Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 107/706 | < Previous Page | 103 104 105 106 107 108 109 110 111 112 113 114  | Next Page >

  • How to secure memcached?

    - by alfish
    In Debian, I have installed memcached (using this guide) to lower the otherwise unmanageable load on mysql database. The database is on a separate server, and memcached and Varnish are on the front server. Is it a potential security hole to leave memcached unprotected by a firewall? If so, how should I secure it? The situation is especially worrisome,as I've received (unproved) reports of cookie thefts on the server. Thanks

    Read the article

  • Do I really need mod_security?

    - by Rob
    I'm doing a clean install of my server and I'm looking for some advice on whether or not I actually need the Apache mod_security module. I consider myself to be a bit security paranoid when it comes to my servers, but is it worth going through all the hassle to install and debug a new config of mod_security?

    Read the article

  • mpasdlta files -- what are they?

    - by Tmdean
    I noticed a bunch of folders in the root of my hard drive named with a string of hex digits that contain files named with a GUID ending with "mpasdlta.vdm" and "mpavdlta.vdm". From some Googling, I've determined that these files are spyware and virus definition files used by Microsoft Security Essentials. Are these files safe to delete? (Why doesn't Microsoft follow their own guidelines and store application data in the folders intended for that purpose? grumble grumble)

    Read the article

  • What is a quick way to report login/logout times on Windows 2003?

    - by blueberryfields
    I have about a dozen servers, and I am looking to quickly find out all of the login/logout times, for a subset of users, for all servers, during January. Is there a quick, easy way to get this information (faster and easier than manually combing through the security logs)? I would rather not replicate any work - are there any publicly posted tools or scripts that already implement a solution to this problem?

    Read the article

  • Running Modern UI/Metro Apps as Administrator in Windows 8

    - by Shail
    I noticed that on Windows 8's Start screen, I could right click a Windows legacy program (A program which runs on Windows XP, Vista and 7), and I could run it as Administrator. However, whenever I clicked on a Windows 8 Modern UI or a Metro app, I didn't have that option. So here are my questions:- Why can't I run the Modern UI apps as an Administrator? Does it make any difference as far as security is concerned?

    Read the article

  • Is it worth the effort to block failed login attempts

    - by dunxd
    Is it worthwhile running fail2ban, sshdfilter or similar tools, which blacklist IP addresses which attempt and fail to login? I've seen it argued that this is security theatre on a "properly secured" server. However, I feel that it probably makes script kiddies move on to the next server in their list. Let's say that my server is "properly secured" and I am not worried that a brute force attack will actually succeed - are these tools simply keeping my logfiles clean, or am I getting any worthwhile benefit in blocking brute force attack attempts?

    Read the article

  • Disable SSL / TLS compression in Apache 2.2.x

    - by DevGav
    Is there a way to disable SSL/TLS Compression in Apache 2.2.x when using mod_ssl? If not, what are people doing to mitigate the effects of CRIME/BEAST in older browsers? Related Links: https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 https://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor

    Read the article

  • Is CloudLinux considered to be a stable webserver

    - by Saif Bechan
    I am currently running several websites on a CentOS 5.4 system. I have the choice to switch to Cloudlinux. It is said to be better at handling several websites. Does anyone have any information to share on CloudLinux. This can be on security, stability and just overall performance of the system.

    Read the article

  • 40k Event Log Errors an hour Unknown Username or bad password

    - by ErocM
    I am getting about 200k of these an hour: An account failed to log on. Subject: Security ID: SYSTEM Account Name: TGSERVER$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 4 Account For Which Logon Failed: Security ID: NULL SID Account Name: administrator Account Domain: TGSERVER Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x334 Caller Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TGSERVER Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. On my server... I changed my adminstrative username to something else and since then I've been inidated with these messages. I found on http://technet.microsoft.com/en-us/library/cc787567(v=WS.10).aspx that the 4 means "Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention." which really doesn't shed any light on it for me. I checked the services and they are all logging in as local system or network service. Nothing for administrator. Anyone have any idea how I tell where these are coming from? I would assume this is a program that is crapping out... Thanks in advance!

    Read the article

  • Thoughts on MPM-ITK?

    - by Rich
    I have several sites on my server set up as virtual hosts. What are your thoughts on MPM-ITK? Are the tradeoffs and the potential root exploit vulnerability worth the security of internal system files? http://mpm-itk.sesse.net/

    Read the article

  • What is the best way to secure MySQL data on a laptop *without* whole-disk-encryption?

