Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

Page 101/163 | < Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >

Amazon EC2 firewall rules & VPN connections

- by John

I'm moving from Rackspace to Amazon EC2. One thing I like about our Rackspace setup is that it is extremely secure. The MySQL box can only be accessed via internal IPs, and we have a Cisco VPN firewall that allows us to dial in remotely and access port 3306 as though we were on the internal network. I'd like to figure out how to replicate this setup with EC2. How can I make the MySQL box so that port 3306 can only be accessed on the internal network? What about the VPN piece of things? I know Amazon has the VPC service, but it seems like that's for the purpose of connecting to an existing network. I don't have an existing network. I want to essentially create one inside Amazon and connect to that. What are my options? Any good tutorials on how to get started? Thanks in advance for your help

Read the article
Setting up SSL on Nginx, Passenger, Sinatra

- by 12preschph

I have a Sinatra app that runs both on locally and on Heroku. When visiting my site over HTTPS across Heroku, it will indeed work as Heroku provides this by default. How can I set up SSL to work on my localhost machine? I will enable my Sinatra app to only allow secure connections so I need to test this both in development and production. Currently, I am running the following locally: SERVER= nginx/1.6.0 + Phusion Passenger 4.0.42 Also, where is my nginx folder? I don't have it installed in the normal location (Ubuntu) so this must come custom with Passenger?

Read the article
how to make SFTP work on Windows

- by cyberkiwi

What is the correct way to set up sshwindows for SSH key authentication? Does the user need to be created in Windows first or can a login be inserted into passwd without a Windows equivalent? I've searched on Google and have tried the tutorials and quick start guides. So far, exactly 0 have worked. None pointed out that to work in Windows 2008 R2, you need to change the properties of cygrunsrv.exe to "Windows XP SP3" compability mode to even get past the service startup "error 1067". Although it is running, no amount of configuration allowed me to log on to the SFTP server, even though I tried (from another machine): same user account added using "mkpasswd" + windows password same user account added using "mkpasswd" + public ssh key (added to /home/theuser/.ssh) On Windows 2003 R2 (a different attempt), the service would crash every time it started up. Some links I went through http://pigtail.net/LRP/printsrv/cygwin-sshd.html http://forevergeeks.com/how-to-setup-a-secure-ftp-sftp-site-with-openssh-on-windows/ http://support.moonpoint.com/os/windows/server2003/openssh-service-not-starting.html

Read the article
Standalone server setup for compute capacity

- by mikera

I'm developing an application for my company that will require a lot of compute capacity (running some very big mathematical calculations), and looking for some form of server setup to do this. For various reasons, we want to run this on-site in our office rather than hosting it externally. It's been a while since I last had to set up my own servers so I thought I would tap into the collective wisdom of serverfault! My broad requirements are: Budget $30-50k, with an aim to get as much compute capacity as possible for that budget 64-bit servers suitable to run Ubuntu Linux + Java Some relatively standalone rack that can be installed in secure office space Fast/low latency network connections between the servers, but don't really care about connectivity to the outside world Storage capacity shared between the servers - they don't necessarily need their own storage providing they can be booted from a common image Downtime can be tolerated (since the calculations are run in batch mode) The software itself is fault-tolerant, so there is no need for extra resiliency in the server setup (cheap replaceable commodity parts will be fine in general) Given these requirements what kind of setup would you recommend and why?

Read the article
How to remove the upper right close button

- by tahdhaze09

I need to kill the close 'x' button at the top of a jQuery UI modal dialog box. I have a modal that opens with an OK button that redirects to the site. The site behind the modal is in an iframe. When the user agrees to the statement in the dialog box and clicks the 'OK' button, it redirects to the site that is outside the iframe. If the user clicks on the 'x', it goes to the iframe site, which I do not want to have happen. I need the modal to work as a one-way to the site it goes to. It basically forces the user to accept the user agreement. I would post code, but its an intranet site. Thanks everyone for your help! EDIT: This site is a government intranet portal, not a commercial site. So the goal is NOT to trap a user into the site, but rather to let the user know that the use of this site is restricted and to make sure you understand and accept the user agreement or you cannot use the site.

Read the article
Ownership/permissions of uploaded files

- by Cudos

Hello. I want to find out if I am on the right track. My script uploads files to the directory "images". The directory has this setup: owner/group = www-data Permissions = 700 Questions: Is this a good way to secure the directory from a hacker uploading files? Will the hacker be able to upload the files directly to the directory? Note: I have a bunch of other security measures in my upload script + an .htaccess script in the directory that disables script Execution. I just what to know if the permissions on the directory is sensible. I run apache 2.2

Read the article
Best blog package/platform (java, php etc)?

- by user50912

Hi Folks, I want to set up a blog, but I want it to reside on a URL I've bought, I also don't want any of the ads and such that sit around other blogs on blog specific sites like blogspot and generally want more control. I was thinking of getting shared hosting with mysql and such to get it going (as opposed to a VM which would be overkill). Then I just need to decide on the easiest quickest (and most secure) way of getting something up there. After some googling, I see b2evolution.net which sits on php, or Apache Roller, which seems to sit on Java. Could anyone offer any advice on whats my best approach here? Are there security concerns with either or has anyone any experience in this area? I really want setup time to be minimal, so I can concentrate of the feel of the blog rather than whats under the hood. Many Thanks.

Read the article
Do superuser things with normal user

- by OrangeTux

I want to secure the SSH access to my server. One thing I read everywhere is to disable the root user login. To still have access via SSH I created another user via sudo adduser john How can I still do root things with this account? sudo command asks for a password of the user but gives john not in sudoer file. Action will be reported. When I use su I log in as root which I'm going to disable. How can I stil do root things with the normal account john?

Read the article
Allowing users in from an IP address without certificate client authentication

- by John

I need to allow access to my site without SSL certificates from my office network and with SSL certificates outside. Here is my configuration: <Directory /srv/www> AllowOverride All Order deny,allow Deny from all # office network static IP Allow from xxx.xxx.xxx.xxx SSLVerifyClient require SSLOptions +FakeBasicAuth AuthName "My secure area" AuthType Basic AuthUserFile /etc/httpd/ssl/index Require valid-user Satisfy Any </Directory> When I'm inside network and have certificate - I can access. When I'm inside network and haven't certificate - I can't access, it requires certificate. When I'm outside network and have certificate - I can't access, it shows me basic login screen When I'm outside network and haven't certificate - I can't access, it shows me basic login screen and following configuration works perfectly <Directory /srv/www> AllowOverride All Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx AuthUserFile /srv/www/htpasswd AuthName "Restricted Access" AuthType Basic Require valid-user Satisfy Any </Directory>

Read the article
Using Windows Azure storage for backup

- by Bruno

I am currently looking at Windows Azure blobs as an option for backing up archive data. I want to be able to upload files from an external windows machine via the internet but I don't know enough about Windows Azure storage to make a decision. Some of the questions I have are How do I upload the files. Is there a client application, can I use robocopy? Would it be fast enough? i.e. Could I download or upload 1TB of data in a week? Is it secure? Hopefully someone smarter than me can help me :-)

Read the article
3 Root accounts in MySQl database

- by hairbymaurice

Hello, I have managed to get mySQL running under Ubuntu 8.10, I am now diligently trying to secure the database and am adding passwords for the root users. My question: I have a root user under the host "kickseed" with no password set I have no idea what kickseed is as the database is installed under localhost, on searching around i have discovered that this is something to do with the ubuntu OS itself. Is it safe to delete this user account from MySQL or is it used for something by the OS? If i need to keep it should i /can i protect it with a password? Also i have another root account under the host IP 127.0.0.1 again can i delete this? My absolute preference would be to have only one account with root access but i do not want to delete these accounts if they are necessary. Thanks for tolerating a newbie Regards Hairby

Read the article
Client-side certificates

- by walshms

My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works. Now I'm required to generate x509 client-side certificates to issue for this subdomain. I'm following along this page: (http://www.vanemery.com/Linux/Apache/apache-SSL.html), starting with "Creating Client Certificates for Authentication". I've generated the p12 files and successfully imported them into Firefox. When I browse to the site now, I get an error in FireFox that says "The connection to the server was reset while the page was loading." I think my problem is coming from not signing the client-side correctly. When I sign the client-side certificate, I'm using the PEM file (RapidSSL_CA_bundle.pem) from RapidSSL (who we bought the certificate from) for the -CA argument. For the -CAkey argument, I'm using the private key of the server. Is this correct?

