Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 152/555 | < Previous Page | 148 149 150 151 152 153 154 155 156 157 158 159 | Next Page >

How to control remote access to Sonicwall VPN beyond passwords?

- by pghcpa

I have a SonicWall TZ-210. I want an extremely easy way to limit external remote access to the VPN beyond just username and password, but I do not wish to buy/deploy a OTP appliance because that is overkill for my situation. I also do not want to use IPSec because my remote users are roaming. I want the user to be in physical possession of something, whether that is a pre-configured client with an encrypted key or a certificate .cer/.pfx of some sort. SonicWall used to offer "Certificate Services" for authentication, but apparently discontinued that a long time ago. So, what is everyone using in its place? Beyond the "Fortune 500" expensive solution, how do I limit access to the VPN to only those users who have possession of a certificate file or some other file or something beyond passwords? Thanks.

Read the article
Deny directory browsing in a Proftpd / Ubuntu Installation

- by skylarking

I used this guide to set up a Proftpd installation an Ubuntu 8.04 server... Works well, but the generic user ( userftp ) can run ls and is able to change to any Directory and browse freely on the server ..from the root / and upwards.. I added this line to etc/shells /bin/false in hopes that that would prevent this ... I really only want the userftp account to be able to upload to the generic /home/FTP-Shared directory, and be able to do nothing else on the server. How is this accomplished ... This is a headless Ubuntu box..and I am using CLI only .. no GUI admin tools

Read the article
How to detect/list rogue computers connected to a WIFI network without access to the Wifi Router interface? [migrated]

- by JJarava

This is what I believe to be an interesting challenge :) A relative (that leaves a bit too far to go there in person) is complaining that their WIFI/Internet network performance has gone down abysmally lately. She'd like to know if some of the neighbors are using her wifi network to access the internet but she's not too technically savvy. I know that the best way to prevent issues would be to change the Router password, but it's a bit of a PITA having to re-configure all wifi devices... and if the uninvited guest broke the password once, they can do it again... Her wifi router/internet connection is provided by the telco, and remotely managed so she can log-on to their telco account's page and remotely change the router's Wifi password, but doesn't have access to the router status page/config/etc unless she opts out of the telco's remote support and mainteinance service... So, how could she check if there are guests in the wifi with this restrictions and in the most "point and click way"? In this case I'd probably use nmap to look for other devices in the network, but I'm not sure if that's the easiest way to do it. I'm not a wifi expert, so I don't know if there are any wifi-scanning utils that can tell us who's talking to the router... Lastly, she's a Windows user as I guess that'll influence the choice of tools available Any suggestions more than welcome Regards!

Read the article
Efficient way to secure tomcat database connections

- by Greymeister

Our customer has a problem with database information in plaintext within a server.xml or context.xml file on the Tomcat server. I've looked at several sites like OWASP and it seems like there's no obvious solution. I've also seen things like this wordpress blog which describe implementing a custom Tomcat extension to do this. There must exist some standard implementation(s) already without having to roll your own. Does anyone have experience with such a solution?

Read the article
I am starting to think that Prevx.com isnt a legit site...but heres my long-winded question

- by cop1152

I apologize in advance for the long-winded post. I posted it all because I believe its informative and may be useful. Also, I posted my question at the end. Moments ago I was RDC to a file server in my home (from inside my home). I had opened Firefox and Googled for a manufacturers website. Immediately after clicking the link, Firefox abruptly closed. This seemed odd to me to so I checked the running processes and discovered d.exe, e.exe, and f.exe running. I Googled these processes on a different machine and found them belonging to a key-logger/screen-capturer/trojan called defender.exe, which according to the Prevx lives in c:\documents and settings\user\local settings\temp. (Prevx link http://www.prevx.com/filenames/147352809685142526-X1/DEFENDER32.EXE.html) Simultaneously, an obviously-spoofed Windows Firewall popup appeared on the server asking me to click ‘yes’ to update Windows Firewall. At this time I ended all rogue processes, emptied the temp folder, removed defender.exe from startup, and checked my registry and a few other locations. Before deleting Defender.exe I noted that it was created moments ago, just before Firefox crashed. I believe that I was ‘almost’ infected with this malware. I believe that it needed me to click the phony popup in order to complete infection because it wasn’t allowed to execute processes from the temp folder. After cleaning the machine, I restarted it and have been monitoring it for over an hour. I am debating on whether or not to restore the Windows partition (a separate physical drive from the data) or to just watch it for awhle. I should mention that, because of the specs on this machine, I do not run antivirus software, but I know it well and inspect it regularly. It is a very old Compaq with a 400mhz processer and 512mb of ram. I have a static IP and the server is in the DMZ running an FTP client and some HTTP server software. All files transferred to and stored on this machine are scanned for malware before transferring. Usually the machine only runs 19 processes and performs pretty well for its intended purpose. I posted the story so that you could be aware of a possible new piece of malware and how it acts, but I also have a question or two. First, over the last few months I have noticed that PREVX is listed at the top of most of my Google searches when researching malware, especially for new or obscure malware…and they always want you to purchase something. I don’t think they are one of the top AV companies, so it seems odd that they are always the top Google result. Does anyone have any experience with any of their products? Also, what sites do you rely on for malware researching? Recently, I have found it difficult to find good info because of HijackThis-logs and other deadend info cluttering up my searches. And lastly, besides antivirus, third-party firewall, etc, what settings would you use to lock down a machine to make it more secure in instances where a stubborn admin like myself refuses to run AV? Thanks.

Read the article
How to setup server to accept pem(private RSA key) login w/o password like EC2?

- by Chandler.Huang

I am manage a group of VM and I need to setup all vm create a ssh tunnel to a specific host A. One way to do this is append public key of each VM to host's authorized_keys, but I guess I have to do the append each time i create a VM. So I am trying to config host A to accept pem or private key login without passowrd, just like EC2, client can use "ssh -i PEM" to login host A. But I have tried in vain for hours. I create a rsa public/private key and let VM use the private key to login, no matter what I do, host a still ask for password. Is there anything I missed ? Thanks.

Read the article
SFTP: How to keep data out of the DMZ

- by ChronoFish

We are investigating solutions to the following problem: We have external (Internet) users who need access to sensitive information. We could offer it to them via SFTP which would offer a secure transport method. However, we don't want to maintain the data on server as it would then reside in the DMZ. Is there an SFTP server that has "copy on access" such that if the box in the DMZ were to be compromised, no actual data resided on that box? I am envisioning an SFTP Proxy or SFTP passthrough. Does such a product exist currently?

Read the article
How would you secure a home router with a self-signed certificate?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article
How would you secure a home router with a self-signed certificate?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article
Explanation of nodev and nosuid in fstab

- by Ivan Kovacevic

I see those two options constantly suggested on the web when someone describes how to mount a tmpfs or ramfs. Often also with noexec but I'm specifically interested in nodev and nosuid. I basically hate just blindly repeating what somebody suggested, without real understanding. And since I only see copy/paste instructions on the net regarding this, I ask here. This is from documentation: nodev - Don't interpret block special devices on the filesystem. nosuid - Block the operation of suid, and sgid bits. But I would like a practical explanation what could happen if I leave those two out. Let's say that I have configured tmpfs or ramfs(without these two mentioned options set) that is accessible(read+write) by a specific (non-root)user on the system. What can that user do to harm the system? Excluding the case of consuming all available system memory in case of ramfs

Read the article
Several border firewalls in the same network

- by nimai

I'm currently analyzing the consequences of multipath connections for the firewalls. In that context, I'm wondering if it's really uncommon to have several firewalls at the borders of a network to protect it. The typical case I'd imagine would be a multihomed network, for which the administrator would have different policies for links from different (or not) ISPs. Or maybe even in an ISP's network. What would be the practical (dis)advantages of such a configuration? Could you provide an example of an existing topology using several border firewalls?

