Search Results

Search found 15415 results on 617 pages for 'security groups'.

Page 143/617 | < Previous Page | 139 140 141 142 143 144 145 146 147 148 149 150  | Next Page >

  • Steps to make sure network is not blacklisted...Again

    - by msindle
    I have an interesting issue. I have a client that just got blacklisted due to spam being sent out over the last 2 days. I have my firewall configured to only allow mail to go outbound on port 25 from our mail server (Exchange 2010) exclusively and I have verified that there are no open relay's on our transport rules. We are running Vipre Business and after running deep scans with updated definitions all computers come back clean. I ran a message tracking report on our Exchange server that shows all mail sent via the mail server over the last couple of weeks and didn't see anything malicious or out of the ordinary. I have also verified that there are no home devices or rouge computers on the network. For all practical purposes it appears that the network is clean, but we still wound up on 5 or 6 blacklists...Where should I start looking next? Is there a "best practices" guide that can help eradicate this issue? Thanks in advance! msindle

    Read the article

  • Firewall Deep Inspection Updates and Antivirus Subscription, worth it?

    - by msemack
    I realize that this is a subjective question, but I'm trying to get some experiences We have Juniper firewalls in our organization (SSG-320M, SSG-5, and some old NS-5GT). We have the option of a yearly subscription for: Deep Inspection Signature Updates Juniper-Kaspersky Antivirus I seem similar services available from other Firewall vendors. We have Symantec Endpoint Protection deployed to all workstations and servers, plus a dedicated appliance for e-mail spam/virus filtering. So, I'm not sure what these firewall-base services will bring to the table that I don't already have. I would appreciate some feedback from people using these firewall services (Juniper or otherwise). Are these services generally worth it? Do they really catch anything? Do they interfere with normal traffic (false positives)?

    Read the article

  • TCP: Treason uncloaked!

    - by hurikhan77
    On one linux server (Gentoo hardened), we are experiencing bursts of the following messages in dmesg from time to time: TCP: Treason uncloaked! Peer xx.xx.xxx.xxx:65039/80 shrinks window 4094157295:4094160199. Repaired. Is there anything we should take care of or is this normal?

    Read the article

  • how to detect device type from connected device to router?

    - by molly
    i have a att router and there is an unknown device connected to my network. i cant seem to kick it off because of how att's router settings are created which is kind of dumb. i am able to see its local ip and mac address. i am on a mac with snow leopard. how can i get more information on the device with the information that i have? i want to see what kind of device it is, i have checked all deviced that are connected to the router and non seem to match the local ip that is connected. i have wpa encryption setup with a strong password.

    Read the article

  • Execute build task in Hudson with root privilages

    - by jensendarren
    I have a build script which executes apt-get and therefore requires root privileges. What is the best way to run this script in Hudson? Currently the only solution I have found that works is to add an entry to the sudoers file for the user hudson like so: hudson ALL=(ALL) NOPASSWD:ALL However, although my build script now runs without error in Hudson, I am not entirely comfortable with this solution. Is there a better way?

    Read the article

  • Hardening Word and Reader against exploits

    - by satuon
    I have recently heard a lot about exploits for PDF and DOC files on Windows, which when opened in Reader or Word would infect the computer. I'm assuming most of those exploits rely on some kind of active content, I've heard that Reader allows JavaScript for example. I already have antivirus, but I've heard they often don't catch those types of exploits, so I want to try a little proactive defense. Is there a way to harden Reader and Word by disabling plugins or options that are often used by exploits?

    Read the article

  • secure user-authentication in squid: The Story

    - by Isaac
    once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: <the Internet> | | A | B Users <---------> [squid-Server] <---> [LDAP-Server] When the Users request access to the Internet, squid ask their name and passport, authenticate them by LDAP and if ldap approved them, then he granted them. Everyone was happy until some sniffers stole passport in path between users and squid [path A]. This disaster happened because squid used Basic-Authentication method. The people of jungle gathered to solve the problem. Some bunnies offered using NTLM of method. Snakes prefered Digest-Authentication while Kerberos recommended by trees. After all, many solution offered by people of jungle and all was confused! The Lion decided to end the situation. He shouted the rules for solutions: Shall the solution be secure! Shall the solution work for most of browsers and softwares (e.g. download softwares) Shall the solution be simple and do not need other huge subsystem (like Samba server) Shall not the method depend on special domain. (e.g. Active Directory) Then, a very resonable-comprehensive-clever solution offered by a monkey, making him the new king of the jungle! can you guess what was the solution? Tip: The path between squid and LDAP is protected by the lion, so the solution have not to secure it. Note: sorry for this boring and messy story! /~\/~\/~\ /\~/~\/~\/~\/~\ ((/~\/~\/~\/~\/~\)) (/~\/~\/~\/~\/~\/~\/~\) (//// ~ ~ \\\\) (\\\\( (0) (0) )////) (\\\\( __\-/__ )////) (\\\( /-\ )///) (\\\( (""""") )///) (\\\( \^^^/ )///) (\\\( )///) (\/~\/~\/~\/) ** (\/~\/~\/) *####* | | **** /| | | |\ \\ _/ | | | | \_ _________// Thanks! (,,)(,,)_(,,)(,,)--------'

    Read the article

  • Rookie file permissions question

    - by Camran
    What is the ending 'r' for and the leading 'd' for in file permissions on Linux? Example: drwxr-xr-x I know about the user, group, others part, and I know w=write, r=read, x=execute. But I don't know about the leading 'd' and the trailing 'r'. Care to explain? Thanks

    Read the article

  • In Windows XP, is it possible to disable user credential caching for particular users

    - by kdt
    I understand that when windows caches user credentials, these can sometimes be used by malicious parties to access other machines once a machine containing cached credentials is compromised, a method known as "pass the hash"[1]. For this reason I would like to get control over what's cached to reduce the risk of cached credentials being used maliciously. It is possible to prevent all caching by zeroing HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount, but this is too indiscriminate: laptops users need to be able to login when away from the network. What I would like to do is prevent the caching of credentials of certain users, such as administrators -- is there any way to do that in Windows XP? http://www.lbl.gov/cyber/systems/pass-the-hash.html

    Read the article

  • Configuring linux server firewall to allow access from a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm new to linux server. I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • How do I properly check if a program is a virus/trojan in VMware?

    - by acidzombie24
    How I should check if a program is a virus in VMware? Some programs I do need admin ability to install and it makes sense. But how do I know if it's doing more than I want? Some thoughts are: How many processes open when I launch the application What is added to the startup tab in msconfig If any services are added. That's pretty much all my ideas. Even if it does something I recognize I wouldn't know if it's necessary or not. What are some rule of thumb? -Edit- What about registries, can I use that information to help? Maybe have a scanner tell me if the application I just used has messed with sections (like bootup) it shouldn't have?

    Read the article

  • Can Solaris RBAC roles be ported to Linux using SElinux only?

    - by Jimmy
    We are migrating an application from Solaris to Linux and the main user is allowed, through the use of RBAC roles, to run a few system commands like svccfg/svcadm (chkconfig on redhat). Is it possible, using only SElinux (no sudo), to allow a normal user to run chkconfig off/on (basically give it the ability to add remove services) ? My approach was to try to create an SElinux user with a corresponding SElinux role that manages the app's domain/type and is allowed to transition to all other domains required to run chkconfig, tcpdump or any other system utility usually restricted to root access only. All my attempts so far have failed, so my second question would be where could I find good documentation that applies to this specific problem ?

    Read the article

  • Can someone access my locally ran website even if I haven't specified any port forwarding?

    - by user701510
    I am using Xampp so I can test my web application directly on my own computer. I am concerned that someone can access my Xampp site since I am still connected to the internet. However, I have NOT explicitly enabled any port forwarding with respect to my Xampp site in my router firewall settings. Furthermore, I am using a dynamic ip address. Given the factors already stated, can someone from outside my local network still access my locally ran website?

    Read the article

  • How can I audit a Linux filesystem for files which have been changed or added within a specific time

    - by Bcos
    We are a website design/hosting company running several sites on a Linux server using Joomla 1.5.14 and recently someone was able exploit a vulnerability in the RW Cards component to write arbitrary files/modify existing files on our filesystem enabling them to do some nasty things to our customers sites. We have removed vulnerable modules from all sites but are still seeing some problems. We suspect that they still have some scripts installed and need a way to audit anything that has been changed or added in the last 10 days. Is there a command or script we can run to do this?

    Read the article

  • Can't connect back to the wireless network after the password was changed

    - by 7777
    Family changed the network password and some other network settings after new computers were brought into the house because apparently they wouldn't work with what we had. Actually an off-site tech remotely changed it, and I have no idea what he did. My laptop detects the network (it shows up under available networks) but whenever I try to connect it says: Windows is unable to connect to the selected network. The network may no longer be in range. Please refresh the list of available networks, and try to connect again. I wish I could give more details, config settings, but frankly I have no idea what I'm looking for. This is XP (also, not a password issue, I know the password, it's just that I have no idea where to enter it, etc.)

    Read the article

  • Running Radius on a Novell Backbone

    - by YsoL8
    Hello I am a rookie network engineer and I've been asked to create a secure wireless system intergrated with an existing network. So far I'd decided to use 802.1x secuity with a Radius enabled server over a Novell backbone. My question is: does Novell still support this type of server setup? I heard rumours it is at the end of it's supported life and I'd like some confirmation. Also can I get some recommendations on better backbone / server providers. Cheers

    Read the article

  • Does anyone know how to "tcpdump" traffic decrypted by Mallory MITM? [migrated]

    - by chriv
    I'm looking for some help in capturing network traffic that I can analyze in Wireshare (or other tools). The tool I'm using is mallory. If anyone is familiar with mallory, I could use some help. I've got it configured and running correctly, but I don't know how to get the output that I want. The setup is on my private network. I have a VM (running Ubuntu 12.04 - precise) with two NICs: eth0 is on my "real" network eth1 is only on my "fake" network, and is using dnsmasq (for DNS and DHCP for other devices on the "fake" network) Effectively eth0 is the "WAN" on my VM, and eth1 is the "LAN" on my VM. I've setup mallory and iptables to intercept, decrypt, encrypt and rewrite all traffic coming in on destination port 443 on eth1. On the device I want intercepted, I have imported the ca.cer that mallory generated as a trusted root certificate. I need to analyze some strange behavior in the HTTPS stream between the client and server, so that's why mallory is setup in between for this MITM. I would like to take the decrypted HTTPS traffic and dump it to either a logfile or a socket in a format compatible with tcpdump/wireshark (so I can collect it later and analyze it). Running tcpdump on eth1 is too soon (it's encrypted), and running tcpdump on eth2 is too late (it's been re-encrypted). Is there a way to make mallory "tcpdump" the decrypted traffic (in both directions)?

    Read the article

  • Why is it good to have website content files on a separate drive other than system (OS) drive?

    - by Jeffrey
    I am wondering what benefits will give me to move all website content files from the default inetpub directory (C:) to something like D:\wwwroot. By default IIS creates separate application pool for each website and I am using the built-in user and group (IURS) as the authentication method. I’ve made sure each site directory has the appropriate permission settings so I am not sure what benefits I will gain. Some of the environment settings are as below: VMWare Windows 2008 R2 64 IIS 7.5 C:\inetpub\site1 C:\inetpub\site2 Also as this article (moving the iis7 inetpub directory to a different drive) points out, not sure if it's worth the trouble to migrate files to a different drive: PLEASE BE AWARE OF THE FOLLOWING: WINDOWS SERVICING EVENTS (I.E. HOTFIXES AND SERVICE PACKS) WOULD STILL REPLACE FILES IN THE ORIGINAL DIRECTORIES. THE LIKELIHOOD THAT FILES IN THE INETPUB DIRECTORIES HAVE TO BE REPLACED BY SERVICING IS LOW BUT FOR THIS REASON DELETING THE ORIGINAL DIRECTORIES IS NOT POSSIBLE.

    Read the article

  • Router reporting failed admin login attempts from home server

    - by jeffora
    I recently noticed in the logs of my home router that it relatively regularly lists the following entry: [admin login failure] from source 192.168.0.160, Monday, June 20,2011 18:13:25 192.168.0.160 is the internal address of my home server, running Windows Home Server 2011. Is there anyway I can find out what specifically is trying to login to the router? Or is there some explanation for this behaviour? (not sure if this belongs here or on superuser...) [Update] I've run both Wireshark and netmon for a while on my home server. Wireshark captured the traffic, but didn't really show anything useful (or nothing I could make use of). A simple HTTP GET request is sent from the server (192.168.0.160) to the router (192.168.0.1), from a seemingly random port (I've seen examples from 50068, 52883), and it appears to do it twice in quick succession (incrementing port by 1), about every hour. Running netstat around the time of the failure didn't show anything (probably too long after anyway). I tried using netmon as it categorises by process, so I thought it might show a corresponding process for the port. Unfortunately, this comes in under the 'unknown' category, meaning it's basically just a slower, less useful Wireshark. I know there's not much to go on here, but does this help in anyway?

    Read the article

  • How to allow password protected start-stop-daemon functionality?

    - by Mahmoud Abdelkader
    I would like to use Ubuntu's start-stop-daemon to start my application, but the application protects some sensitive information, so I have a mechanism where the application prompts for a password that's then used to generate a hashkey, which is used as the secret key for a symmetric encryption (AES) to encrypt and decrypt things from a database. I'd like to daemonize this application and have it run from start-stop-daemon, so that sudo service appname stop and sudo service appname start would work, but, I'm not sure how to go about doing this with the added complexity of a password prompt. Is there something that supports this or do I have to program it from scratch? I figured I should ask first before re-inventing the wheel. Thanks in advance.

    Read the article

  • Restrict Computer or Users from Internet but allow access to intranet and Windows Update / ePO?

    - by MoSiAc
    So this may be impossible but I've been asked to try and find something about it. So far nothing I have found is possible. I need to restrict specific machines or user accounts from regular Internet access but let them have access to the intranet portion of our network. I do not have Active Directory control, nor does anyone at my local workplace (corporate control in a different state). I have tried going through IPsec and doing this per local machine, but that system seems to have been removed from the images that are installed on these machines so that is out. So far the only other option I can think of is assigning the machines a specific ip address and removing their gateway access. This would probably work but the machines need to be able to receive updates that are being pushed to them through ePO and LanDesk. I would really like to do this on the user level because then if I need to do tech work to the machine and need internet access I can get to it but a "special" user could login and not be able to get into anything.

    Read the article

< Previous Page | 139 140 141 142 143 144 145 146 147 148 149 150  | Next Page >