?

Applicable to : Open Source Software

Please refer to Cyberoam iView Windows Installation Guide
 




                                                                                                                              Document Version: 1.0 – 11 February, 2014
1.3.2.6. How does Cyberoam iView collect logs from various devices?

Applicable to : Open Source Software, Appliance

Cyberoam collects logs from multiple appliances placed at various geographical locations using Syslog.
 
 
 
                                                                                                                     Document Version: 1.0 – 11 February, 2014
1.3.3. Cyberoam iView Appliance Upgrade

Applicable to : Appliance
This article explains step by step procedure to upgrade Cyberoam iView appliance.
Step 1: Logon to Cyberoam iView using root user credentials through console.
 
Step 2: Change the PWD to var.
 
Step 3: Download upgrade patch from below URL using following command:
[root@iview var]# wget http://sourceforge.net/projects/cyberoam-iview/files/iView-Patches/
 
 
Step 4: Use ‘ls’ command to verify the downloaded patch.
 
 
Step 5: Use following command to start upgrade process:
[root@iview var]# chmod 755 iView-linux-0.126.bin
[root@iview var]# ./iView-linux-0.126.bin
 
 
 
Step 6: Use following command to verify the current version running on Cyberoam iView:
[root@iview var]# psql -d iviewdb -U postgres -c "select * from tbliviewconfig;"
 
 

                                                                                                                                                                                          Document Version: 1.0 – 12 September, 2014
1.3.4. Accessing Cyberoam iView
1.3.4.1. What is the concept of role- based administration in Cyberoam iView?

Applicable to : Open Source Software, Appliance


Cyberoam iView supports three types of user roles with different privileges
·         Super Admin – Default account with username admin. No additional account can be created.
·         Admin – Only administrator with the Super Admin role can add and update Admin roles
·         Viewer – Administrator with Super Admin and Admin roles can add and Viewer roles
Given below is the previlege matrix associated with Cyberoam iView users:
 

Super Admin
For all the devices
Admin
Only for assigned devices
Viewer
Only for assigned device

Add
Update
Delete
View
Add
Update
Delete
View
Add
Update
Delete
View
Mail Server Configuration
Y
Y
Y
Y
N
N
N
N
N
N
N
N
User Management
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Device Management
Y
Y
Y
Y
N
N
N
N
N
N
N
N
Device Group Management
Y
Y
Y
Y
N
N
N
N
N
N
N
N
Application category
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Custom View
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Report Notification Settings
Y
Y
Y
Y
Y
Y
Y
Y
N
N
N
N
Data Management
Y
Y
Y
Y
N
N
N
N
N
N
N
N
Bookmark Management
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
N
Y
Logs
-
Y
-
Y
-
N
-
N
-
N
-
N
Syslog Server Port
-
Y
-
Y
-
N
-
N
-
N
-
N
Backup and Restore Index
-
Y
-
Y
-
N
-
N
-
N
-
N
Disk Usage Limit
-
Y
-
Y
-
N
-
N
-
N
-
N
Audit Logs
-
-
-
Y
-
-
-
Y
-
-
-
N

Super Admin
For all the devices
Admin
Only for assigned devices
Viewer
Only for assigned device
Load and Search Archive
Y
Y
N
Unload, Backup and Restore Archive Files
Y
Y

N

View Live Logs
Y
Y
N
View and Search Reports
Y
Y
Y
DashboardsMain, Device, User, Host, Email Address, iView)
Y
Y
Y
 
 
 
 
                                                                                                                                                                                                            Document Version: 1.0 – 11 February, 2014
 
 
 
 
 
 
 
1.3.4.2. How can I access Cyberoam iView after successful installation?

Applicable to : Open Source Software

You need to browse to http://<IP address of the machine on which Cyberoam iView is installed i.e. local machine>:8000 then log on using default username ‘admin’ and password specified at the time of installation.






                                                                                                                                      Document Version: 1.0 – 11 February, 2014
1.3.4.3. Which browsers are supported by Cyberoam iView?

Applicable to : On Cyberoam Appliance, Open Source Software, Appliance

Cyberoam iView can be accessed through following browsers:
·        Microsoft Internet Explorer 8+
·        Mozilla Firefox 3.0
·        Google Chrome
·        Safari 5.1.2(7534.52.7)+
·        Opera 15.0.1147.141+

We recommend Mozilla Firefox 3.0 with resolution 1024 X 768 or more for the best view.
 



                                                                                                                                             Document Version: 1.0 – 11 February, 2014
1.3.5. Open Source Cyberoam iView - Device and Device Group
1.3.5.1. How can I integrate a device with Cyberoam iView to generate reports ?

Applicable to : Open Source Software, Hardware Appliance

There are two ways to integrate a device with Cyberoam iView:
1. Auto-discover Device
Cyberoam iView uses UDP protocol to discover the network device automatically. In order to send logs to Cyberoam iView, network device has to configure Cyberoam iView as a Syslog server.
On successful login, Super Admin will be prompted with a popup "New Device(s) Found" if a new device is discovered; else, the Main Dashboard is displayed.

This prompt will be displayed every time Super Admin logs in until she takes action on the newly discovered device.
2. Add Device (manually)
Go to System Configuration > Device and click Add button to add a new device in Cyberoam iView.
Specify Device ID, Device Name, IP Address, Device Type and set status of device as ‘Active’ to start receiving logs from the added device.
 





                                                                                                                                                   Document Version: 1.0 – 11 February, 2014
1.3.5.2. How to start receiving logs from added device?

Applicable to : Open Source Software, Appliance

To start receiving logs from the added device you need to change the status of the device to ‘Active’.
1.       Go to System Configuration > Device.
2.       Select ‘Active’ under status column to activate the device.
Cyberoam iView will start receiving logs from the added device within 5 minutes.



                                                                                                                             Document Version: 1.0 – 11 February, 2014
 
 
 
1.3.5.3. What is the meaning of device status ‘Active’ and ‘Deactive’?

Applicable to : Open Source Software, Appliance

There are two possible device status in Cyberoam iView:
·         Active: Cyberoam iView is accepting logs sent by the device.
·         Deactive: Cyberoam iView is rejecting logs sent by the device.
 
 
                                                                                                                                                                          Document Version: 1.0 – 11 February, 2014
1.3.5.4. Can I check whether the logs are coming from a device or not?

Applicable to : Open Source Software, Appliance

Yes, Cyberoam iView provides option of Live Archive Logs, which provides real view of incoming logs.

To view whether the device is sending logs or not go to System Archive Live Logs and select device to view real time incoming logs.
 
                                                                                                                       
                                                                                                                                         
                                                                                                                                                           Document Version: 1.0 – 11 February, 2014
1.3.5.5. Can I group various devices to get consolidated reports?

Applicable to : Open Source Software, Appliance 

Yes, you can create group of devices based on device type, device model and geographical location, Cyberoam iView provides consolidated reports for the created device groups.
 
                                                                                                                                         
                                                                                                                                                Document Version: 1.0 – 11 February, 2014
1.3.5.6. Does Cyberoam iView keep logs of deleted device?

Applicable to : On Cyberoam Appliance, Open Source Software, Appliance

Cyberoam iView keeps logs of all devices to meet compliance requirement. One can configure retention period of logs from data management section
                                                                    

                                                                                                                                                  Document Version: 1.0 – 11 February, 2014.
1.3.6. Open Source Cyberoam iView - Applications and Application Groups
1.3.6.1. What does an application mean in Cyberoam iView?

Applicable to :  Open Source Software, Appliance

Application is a unique combination of protocol and port number through which the protocol is identified. E.g., Web-Proxy application is identified through protocol TCP and port number 8080.
If application is not defined in Cyberoam iView then instead of application name, protocol and port number will be displayed in Reports.
 