Read the article
How can I stop SipVicious ('friendly-scanner') from flooding my SIP server?

- by a1kmm

I run an SIP server which listens on UDP port 5060, and needs to accept authenticated requests from the public Internet. The problem is that occasionally it gets picked up by people scanning for SIP servers to exploit, who then sit there all day trying to brute force the server. I use credentials that are long enough that this attack will never feasibly work, but it is annoying because it uses up a lot of bandwidth. I have tried setting up fail2ban to read the Asterisk log and ban IPs that do this with iptables, which stops Asterisk from seeing the incoming SIP REGISTER attempts after 10 failed attempts (which happens in well under a second at the rate of attacks I'm seeing). However, SipVicious derived scripts do not immediately stop sending after getting an ICMP Destination Host Unreachable - they keep hammering the connection with packets. The time until they stop is configurable, but unfortunately it seems that the attackers doing these types of brute force attacks generally set the timeout to be very high (attacks continue at a high rate for hours after fail2ban has stopped them from getting any SIP response back once they have seen initial confirmation of an SIP server). Is there a way to make it stop sending packets at my connection?

Read the article
Managing service passwords with Puppet

- by Jeff Ferland

I'm setting up my Bacula configuration in Puppet. One thing I want to do is ensure that each password field is different. My current thought is to hash the hostname with a secret value that would ensure each file daemon has a unique password and that password can be written to both the director configuration and the file server. I definitely don't want to use one universal password as that would permit anybody who might compromise one machine to get access to any machine through Bacula. Is there another way to do this other than using a hash function to generate the passwords? Clarification: This is NOT about user accounts for services. This is about the authentication tokens (to use another term) in the client / server files. Example snippet: Director { # define myself Name = <%= hostname $>-dir QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/var/run/bacula" Maximum Concurrent Jobs = 3 Password = "<%= somePasswordFunction =>" # Console password Messages = Daemon }

Read the article
Setting the secure flag on cookies from Outlook Web Access

- by Cheekysoft

I'm running Exchange 2007 SP3 which is exposing outlook web access over only HTTPS. However the server delivers the sessionid cookie without the secure flag set. Even though I don't have port 80 open, this cookie is still vulnerable to being stolen over port 80 in the event of a man-in-the-middle attack. It also contributes to a PCI-DSS failure Does anyone know if I can persuade the web server/application to set the secure flag?

Read the article
is there any valid reason for users to request phpinfo()

- by The Journeyman geek

I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

Read the article
Our server hosting provider asked for our root password

- by Andreas Larsson

I work at a company that develops and hosts a small business critical system. We have an "Elastic cloud server" from a professional hosting provider. I recently got an email from them saying that they've had some problems with their backup solution and that they needed to install a new kernel. And they wanted us to send them the root password so they could do this work. I know that the email came from them. It's not [email protected] or anything like that. I called them and asked them about this, and they were like "yep, we need the password to do this". It just seems odd to send the root password over email like this. Do I have any reason to be concerned?

Read the article
CPANEL ModSec2 not working with SecFilterSelective

- by jfreak53

Ok, I have cPanel/WHM latest on a Dedi, here are my specs on apache: Server version: Apache/2.2.23 (Unix) Server built: Oct 13 2012 19:33:23 Cpanel::Easy::Apache v3.14.13 rev9999 I just ran a re-compile using easyapache as you can see by the date. When running it I made sure that ModSec was selected and it stated in big bold letters something to the effect of If you install Apache 2.2.x you get ModSec 2 So I believed it :) I recompiled, I then ran: grep -i release /home/cpeasyapache/src/modsecurity-apache_2.6.8/apache2/mod_security2.c Hmm, the file is there but grep doesn't output anything, if I run: grep -i release /home/cpeasyapache/src/modsecurity-apache_1.9.5/apache2/mod_security.c I of course get the ModSec 1 version output. But the thing is that ModSec2 is installed since the c file is there. So I continued and put the following in modsec2.user.conf: SecFilterScanOutput On SecFilterSelective OUTPUT "text" Now when I restart Apache I get this error: Syntax error on line 1087 of /usr/local/apache/conf/modsec2.user.conf: Invalid command 'SecFilterScanOutput', perhaps misspelled or defined by a module not included in the server configuration Now supposedly this is supposed to work, I even have it running in ModSec2 on a non-cpanel server setup manually. So I know ModSec2 supports it. Anyone have any ideas? I have asked this question over at cpanel forum and it got nowhere.

Read the article
Is there a filesystem firewall?

- by Jenko

Ever since firewalls appeared on the scene, it became hard for rogue programs to access the internet. But you and I know that running applications get unrestricted access to the filesystem. They can read your files and send them to poppa. (programs such as web browsers and IM clients, which are allowed thru the internet firewall) Any way to know which programs are accessing your files? or limit their access to a specific partition?

Read the article
china and gmail attachs -

- by doug

"We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” [source] I don't know much about how internet works, but as long the chines gov has access to the chines internet providers servers, why do they need to hack gmail accounts? I assume that i don't understand how submitting/writing a message(from user to gmail servers) works, in order to be sent later to the other email address. Who can tell me how submitting a message to a web form works?

Read the article
Connect iPad to windows 7 VPN

- by Linuz

My iPad keeps spitting out the error: "A connection could not be established to the PPP server." I am trying to connect it to a VPN I set up with Windows 7 as an incoming connection. On the iPad, I went into the VPN settings, added a new PPTP VPN with the following information Server: Windows 7 Computer's IP RSA SecurID: OFF Account: Account Username Password: Account Password Encryption Level: Auto Send All Traffic: ON Proxy: Off Now I know that it is making some connection to the Windows 7 Computer because whenever I intentionally put in the wrong VPN password on the iPad, it makes me put in the correct one before trying to connect again. All the ports are forwarded on my router for PPTP, and my Windows 7 Firewall is even off to try to get this to work. Any help would be greatly appreciated, thanks.

Read the article
VPS, what to install next?

- by Camran

I have my VPS now, with ubuntu 9.10 OS. I wonder about SSH. What is it for, and how do I use it? Also, in which order should I install apps on my server? (ex: PuTTY, IPTABLES, LAMP etc...)? Thanks

Read the article
Which linux x86 hardware keystore?

- by byeo

I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

Read the article
Windows Console .exe won't run if it's downloaded from the internet

- by Jason Kester

I have a nightly job on Windows Server 2003 that automatically updates itself by downloading its .exe from Amazon S3. I've noticed that when it performs the download and tries to run the newly downloaded .exe, it is immediately kicked back to the command line without actually running anything. I can verify this by sticking the new version of the code directly on the server and watching it execute successfully, then uploading it to the "update" server, running the bootstrapper then running the .exe and observing it fail to execute. I can only assume that this is due to Windows protecting me from running code from outside its trusted zone. How does a fella go about configuring it to allow code from this particular external location to execute? Thanks!

Read the article
Is visiting HTTPS websites on a public hotspot secure?

- by Calmarius

It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of years to decrypt if using brute force in theory. Let's assume I'm on a public wifi and there is a malicious user on the same wifi who sniffs every packet. Now let's assume I'm trying to access my gmail account using this wifi. My browser does a SSL/TLS handshake with the server and gets the keys to use for encryption and decryption. If that malicious user sniffed all my incoming and outgoing packets. Can he calculate the same keys and read my encrypted traffic too or even send encrypted messages to the server in my name?

Read the article
How to track when full access rights were issued in Exchange 2007?

- by ashln

Hi Does anyone know if there is a way to see when a user had been issued full mailbox rights in Exchange 2007. Or is there a way to check which commands were issued when and by whom? Thanks ashln

Read the article

< Previous Page | 148 149 150 151 152 153 154 155 156 157 158 159 | Next Page >