Read the article
Strange RDP / Remote Desktop problem

- by John Landheer

I'll try to be as specific as I can be: Server is running SBS 2008 R2 (with all updates) Server is connected to the internet Server has 2 NIC's, one is disabled Server is running RDP Service (accessible directly from the internet, I know, not as secure as it should be) Computers A and B are on the same local net. Computers A and B are both Windows 7. Users X and Y are both admins on the server Computer A can connect as user X to the server with mstsc Computer A can connect as user Y to the server with mstsc Computer B can connect as user X to the server with mstsc computer B CANNOT connect as user Y to the server with mstsc! The last point is the problem, I get an authentication error. This used to work flawlessly for the last year. The server and desktops have been rebooted. I find it very strange....

Read the article
Exchange 2010 550 5.7.1 unable to relay

- by isorfir

I have a website application that needs to send email via our Exchange servers. It sends email internally fine, but when sending to an external address I get the 550 5.7.1 unable to relay error. I followed this guide to create a connector to allow relay. Unfortunately, all office email was trying to use that connector and was not being routed correctly. It also appeared as though it opened it up for spammers to use. This is obviously unacceptable and a secure method is needed.

Read the article
Mysql refusing connection: a very special connection issue

- by k to the z

I have my programers remoting into a web server with windows rdp. This web server is the only machine that can access another mysql server in a secure zone. When I remote into the web server from my machine I am able to connect to the mysql server through the mysql workbench on the web server. However, when I try this same procedure from another person's computer I can get into the server via rdp. I just can't connect to mysql using the workbench. I have checked and re checked the credentials and connection information. They match. I've had other people check and re check the credentials. As far as mysql permissions are concerned this user is allowed to connect from any machine. Plus I'm remoting into the same web server. The only difference seems to be which computer is remoting into the webserver. wtf?

Read the article
Is it possible to hide the SSID of the Windows 7 soft AP

- by Goro

I know it is possible to create a sofware AP in windows 7 using command prompt: netsh wlan set hostednetwork ... But is it possible to set such a network not to broadcast its SSID? I realize that this does not gain any security - or may even make the system more secure, but I am not asking about security here. I want to know if it is possible, through the netsh command interface, to hide the SSID. If my client wants to hide the SSID, then I will make them aware of security implications, but in the end it is their decision.

Read the article
Cloud services can't be reached from complex customer infrastructure

- by Nock

We have several services running on a cloud, they all are hosted on Windows Server 2012 R2, have public IP address and specific port. Some of our customers can't reach them because for "some reason" the ports are cut between a firewall between them and us. (some customers are using a shared internet connection in a multi tenant office and they can't change firewall communication) Well, you get it, we don't have the possibility to make all the firewall "allowing" the communication. My customers all runs Windows 7 at least. What is the best counter solution in such case, using Microsoft (Windows Server) technologies? The best would be some kind of tunneling communication or VPN, but the customer should also be able to access his/her enterprise resources. Bby the way, today we using IPSec using Windows Firewall to secure the communication, is IPSec tunneling a solution for us? Otherwise, is there a service in Windows to enable some kind of VPN between a client and a server but only for a given set of servers?

Read the article
Putting a whole linux server under source control (git)

- by Tobias Hertkorn

I am thinking about putting my whole linux server under version control using git. The reason behind it being that that might be the easiest way to detect malicious modifications/rootkits. All I would naively think is necessary to check the integrity of the system: Mount the linux partition every week or so using a rescue system, check if the git repository is still untempered and then issue a git status to detect any changes made to the system. Apart from the obvious waste in disk space, are there any other negative side-effects? Is it a totally crazy idea? Is it even a secure way to check against rootkits since I most likely would have to at least exclude /dev and /proc ?

Read the article
Problem with domain getting turned to IP address for https

- by user229133

I have a website that is using Windows Server 2003. The site is called https://mysite.com/ and at ip address 111.1.1.1. Now when I log into the site all my relative links that are generated using NavURL (<%# NavURL("Images/Menu/img.gif")%) are saying "http://111.1.1.1/Images/Menu/img.gif" instead of "https://mysite.com/Images/Menu/img.gif". This is causing an error because it needs to be secure. I'm sure there is a setting on the server somewhere to point to the name and not the ip, but I don't know where. Thanks for your help.