    - by GJ
    I need to have the mysql data on my laptop stored in an encrypted state so that in case of the laptop being lost/stolen it will extremely difficult to recover the data without the password. I don't wish to use whole disk encryption, due to the performance impact it will have on other disk-intensive programs' usage. What could be the ideal solution for me balancing security and performance? Thanks!

    Read the article

  • How to audit a specific folder in Windows Server 2003?

    - by saint
    We have had several cases of file deletion in one of our windows file servers. Server is also a domain controller. Unfortunately we kept the auditing disabled completely due it being such a resource hog. So I was wondering If there is a way to audit a specific folder for a specific security group, for just file and folder deletions within the specified folder. Also is there a recommended third party application for auditing or monitoring. Many Thanks.

    Read the article

  • Ubuntu server; Should I add a new user or not?

    - by Camran
    On my Ubuntu server, when I do everything now I do it as "root" user. So for example, logging into ftp filezilla, I enter "root" as username... Is this the way to do it, or should I create a users group and add priveliges to the users in that group? Don't know if I should create a new user or not, it works with root just fine, but I don't want any security flaws... Thanks

    Read the article

  • Vulnerability research. Is it really research?

    - by Benjamin
    IT security people often say they do "vulnerability research". They defend the idea that they actually are doing some kind of "research". But is searching for vulnerabilities in software real research? A geologist looking for mines in the desert is doing "exploration", not "research".

    Read the article

  • Anti-virus protection question?

    - by DaBaer
    About 4 years ago, I found Kaspersky and have been using the most current version since. Most people try and argue the use of AVG or Avast to me, and there are some very solid reasons I do not go that route. Over the years, I have found Kasp to become bulkier and bulkier, and have had issues setting it up for friends/family/clients. I am just curios on possible recommendations from other users, with my criteria in mind: What I like about Kasp in the past: The license sold in stores in a 3 pack, is considered a commercial license, and emails from Kasp in response to my questions, make it clear that I can do with the 3 licenses that I want, providing I do not use more than 3 installs per Key. So, allowed me to buy 3, 5, and 7 packs, and resell to users at a cheaper cost than what they would pay if they bought their own license. The ability to easily obtain a currently updated .exe for installation on multiple peoples machines. Power of the scan. Kasp has been a good solution for me (even when using a trial license) on cleaning up machines that were badly infected (in which AVG and AVAST were unable to.) Speed of install/update. After a cleanup of malwarebytes, spybot, mcafee stinger, ccleaner, and combofix, I used to be able to get Kasp Int Security installed and updated in around 5 minutes. The issues that I have with the free AV, is strength of protection. In my opinion for someone who is a 'power use' these are good alternatives, because such a user should be trained or knowledgeable enough to be careful and not get themselves in trouble. Most of the users I assist, are too PC ignorant to know any better, and go hogwild on the web. It has been my experience that the number of people coming back to me with spyware/malware/virus issues since I have converted from AVG to Kasp has been cut down to around 20% of what it used to be 4 or 5 years ago. In a perfect world, I could install and use Kasp Internet Security 2008, and be very happy. But this is not the case anymore. So after this long description of what I used, and have used, does anyone have any good recommendations on AV that isn't going to cost me too much per install?

    Read the article

  • Sandbox on a linux server for group members

    - by mgualt
    I am a member of a large group (academic department) using a central GNU/Linux server. I would like to be able to install web apps like instiki, run version control repositories, and serve content over the web. But the admins won't permit this due to security concerns. Is there a way for them to sandbox me, protecting their servers in case I am hacked? What is the standard solution for a problem like this?

    Read the article

  • Secure linux distro that sends traffic through Tor

    - by gravestone
    I'm looking for a live Linux distro that is secure and preserves my anonymity online. For what I need, Tor seems to do the job – but such software requires configuration that someone who is not knowledgeable in how it works might find difficult. I was looking at 'Lightweight portable security' but it does not specify whether it sends all traffic through Tor. Does anyone know more information about it and/or any other such live Linux distro?

    Read the article

  • Why does Kerberos need Ticket Granting Server?

    - by Narsil
    It's probably something fundamental but I can't find a certain statement. Why can't KDC authenticate then provide the service ticket directly. Is it about security or performance or some other thing? Since users don't log in each time they request a service and assumably they will keep logged in for a long time, AS doesn't seem so busy. Why do they have to be seperated?

    Read the article

< Previous Page | 103 104 105 106 107 108 109 110 111 112 113 114  | Next Page >