 
                                                                                                                                           Document Version: 1.0 – 12 February, 2014
1.3.6.2. Can I add single application in multiple application groups?
Applicable to : Open Source Software, Appliance
 
An application cannot be the member of multiple application groups.

To change the group membership, first remove an application from the current group and then add in the other application group.
 
 
 
                                                                                                                                    Document Version: 1.0 – 12 February, 2014
1.3.7. Reports
1.3.7.1. What is the meaning of ‘N/A’ displayed in Cyberoam iView Reports
 Applicable to : On Cyberoam Appliance, Open Source Software, ApplianceGiven below are the probable reasons of ‘N/A’ displayed in Cyberoam iView reports:
1.    Monitored device does not send log data for particular report field.
2.    Monitored device does not have particular report field defined in it.
 While ‘N/A’ in Username user based reports indicates that either the traffic is generated by a clientless user or the firewall rule is not applied on the user.
                                                                                                                                              Document Version: 1.0 – 19 February, 2014
1.3.7.2. Why do we see multiple Reports for IP Address 0.0.0.0?
Applicable Format: Open Source Software, Appliance
DHCP Clients send DHCP Request packets that are marked with Source IP as 0.0.0.0. If DHCP Server is not configured in monitored device, it does not reply to DHCP requests, and hence drops these packets. This drop event is recorded as under Top Denied Hosts in Reports > Blocked Applications > Top Denied Hosts.
Top Denied Hosts Report
 




                                                                                                                                                   Document Version: 1.0 – 31 January, 2014
1.3.7.3. How to view Firewall Rule based reports in iView?

Applicable Format – Software and Hardware

You can view Firewall Rule based reports by following the steps given below.
 
1.     Login to iView using Administrator credentials.
 
2.     Go to Reports à Source Host Based Usage à Top Rules. The Firewall Rules with maximum number of hits are displayed.
 
 
 
 
3.     Click the desired rule to view its detailed report of Firewall Rule. For example, we have clicked Rule ID 710.
 
 
 
 
                                                                                                                                                                          Document Version: 1.0 – 13/04/2012
1.3.7.4. What does Main Dashboard show?
Applicable Format - Software and Hardware

When you login to Cyberoam iView, it provides you with Main dashboard. The page displays consolidated allow and deny traffic statistics for all the monitored devices in graphical as well tabular form where number of displayed devices can vary as per your user type.
1.3.7.5. I want to know about the traffic generated by a specific source host, how can I get this information?
Applicable Format - Software and Hardware

You can get the required information from Source Host dashboard.

To access Source Host dashboard logon to Web Admin console and go to Dashboards®Custom Dashboard.
Select criterion as Source host and enter the IP address of the host to get complete information of the host.
1.3.7.6. How can I get information regarding resource utilization by Cyberoam iView?
Applicable Format - Software
 
Cyberoam iView Dashboard is the answer of your question.
 
Logon to Cyberoam iView and go to Dashboard®iView Dashboard.

It will show you all the important resource utilization parameters like memory usage, disk usage and CPU usage of Cyberoam iView.
1.3.7.7. How can I get visibility of a particular user's Internet behavior?

Applicable to : Open Source Software, Appliance  

You can view all Internet activities of a particular user from single page of User Dashboard. 
It gives in-depth visibility of user Internet behavior which includes Application, Web  and FTP Usage along with Blocked Web and Applications attempts.
Logon to Web admin console and go to Dashboard > Custom Dashboard.
Select criterion as username and enter the username to get complete information of the user.
 
                                                                                                                                           Document Version: 1.0 – 05 March, 2014
1.3.7.8. Can I have a comprehensive view of user’s email activities?
Applicable Format - Software and Hardware

Yes, you can have detail information of user’s email activities with the help of Email Address dashboard.
Logon to Web Admin console and go to Dashboards®Custom Dashboard.
Select criterion as email address and enter the email address of the user to get complete information.
1.3.7.9. What is custom view of report?
Applicable Format - Software and Hardware

Custom view of reports is a group of the most pertinent reports that requires the special 
attention for managing the devices.

Reports from different report groups can also be grouped in a single view.

To create a custom view logon to Web admin console and go to System 
® Configuration ®
 Custom View
1.3.7.10. How can I schedule reports in Cyberoam iView?
Applicable Format - Software and Hardware

Given below are the steps to schedule reports in Cyberoam iView:
 Configure Mail Server
·    Logon to Web admin console and go to System ® Configuration ® Mail Server.
·    Specify mail server IP address and port number.
·    Specify 'from' email address.
·    Specify username and password in case of SMTP authentication and click Save button.
 Add Report Notification
·    Logon to Web admin console and go to System ® Configuration ® Report Notification.
·    Click Add button to add report notification.
·    Specify name of the report notification.
·    Specify ‘To email address’
·    Select report to be sent from the report group
·    Select device(s) from the list of devices.
·    Set email frequency and click Add button
Selected reports will be sent in PDF format.
1.3.8. Open Source Cyberoam iView - Audit Logs
1.3.8.1. What are the categories for which audit logs can be viewed?
Applicable Format - Software and Hardware

Given below is the list of different audit log categories with corresponding events:

 
Category
Event Logs for
Mail
SMTP server configuration update        
Add Report Notification
Update Report Notification
Delete Report Notification
Sent report notification
UserUser Login                   
User Log out
Add User
Update User
Delete User
DeviceAdd Device      
Update Device
Delete Device
Add Device Group
Update Device Group
Delete Device Group
ApplicationAdd Application Identifier         
Delete Application Identifier
Add Application
Update Application
Delete Application
Add Application Group
Update Application Group
Delete Application Group
Reset to Default
ViewsUnauthorized access to web pages
DataArchived Logs  
Detail Table
Summary Table
ReportAdd Custom View        
Update Custom View
Delete Custom View
1.3.8.2. What is the meaning of different severity levels displayed in audit logs?
Applicable Format - Software and Hardware

Given below is the list of different severity levels with corresponding meaning
:
·         Emergency : System is not usable
·         Alert: Action must be taken immediately
·         Critical: Critical condition
·         Error: Error condition
·         Warning: Warning condition
·         Notice: Normal but significant condition
·         Info: Informational
·         Debug: Debug-level messages
1.3.9. Open Source Cyberoam iView - Logs Archives
1.3.9.1. What is the meaning and need of archive logs?
Applicable Format - Software and Hardware
 
Archive logs are collection of historical records, which are the initial line of forensic investigation.
Cyberoam iView retains archive log data for the configured period. Data Retention period can be configured from the System → Configuration→ Data Management page.
For further details, refer to Data Management section of Administrator Guide.
1.3.9.2. What is the meaning of various operations displayed under Action column?
Applicable Format - Software and Hardware
 
Action column of Archive section displays various operations that can be performed on archive files. Given below is the name and description of the operations:  
·         Load: Load archived file from your local drive to the Cyberoam iView database.
 
·         Unload: Unload archived file from Cyberoam iView database.
 
·         Search: Perform a refined search based on multiple criteria.
·         Backup: Take backup of selected file on the machine on which Cyberoam iView is installed.      
1.3.9.3. Why the checkbox against one of the file in archive section is disabled?
Applicable Format - Software and Hardware
 
Cyberoam iView stores archived data for a specified day in four files and each file contains data for 6 hours. You can perform various actions on the archived files e.g, load, unload, search and backup.
There are two possibilities for displaying disabled checkbox:
·         The archive file is not created yet
·         The file is loaded to Cyberoam iView database in this case selected disabled checkbox will be displayed.
Please note that you need to load the archive file in Cyberoam iView database to perform unload and search operations.