Read the article
How can I force all requests to be SSL when using EC2 load balancer?

- by chris

I currently have a single EC2 instance which is forcing all requests to be secure by using mod_rewrite: RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] I am planning on moving to a load balanced setup, with multiple back-end instances. If I set up my EC2 load balancer with my certs, do I need to use SSL to communicate between the LB and my instances? If not, is it as simple as replacing the RewriteCond with RewriteCond %{HTTP:X-Forwarded_Proto} ^http$ Edit: I tried using the x-forwarded-proto, but it does not appear to work. Is there another way to detect if someone is connected to the LB via SSL?

Read the article
AWS VPC - why have a private subnet at all?

- by jkim

In Amazon VPC, the VPC creation wizard allows one to create a single "public subnet" or have the wizard create a "public subnet" and a "private subnet". Initially, the public and private subnet option seemed good for security reasons, allowing webservers to be put in the public subnet and database servers to go in the private subnet. But I've since learned that EC2 instances in the public subnet are not reachable from the Internet unless you associate an Amazon ElasticIP with the EC2 instance. So it seems with just a single public subnet configuration, one could just opt to not associate an ElasticIP with the database servers and end up with the same sort of security. Can anyone explain the advantages of a public + private subnet configuration? Are the advantages of this config more to do with auto-scaling, or is it actually less secure to have a single public subnet?

Read the article
How to use ssh-agent (and graphic passphrase dialog) in Kubuntu 10.10?

- by halo

I have recently switched from Ubuntu to kubuntu, both version 10.10. Unfortunately in KDE the ssh passphrase dialog doesn't work out of the box. Everytime my ssh private key is used I need to enter my password. This is neither secure nor comfortable. I have done comprehensive research on the net but only found out dated documentation. Several things I tried didn't work out. Current status: SSH setup working with direct passphrase input ssh-agent running in X session $SSH_AUTH_SOCK set to ssh-agent's socket in X session How to enable ssh-agent for keeping the passphrase in memory for ~15mins and as a bonus always use a graphical dialog for its input? I use asymmetric SSH key pairs for pushing/pulling in Git VCS logging remotely into different server systems

Read the article
nginx + reverse proxy question

- by Joe Pilon

Hello, I am using nginx right now for our production sites with the reverse proxy to apache that's on the same server and it works fantastic. I'm wondering if I can do this: Install nginx on box #1 in say Canada and have it reverse proxy http requests to box #2 in a datacenter in the USA. I know there may be some latency or delays in loading the page etc but that would probably be not noticable to the end user especially if both servers have 100mb ports. Box #2 only does the apache requests, all images are served from box #1 via nginx. Now, would the end visitor be able to tell in any which way that there are 2 boxes being used? Box #2 has sensitive data which we can't have stolen in the event of hacking etc, so this method helps keep things a bit more secure. Anyone know if this is possible or have done something similar?

Read the article
How to use ssh-agent (and graphic passphrase dialog) in Kubuntu 10.10?

- by halo

I have recently switched from Ubuntu to kubuntu, both version 10.10. Unfortunately in KDE the ssh passphrase dialog doesn't work out of the box. Everytime my ssh private key is used I need to enter my password. This is neither secure nor comfortable. I have done comprehensive research on the net but only found out dated documentation. Several things I tried didn't work out. Current status: SSH setup working with direct passphrase input ssh-agent running in X session $SSH_AUTH_SOCK set to ssh-agent's socket in X session How to enable ssh-agent for keeping the passphrase in memory for ~15mins and as a bonus always use a graphical dialog for its input? I use asymmetric SSH key pairs for pushing/pulling in Git VCS logging remotely into different server systems

Read the article
Configure session length with htaccess

- by brianpartridge

My home web server is running the stock OSX Apache 2 install. I have some directories with content that I want to secure, so I setup htaccess files for those areas. However, I find it annoying to have to login to those areas as frequently as I do. Once I'm logged in I'd like to not have to login again for a long time, similar to setting a long time in a cookie. But, I'd like to increase the life time of the authenticated session with htaccess. I've googled but haven't found what I'm looking for, maybe because I'm looking for the wrong term. I want to configure the 'session length', 'session timeout', 'time limit', or 'expiration' for users authenticated via htaccess. Any thoughts?

Read the article

< Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >