Search Results

Search found 5864 results on 235 pages for 'secure gateway'.

Page 142/235 | < Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149 | Next Page >

ssl_error_handshake_failure_alert with Commercial CA-based client certificate

- by Bryan

Attempting to implement client authentication with an SSL cert. http://www.modssl.org/docs/2.8/ssl_howto.html#auth-selective Receive the following errors. Apache: Re-negotiation handshake failed: Not accepted by client!? Firefox: ssl_error_handshake_failure_alert I assume it is a configuration error, but have not been able to locate it. Additional info: Commercial CA server cert servers secure works without problem in Apache 2.2 & Passenger. Only client authentication related directives do not work.

Read the article
NPS EAP authentication failing after Windows Update

- by sqlreader

I have a Windows 2008 Std server running NPS. After applying the latest round of updates (including Root Certificates for April 2012 KB931125 (See:http://support.microsoft.com/kb/933430/)), EAP authentication is failing due to being malformed. Sample error (Security/Event ID 6273), truncated for brevity: Authentication Details: Proxy Policy Name: Use Windows authentication for all users Network Policy Name: Wireless Access Authentication Provider: Windows Authentication Server: nps-host.corp.contoso.com Authentication Type: PEAP EAP Type: - Account Session Identifier: - Reason Code: 266 Reason: The message received was unexpected or badly formatted. The NPS policy (Wireless Access) is configured accordingly (for Constraints/Authentication methods) EAP Types: Microsoft: Protected EAP (PEAP) - with a valid certificate from ADCS Microsoft: Secured password (EAP-MSCHAP v2) Less secure authentication methods: Microsoft Encrypted Authentication version 2 (MS-CHAP-v2) User can change password after it has expired Microsoft Encrypted Authentication (MS-CHAP) User can change password after it has expired We've tested a different RADIUS server without the aforementioned patch, and removed EAP as an authentication type and experienced success. Has anyone else experienced this issue?

Read the article
64-bit Cisco VPN client (IPsec) ?

- by mika

Cisco VPN client (IPsec) does not support 64bit Windows. Worse, Cisco does not even plan to release a 64-bit version, instead they say that "For x64 (64-bit) Windows support, you must utilize Cisco's next-generation Cisco AnyConnect VPN Client." Cisco VPN Client Introduction Cisco VPN Client FAQ But SSL VPN licences cost extra. For example, most new ASA firewalls come with plenty of IPSec VPN licences but only a few SSL VPN licences. What alternatives do you have for 64-bit Windows? So far, I know two: 32-bit Cisco VPN Client on a virtual machine NCP Secure Entry Client on 64-bit Windows Any other suggestions or experiences? -mika-

Read the article
How can I create an “su” only user (no SSH or SFTP) and limit who can “su” into that account in RHEL5? [closed]

- by Beaming Mel-Bin

Possible Duplicate: How can I allow one user to su to another without allowing root access? We have a user account that our DBAs use (oracle). I do not want to set a password on this account and want to only allow users in the dba group to su - oracle. How can I accomplish this? I was thinking of just giving them sudo access to the su - oracle command. However, I wouldn't be surprised if there was a more polished/elegant/secure way.

Read the article
DHL WebService with ASP.NET

- by victorcore

Hi, I want to use DHL web service for shippment service in asp.net. I googled a lot of but haven't success yet. I was already download a toolkit for DHL and I don't really understand how to use it. I have gateway URL 'https://xmlpitest-ea.dhl.com/XMLShippingServlet' but I dont know how to pass XML response through this url using asp.net. If anyone has an experience with this, please share with me or any tutorial or link that will help me. Any help would be greatly appreciated. You can also download toolkit at here.

Read the article
Apache Redirect to Jboss SSL

- by Rick

I'm trying to have an SSL Connection to an Apache server on port 443 which I want to use to proxy connections to a JBoss server on a different port. The SSL certificates sit on the Jboss server not on the Apache server. Is it possible to redirect HTTPS traffic from Apache to the Jboss Server and have the JBoss server do the SSL handshake? The Apache server must be able to redirect HTTPS traffic for two different URLS. One for a secure site. The other for access to web services. By the way I'm using it mutual authentication, if that makes any difference. What does the Apache config file need to contain? or are there any good example of this out there? Thanks

Read the article
(Tough) Security Queston about ISP companies

- by buyrum

I want to ask a question. One ISP was criticized for it's low security conditions, and when i heard this i started to think: If one gets an unauthorized access to the mainframe computer / internal network of the ISP, then wouldn't he be able to sniff all the traffic ? Because the ISP is providing the internet connection for the user so all traffic that sends and transmits a user travels via the ISP, right ? What security solutions (talking about computer security) are being implemented by other ISP in order to protect themselves and their users ? If all the connections are being sent via a special computer, how secure it is and how can be we sure that it's really safe ? And what kind of computers are those who serve as backbones for the ISP ? Thank you in advance for your help.

Read the article
How to roll-your-own live CD for safe home browsing

- by user36533

Hi, I'm interested in booting-off-flash (i.e. like livecd) for more secure online banking at home. -I like system rescue CD, but AFAIK it doesn't have the wifi drivers. (These are convenient) -ubuntu live cd has the wi-fi drivers, but also has a lot of stuff I don't need -I'd like a way to save some basic config settings (e.g. wifi SSID and passphrase), so that wifi works upon startup, i.e. without having to re-enter the settings. What's the best way to 'roll my own slightly-customized boot-from-flash live cd? thanks, bill

Read the article
Tomcat 6 HTTPS connector: keep alive timeout not being respected

- by sehugg

I'm using Tomcat 6.0.24 on Ubuntu (JDK 1.6) with an app that does Comet-style requests on an HTTPS connector (directly against Tomcat, not using APR). I'd like to set the keep-alive to 5 minutes so I don't have to refresh my long-polling connections. Here is my config: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="1000" keepAliveTimeout="330000" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> Unfortunately it seems that the server closes the connection after 65 seconds. The pcap from a sample session goes something like this: T=0 Client sends SYN to server, handshake etc. T=65 Server sends FIN to client T=307 Client sends FIN to server (I'm guessing the 5 minute timeout on the client is due to the HTTP lib not detecting the socket close on the server end, but in any case -- the server shouldn't be closing the connection that early) (edit: this works as expected when using the standard HTTP connector)

Read the article
How to fix an SSD

- by anonymous

I have a Samsung 128 go SSD : MZ5PA128HMCD-01000. When I'm using it : there is always I/O errors. I tried to secure-erase it. But it is impossible to create a new NTFS (or any filesystem...) partition because I still get I/O errors. I tought maybe upgrading the firmware will solve the problem. Unfortunately, I'm not able to upgrade the firmware with Samsung SSD Magician Tool ... because Magician says there is no Samsung SSD on my computer... Is there a way to make Magician recognize this Samsung MZ5PA128HMCD-01000 SSD? Is another tool available to flash any firmware on a SSD? What should I do to fix this SSD?

Read the article
Slow git clone and fetch

- by EtienneT

I setuped gitosis on a linux server following this tutorial: http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way We are using git on our windows machines with TortoiseGit and msysgit. Pushing changes to the server is pretty fast, but when we want to clone or fetch changes from the remote server, it begins really fast (800k/s) and then drop pretty fast to around 3 to 30k/s and it can take forever to update. git-pull for small update is fast, but as soon as we have to download something of more than a few MB, it is slow. We are switching from SVN to git and this is holding us back from using git full time. Thanks!

Read the article
linux passwords in configuration files

- by user33124

Some programs on linux that use configuration files, want me to enter my password in plain text in one of their configuration files. For example newsbeauter, the rss reader wants me to enter my google account password in a ~/.newsbeauter/config if I want to read google reader feeds. Mutt also sort of wants a password in a text file, but gives an option of entering it on every login. Is there any secure workaround to storing a password in a config file like that (eg for newsbeauter)? I was thinking of running the app as root, but that doesn't seem right. Or somehow creating and deleting the file everytime I use the app. Any ideas?

Read the article
Changes to JBoss web.xml have no effect

- by sixtyfootersdude

I just added this to my web.xml on my JBOSS server. But it had no effect. I am still allowed to connect to ports that do not use bi-directional certificate exchange. Anyone have an ideas?  <security-constraint>  <web-resource-collection>   <web-resource-name> Entire Application </web-resource-name>  <url-pattern> /* </url-pattern> </web-resource-collection>  <user-data-constraint>          <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint> <login-config>    <auth-method> CLIENT-CERT </auth-method> </login-config> Update Actually it appears that I have made an error in my original posting. The web.xml does block users from connecting to the webservice using http (port C below). However users are still allowed to connect to ports that do not force users to authenticate themselves (port B). I think that users should be able to connect to port A (it has clientAuth="true") but I dont think that people should be able to connect to port B (it has clientAuth="false"). Excerpt from server.xml <Connector port="<A>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="true" keystoreFile="... .keystore" keystorePass="pword" truststoreFile="... .keystore" truststorePass="pword" sslProtocol="TLS"/> <Connector port="<B>" ... SSLEnabled="true" ... scheme="https" secure="true" clientAuth="false" keystoreFile="... .keystore" keystorePass="pword" sslProtocol = "TLS" /> <Connector port="<C>" ... />

Read the article
The User Profile Service

- by Daryl Gill

I tried logging into my computer after an "ungraceful" shutdown due to a power cut.. I got prompted with a message stating the user profile service failed the login. After reading a k/b on Microsoft I managed to re-login to the "corrupt" account by making registery edits.. But the next step (After having the ability to logon) is a major concern for me.. Would the guys at superuser suggest: 1) Carry on using said account 2) Re-install Windows to eliminate the possible chance of a reoccouring problem 3) Migrate all user data over to a new account and with that being said above. I had to issue the command line: net user administrator /active:yes to activate the hidden adminstrator account, would it be recommended/secure to disable the account or leave it active?

Read the article
ASP.NET MVC 2 - Saving child entities on form submit

- by Justin

Hey, I'm using ASP.NET MVC 2 and am struggling with saving child entities. I have an existing Invoice entity (which I create on a separate form) and then I have a LogHours view that I'd like to use to save InvoiceLog's, which are child entities of Invoice. Here's the view: <%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<TothSolutions.Data.Invoice>" %> <asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server"> Log Hours </asp:Content> <asp:Content ID="Content3" ContentPlaceHolderID="HeadContent" runat="server"> <script type="text/javascript"> $(document).ready(function () { $("#InvoiceLogs_0__Description").focus(); }); </script> </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>Log Hours</h2> <% using (Html.BeginForm("SaveHours", "Invoices")) {%> <%: Html.ValidationSummary(true) %> <fieldset> <legend>Fields</legend> <table> <tr> <th>Date</th> <th>Description</th> <th>Hours</th> </tr> <% int index = 0; foreach (var log in Model.InvoiceLogs) { %> <tr> <td><%: log.LogDate.ToShortDateString() %></td> <td><%: Html.TextBox("InvoiceLogs[" + index + "].Description")%></td> <td><%: Html.TextBox("InvoiceLogs[" + index + "].Hours")%></td> <td>Hours</td> </tr> <% index++; } %> </table> <p> <%: Html.Hidden("InvoiceID") %> <%: Html.Hidden("CreateDate") %> <input type="submit" value="Save" /> </p> </fieldset> <% } %> <div> <%: Html.ActionLink("Back to List", "Index") %> </div> </asp:Content> And here's the controller code: //GET: /Secure/Invoices/LogHours/ public ActionResult LogHours(int id) { var invoice = DataContext.InvoiceData.Get(id); if (invoice == null) { throw new Exception("Invoice not found with id: " + id); } return View(invoice); } //POST: /Secure/Invoices/SaveHours/ [AcceptVerbs(HttpVerbs.Post)] public ActionResult SaveHours([Bind(Exclude = "InvoiceLogs")]Invoice invoice) { TryUpdateModel(invoice.InvoiceLogs, "InvoiceLogs"); invoice.UpdateDate = DateTime.Now; invoice.DeveloperID = DeveloperID; //attaching existing invoice. DataContext.InvoiceData.Attach(invoice); //save changes. DataContext.SaveChanges(); //redirect to invoice list. return RedirectToAction("Index"); } And the data access code: public static void Attach(Invoice invoice) { var i = new Invoice { InvoiceID = invoice.InvoiceID }; db.Invoices.Attach(i); db.Invoices.ApplyCurrentValues(invoice); } In the SaveHours action, it properly sets the values of the InvoiceLog entities after I call TryUpdateModel but when it does SaveChanges it doesn't update the database with the new values. Also, if you manually update the values of the InvoiceLog entries in the database and then go to this page it doesn't populate the textboxes so it's clearly not binding correctly. Thanks, Justin

Read the article
Restrict IPMI access on Dell BMC and iDRAC to an allowed IP range

- by edgester

I'm trying to secure the iDRAC's and BMC's on some of my Dell servers (R210, R410, R510). I want to restrict access to IPMI commands to only a few IP addresses. I've successfully restricted access to the iDrac using the instructions from http://support.dell.com/support/edocs/software/smdrac3/idrac/idrac10mono/en/ug/html/racugc2d.htm#wp1181529 , but the IP restrictions do not affect IPMI. A separate management network is not practical at this time because of lack or ports and some Dell BMC's don't offer a separate port. I'm told by my networking group that our switches don't support trunking, so using the vlan tagging is not an option either. Is there a way restrict the IPMI access to a list of allowed addresses? FYI, for various reasons, I have a mix of Dell servers with BMC's, iDrac Express and iDrac enterprise management features.

Read the article
Help setting up NSD daemon (DNS server)

- by Catalin

While searching for a secure dns server I came across the NSD project. I was really impressed by what seemed to me the best option out there that's open source. One problem thought their 'tutorial' is really not beginner friendly. I have basic DNS knoledge but what's in there is out of my league. I need to have multiple sites on this CentOS server I've recently got my hands on. They also need to receive email. Details: I have a master host and would love to set this in the way described in the rows that follow: masterhost.com -> ns1.masterhost.com mail.masterhost.com www.masterhost.com addonhost.com -> ns1.masterhost.com mail.masterhost.com www.addonhost.com And so on. Any help in setting up this DNS server please? All answers and suggestions are welcomed. Thank you in advance.

Read the article
Need to make a scheduled task run as another user but keep the current user’s environment

- by Chad Marmon

I need to backup users .pst files. The current method I am trying is making a shadow copy using Diskshadow. My script works great all but Diskshadow needs to be ran as administrator but also needs to retain the logged-on user's environment variables; specifically, the %USERNAME% and %HOMESHARE% variables so the right user’s files get copied up to the right network location. I have for the most part got this to work), but there’s no straightforward (or secure, at least) way to pass the password. If I set up a scheduled task to run the script as a domain user with local admin privs, the environment variables get lost. I need to run this script automagically so that there should be no user interaction. If I could figure out how to make a scheduled task run as another user but keep the current user’s environment, I think this would work, but I’ve been beating my head against that for a while now, without any luck.

Read the article
How to create a Linux user without a password but being able to set it?

- by Leonid Shevtsov

I have a username and an SSH key for a (hypothetical) guy and I need to give him admin access to a Linux (Ubuntu) server. I want him to be able to log in via SSH and then set his password by himself over a secure connection, instead of passing the password around. I know how to make the password expire and force him to reset it on first login. But this doesn't work unless he has some password already, which I then have to tell him. I thought about making the password blank - SSH wouldn't allow login, but then anyone can su into the user. My question is, is there some best practice to creating accounts in such a way? Or setting a default password is unavoidable?

Read the article
Perl - WWW::Mechanize Cookie Session Id is being reset with every get(), how to make it stop?

- by Phill Pafford

So I'm scraping a site that I have access to via HTTPS, I can login and start the process but each time I hit a new page (URL) the cookie Session Id changes. How do I keep the logged in Cookie Session Id? #!/usr/bin/perl -w use strict; use warnings; use WWW::Mechanize; use HTTP::Cookies; use LWP::Debug qw(+); use HTTP::Request; use LWP::UserAgent; use HTTP::Request::Common; my $un = 'username'; my $pw = 'password'; my $url = 'https://subdomain.url.com/index.do'; my $agent = WWW::Mechanize->new(cookie_jar => {}, autocheck => 0); $agent->{onerror}=\&WWW::Mechanize::_warn; $agent->agent('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100407 Ubuntu/9.10 (karmic) Firefox/3.6.3'); $agent->get($url); $agent->form_name('form'); $agent->field(username => $un); $agent->field(password => $pw); $agent->click("Log In"); print "After Login Cookie: "; print $agent->cookie_jar->as_string(); print "\n\n"; my $searchURL='https://subdomain.url.com/search.do'; $agent->get($searchURL); print "After Search Cookie: "; print $agent->cookie_jar->as_string(); print "\n"; The output: After Login Cookie: Set-Cookie3: JSESSIONID=367C6D; path="/thepath"; domain=subdomina.url.com; path_spec; secure; discard; version=0 After Search Cookie: Set-Cookie3: JSESSIONID=855402; path="/thepath"; domain=subdomain.com.com; path_spec; secure; discard; version=0 Also I think the site requires a CERT (Well in the browser it does), would this be the correct way to add it? $ENV{HTTPS_CERT_FILE} = 'SUBDOMAIN.URL.COM'; ## Insert this after the use HTTP::Request... Also for the CERT In using the first option in this list, is this correct? X.509 Certificate (PEM) X.509 Certificate with chain (PEM) X.509 Certificate (DER) X.509 Certificate (PKCS#7) X.509 Certificate with chain (PKCS#7)

Read the article
FTPS SSH Host Key after IP Address Change

- by David George

I have a Secure FTP (FTPS) server that my remote sites to upload files to daily via scripted routines that run. I have had issues in the past when upgrading hardware and deploying new servers causing the RSA Fingerprint to change for that server. Then all my remote sites can't connect until I have the old key removed (usually via ssh_keygen -r myserver.com). I now have to change the IP address for myserver.com and I wondered if there is anyway to proactively generate new host keys so that when the server address changes all my FTPS client remote sites don't break?

Read the article
OpenVPN performance: how many concurrent clients are possible?

- by Steffen Müller

I am evaluating a system for a client where many OpenVPN clients connect to a OpenVPN server. "Many" means 50000 - 1000000. Why do I do that? The clients are distributed embedded systems, each sitting behind the system owners dsl router. The server needs to be able to send commands to the clients. My first naive approach is to make the clients connect to the server via an openvpn network. This way, the secure communication tunnel can be used in both directions. This means that all clients are always connected to the server. There are many clients summing up over the years. The question is: does the OpenVPN server explode when reaching a certain number of clients? I am already aware of a maximum TCP connection number limit, therefore (and for other reasons) the VPN would have to use UDP transport. OpenVPN gurus, what is your opinion?

Read the article
How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

- by NReilingh

We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window. The only two role services installed on this server is the RD Session Host and Licensing. When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid: On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

Read the article
Stop Cisco AnyConnect from locking down the NIC

- by Johannes Rössel

Cisco's VPN crapclients (including the AnyConnect one) have the nasty habit of clobbering all NICs on the system you're using them. The old client had a checkbox in the connection options that allowed you to use other network interfaces while being connected while the AnyConnect client doesn't have any options at all, seemingly. But they both lock down the network interface they are using to connect to the VPN. Since I am forced to use AnyConnect to actually have an internet connection and I like to control a second computer at home via RDP (over the same network interface so far) this doesn't quite work out. With the old client IPv6 still worked just fine, though AnyConnect seems to dislike that as well now. Is there any way to still use the same network interface for LAN access? I actually don't really care about any possible security implications (which might be why Cisco does this) as it's my freaking internet connection and not a secure way of working from home. The trade-off is quite different :-)

Read the article
Installing a wiki on Snow Leopard

- by JPCF

Hi... I want to instal twiki on my mac and server it from ~/Sites. Because the wiki has code to be run, I have to modify the user and group of wiki's files and directories, but I'm not sure about: 1) It is secure to change the user and group to the web server's group? If not what can I do having into account that I'll not put 777 permissions on those files? 2) How are named apache and web user groups? Thanks...

Read the article

< Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149 | Next Page >