Search Results

Search found 18805 results on 753 pages for 'security center'.

Page 119/753 | < Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >

• Calling a WCF service from another WCF service

  - by ultraman69

  Hi ! I have a WCF service hosted on a windows service on my Server1. It also has IIS on this machine. I call the service from a web app and it works fine. But within this service, I have to call another WCF sevice (also hosted on a windows service) located on Server2. The security credentials are set to "Message" and "Username". I have an error like "SOAP protcol negociation failed". It's a problem with my server certificate public key that doesn't seem to be recognise. However, if I call the service on the Server2 from Server1 in a console app, it works fine. I followed this tutorial to set up my certificates : http://www.codeproject.com/KB/WCF/wcf_certificates.aspx Here's the config file from my service on Server1 that tries to call the second one : <endpoint address="" binding="wsHttpBinding" contract="Microsoft.ServiceModel.Samples.ITraitement" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <client> <endpoint address="http://Server2:8000/servicemodelsamples/service" behaviorConfiguration="myClientBehavior" binding="wsHttpBinding" bindingConfiguration="MybindingCon" contract="Microsoft.ServiceModel.Samples.ICalculator" name=""> <identity> <dns value="ODWCertificatServeur" /> </identity> </endpoint> </client> <bindings> <wsHttpBinding> <binding name="MybindingCon"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="ServiceTraitementBehavior"> <serviceMetadata httpGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="True" /> </behavior> </serviceBehaviors> <endpointBehaviors> <behavior name="myClientBehavior"> <clientCredentials> <clientCertificate findValue="MachineServiceTraitement" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" /> <serviceCertificate> <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> And here's the config file from the web app that calls the service on Server1 : <system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_ITraitement" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="http://localhost:8020/ServiceTraitementPC" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ITraitement" contract="ITraitement" name="WSHttpBinding_ITraitement"> </endpoint> </client> Any idea why it works if if I call it in a console app and not from my service ? Maybe it has something to do with the certificateValidationMode="ChainTrust" ?

  Read the article

• Why shouldn't root be allowed to login via ssh?

  - by Thomas

  Hi, why should root access be disabled for ssh? I always hear that's for security reasons. But I don't get it. What's different to login as non-root and then sudo su -? What's the preferred way to handle tasks that need privileged permissions? Thanks Thomas

  Read the article

• What anti-keylogging programs can you use when using public PCs

  - by Jason Smith

  Are there anti-keylogging programs that can keep you safe while you are using a public PC terminal? Do they exist and what are these? I like to know that I am safe when entering data on a public PC for example from malware or keyloggers, who knows where it has been. Or else, how can I keep my personal data safe when using a public PC? I think this question is relevant for anyone who is concerned about their security on any level.

  Read the article

• How secure is a bluetooth keyboard against password sniffing?

  - by jhs

  In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system?

  Read the article

• Using an audio cable (or similar) to create unidirectional communication from a secure server

  - by makerofthings7

  I'm interested in exploring how a semi-offline Root CA can be used to update CRLs to the sub CA's. This answer on Security.SE mentions using an audio cable for this purpose. Doe anyone have details on how an Audio cable (or similar) can be used to create a unidirectional path of communication? Since I'm a .Net programmer, I'm also open to code samples, drivers, etc that may enable this scenario.

  Read the article

• OS X stealth mode: where is it enacted?

  - by er4z0r

  I am working through the security guide from apple (which they did not update since Snow Leopard). In the firewall section it states that ipfw has a default allow rule: 65535 allow ip from any to any And if you enable the firewalls 'stealth mode' via the settings the following rule should be added: 33300 deny icmp from any to me in icmptypes 8 The funny thing is: I have stealth enabled and I do not see this rule when doing sudo ipfw print Any idea where stealth mode is enforced if not in the ipfw ruleset?

  Read the article

• Is there another way to run Apache2 securely for end users without using CGI mode?

  - by Volomike

  Is there another way to run Apache2 securely for multiple end users (like hosting hundreds of blogs) without using CGI mode as required by suPHP? It just seems so inefficient to use CGI mode for PHP when if we could set up permissions properly, we could host PHP through mod_php perhaps? I mean, I do want to restrict these users to their home directories for their sites, but don't want any security issues.

  Read the article

• KeePass justification

  - by Jeff Walker

  I work at a place that tries to take security seriously, but sadly, they often fail. Currently, one of the major ways they fail is password management. I personally have about 20 accounts (my personal user id on lots of machines). For shared "system" accounts, there are about 45 per environment; development, test, and production. I have access to 2 of those, so my personal total is somewhere around 115 accounts. Passwords have to be at least 15 characters with some extensive but standard complexity constraints, and have to be changed every 60 days or so (system accounts every year). They also should not be the same for different accounts, but that isn't enforced. Think DoD-type standards. There is no way to remember and keep up with this. It just isn't humanly possible, as far as I'm concerned. This might be a good justification of a centralized account management system, a la LDAP or ActiveDirectory, but that is a totally different battle. Currently the solution is an Excel spreadsheet. They use Excel to put a password on it, and then most people make a copy and remove the password. This makes my stomach turn. I use KeePass for this problem and it manages all of my account very well. I like the features like auto-typing, grouping, plugins, password generation, etc. It uses AES-256 encryption via the .Net framework, and while not FIPS compliant, it has a very good reputation. The only problem is that they are also very careful about using randomly downloaded software. So we have to justify every piece of software on our workstations. I have been told that they really don't want me to use this, be cause of the "sensitive nature" of storing passwords. sigh My justification has to be "VERY VERY strong". I have been tasked with writing a justification for KeePass, but as I am lazy, I would like any input that I can get from the community. What do you recommend? Is there something out there that is better or more respected than KeePass? Is there any security experts saying interesting things on this topic? Anything will help at this point. Thanks.

  Read the article

• What do I need to do to prevent exploitation of my postfix server?

  - by Josiah

  I have a a web server that needs to send emails, but not recieve them. I have installed postfix (it came with nagios, also installed on this server) and now I need to make sure that my server does not get used as a spam server. What steps do I need to take to ensure that this does not happen? What additional security measures do I need to put in place? Server is Ubuntu 10.4

  Read the article

• Turn off "unknown publisher" message for older Windows application?

  - by MikeJ

  Anyone know how to turn off or suppress the "unknown publisher" message for a specific application? The application is a legacy version of Delphi that we use to update a LOB application. I thought clicking, run as administrator would fix this and I don't want to turn off UAC entirely for security safety reasons. Anyone know how to tell Windows 7 that Borland or at least delphi.exe is a trusted application?

  Read the article

• Wireless Password

  - by Campo

  I have a security policy question: I want to know how other admins handle the WIFI password in the office. Does everyone know it? Do you enter it in for the user or guest every time and keep it a secret. I am in camp 2. Just want to know what others do and their reasoning behind it.

  Read the article

• Is it dangerous to allow every user to run nmap as root?

  - by Kim

  At our university we have some computers in the "networking lab", that are configured to allow everybody to run nmap as root via /etc/sudoers. Could this be a security vulnerability?

  Read the article

• Solr Multicore Admin Problem

  - by Daniel M

  Im trying to add a url based security constraint to solr deployed in websphere 6.1. If I specify the core name in the url of the constraint then the admin url for that core gives a 404. Has anyone had any success with this or any suggestions? Cheers Cross-posted with stackoverflow

  Read the article

• Preventing brute force attacks against ssh?

  - by grieve

  What tool or technique do you use to prevent brute force attacks against your ssh port. I noticed in my Security logs, that I have millions of attempts to login as various users through ssh. This is on a FreeBSD box, but I imagine it would be applicable anywhere.

  Read the article

• Is it generally a bad idea to have other types of virtual appliances installed along side a firewall

  - by MGSoto

  I want to run my Firewall/NAT software (pfsense) and an internal NAS (looking at freenas right now) for my SOHO on one machine. Right now I have them separated on two different machines, but I'd like to consolidate them. Is this generally a bad idea? I see the security concern where if the firewall or host OS is compromised, then your data is essentially screwed. But is it really a concern for me?

  Read the article

• Just LB or also Web Servers in Demilitarized Zone?

  - by Bradford

  In a load balanced environment, is it necessary to have all of the web servers in the DMZ? Or will just having the Load Balancer in the DMZ achieve the desired security? If it matters, the web server and application server are the same -- GF, Tomcat fronted by httpd on the same server, OAS, etc... LB - WEB/APPLICATION - DB Also, would the setup be different if it was LB - Web Server - Application Server - DB Thanks, Bradford

  Read the article

• SELinux vs. AppArmor vs. grsecurity

  - by Marco

  I have to set up a server that should be as secure as possible. Which security enhancement would you use and why, SELinux, AppArmor or grsecurity? Can you give me some tips, hints, pros/cons for those three? AFAIK: SELinux: most powerful but most complex AppArmor: simpler configuration / management than SELinux grsecurity: simple configuration due to auto training, more features than just access control

  Read the article

• Process limit for user in Linux

  - by BrainCore

  This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

  Read the article

• Process limit for user in Linux

  - by BrainCore

  This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

  Read the article

• Proxy server and ssl over non 443 port

  - by Yaron Naveh

  Most http proxy servers do not allow to send ssl over non 443 ports. Why is this a security risk?

  Read the article

• Is there Powershell way to re-apply a restored password for the IIS IUSR account?

  - by Philippe Monnet

  On one of our IIS web servers the IUSR account suddenly expired or got corrupted, I recovered the password from the IIS metabase (using Cscript adsutil.vbs get w3svc\anonymoususerpass after switching IsSecureProperty = False). I then reset the password accordingly. Now I have to re-key that password on the Directory Security tab of all virtual directories (for the anonymous account) of all web sites on that server. Is there a way to automate this using Powershell? (I have searched so far in vain)

  Read the article

• Windows 7 doesn't recognize AVAST! antivirus

  - by csmba

  After upgrading to windows 7, I keep getting windows 7 Security warning: Windows did not find an antivirus software on this computer what can I do to convince it AVAST s there? Details: * AVAST 4.8 home edition * Windows 7 Ultima 64 bit

  Read the article

• Is the recent Java bug something to worry about?

  - by Keith

  Recently saw this announcement on the H blog about a big hole in Java: http://www.h-online.com/security/news/item/Java-exploit-launches-local-Windows-applications-974652.html But I can't seem to get anyone to think it's a big deal. The fact that I cn visit a web site and it runs calc.exe on my local box is just plain scary... Why is there no bigger response to this??

  Read the article

• Used SQL Svr 2008 Config Manager to Set Service Account to Local System: What Did It Change?

  - by Frank Ramage

  Direct shot to foot moment... While setting-up individual non-admin accts for MSSQLSERVER services, I temporarily set Server service login to Local System account. I remembered later that: SQL Server Configuration Manager performs additional configuration such as setting permissions in the Windows Registry so that the new account can read the SQL Server settings. I want my Local System back . (Actually just restored to its original security profile) Any advice? Thanks!

  Read the article

• Yahoo Mail Does Not Have https

  - by Daniel

  Why is yahoo mail behind in security, they don't support https yet. Gmail and many others do, I'm shocked that yahoo still doesn't have https? Why is this? What is the logic behind not supporting https in their mail client?

  Read the article

< Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >