Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 158/763 | < Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >

  • Security of a free public VPN service

    - by Mark Belli
    I just started using VPNBOOK, which is a (very efficent) free VPN solution. I have a question: VPNBOOK user and pass used to connect to their vpn network are publicily available on their homepage; everybody uses them to connect to the vpn. Can a user intercept my wifi traffic and: Understand that my connections are directed to VPNBOOK servers. If point 1 is successful, then they could use VPNBOOK public user and pass to decrypt my traffic? I hope I am missing something, otherwise it would be a very big weakness and I would revert to a paid service (with a private account)

    Read the article

  • ConfigServer Security and Firewall -- after setup, how much daily management required?

    - by Hope4You
    I'm looking at using ConfigServer Security and Firewall (CSF; iptables-based). After I configure it properly, how much daily ongoing management is required of me to keep my server secure? Am I going to be flooded with "alert" emails that I need to check? Or does the firewall automatically take care of most security threats for me? Note: I understand that there's more to server security than just a software firewall, but this question is specifically for CSF security management.

    Read the article

  • Remove applications from Security -> Privacy -> Contacts list

    - by noloader
    I have a few applications that want access to my contacts. I don't really use contacts, and I don't want applications entitled to the information. I've unchecked the appropriate box, but I'd like to remove the application from the list: I've got a couple of applications under Location Services, too (including one Wifi stumbler application that's no longer installed). What plist do I modify to remove the applications from the list?

    Read the article

  • Security: Managing network shares remotely on Ubuntu?

    - by Industrial
    Hi everyone, I am about to setup a home network server running Ubuntu Server and I'm currently a bit worried about how to handle network shares and permissions in a good way. After working a bit lately with Netgears ReadyNAS's units, I have become really spoiled with how easy it was to set up network shares and giving a specific user different levels of network access to a specific share (forbidden access, read, read/write). How would I accomplish the same with my Ubuntu server through SSH? Thanks a lot

    Read the article

  • Security Issue with Active Directory

    - by Will McCloskey
    The retard who was on the built-in Administrator login somehow (and this is what I'm guessing being as he is not here and I was not present when this occurred - Supposedly it was an "ACCIDENT") Denied the built-in Administrator account and every other account except for his personal one access to our domain - ie "Example.net" not just active directory or anything. I've been trying for literally 2 hours to find some sort of way to take control of the domain through the built-in Admin account with no success; I can't even open Active Directory. I'm not aloud to open DSA.MSC and there's no way for me to take ownership. Any ideas?

    Read the article

  • Windows 7 security and Avast antivirus turned off by themself

    - by Simon Verbeke
    I was just browsing around when at once I got messages that UAC, windows defender, Avast, etc. got turned off, without me doing anything. Then my PC turned by itself. I'm now running virus scans and I checked my eventlogs, but found nothing yet. Windows Update also failed to install a new definition after I rebooted. Any idea what this could've been? EDIT: Forgot to mention that everything was turned on again after rebooting. I have since the reboot got nothing abnormal.

    Read the article

  • Bypass insane corporate security system

    - by user1665154
    I'm searching for a posibility to bypass the "Firewall" for 3-4 days. I've tried everything I know, so I ask here for a answer. We have no admin rights and the OS is Windows Vista There is an HTTP Proxy with NTML Authentication (only way to access the internet) It requires a username and password We use smart cards, in fact I have only a user number and a pin. Port 80 and 443 are open - I have an SSH server at home which is listening on port 443 The problem is that I need this proxy to connect to anything. Internet access only works in IE, Chrome, Firefox when I set the proxy settings to "use system proxy settings", "proxy-autoconfig (proxy.pac)" or when I enter the proxy inside the proxy.pac file. However I can't understand where they take the username and password which the Proxy requires. What I've tried was using cntlm to connect to the proxy with authentication (altought I have no PW and username) and PuTTY to create the SSH tunnel over port 443 whit the SOCKS Proxy which I've created with cntml. I've never found some SSH client which includes a "use system proxy settings" function.

    Read the article

  • Fastest security check of file tree on NFS

    - by fungs
    I am currently experiencing very bad performance using the following on an NFS network folder: time find . | while read f; do test -L "$f" && f=$(readlink -m $f); grp="$(stat -c %G $f)"; perm="$(stat -c %A $f)"; done Question 1) Within the loop permissions are checked using the variables grp and perm. Is there a way to lower the amount of disc I/O for these kind of checks over the network (e.g. read all meta data at once using find)? Question 2) It seems like the NFS isn't tuned very well, the same operation on a similar network link via SSHFS take only one third of the time. All parameters are auto-negotiated. Any suggestions?

    Read the article

  • Security against IP spoofing [on hold]

    - by user1369975
    I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try to bring the services down and access the fake services. These ports adopt a blocking process of a connection request and record the IP and port of the client. These are logged and aren't granted access on service on port 80. But what to do if the client spoofs his IP? How can I modify my system?

    Read the article

  • ASP.NET FormsAuthentication Cookie Problem

    - by Niels Bosma
    We use FormAuthentication to manage logins and I have a case where a customer complains where he can login from one computer but to from another. I can see in my logs that his authentican is successfull but he gets bumped back to the login page. I can reproduce the symptons by disabling cookies so I asked the customer to test if cookies are enabled on http://www.tempesttech.com/cookies/cookietest1.asp, but this came out positive. What have I missed? Is there any antivirus/security software that can mess up (ASP.NET) cookies? The user is using IE7 and claims to have F-secure installed.

    Read the article

  • joomla and allow_url_fopen [closed]

    - by liz
    so i have been reading of the pros and cons of allowing: allow_url_fopen. but i am still confused. after a recent hacking incident (which i believe had nothing to do with allow_url_fopen) my host turned allow_url_fopen off. so the thing i dont get is, in joomla 2.5.x there is an updating feature.you can search for new versions and be notified if things are out of date. there is a big security hole if joomla or its extensions get out of date. But the catch it needs allow_url_fopen turned on. so why did joomla build a security risk into a feature to improve security??is it okay to turn allow_url_fopen on and have the updating feature? to clarify: my question is. i have Joomla installed. I have CURl installed. when i run the discover updates through NATIVE joomla i get a request for fopen. shouldn't i not need to enable a security risk? i am running version 2.5.8 of joomla.

    Read the article

  • Browser window popups - risks and special features

    - by Sandeepan Nath
    1. What exactly is the security risk with popups? The new browsers provide settings to block window popups (on blocking, sites with active popups display a message to user). What exactly is the security risk with popups? If allowing popups can execute something dangerous, then the main window can too. Is it not the case. I think I don't know about some special powers of window popups. 2. Any special features of popup windows? Take for example the HDFC bank netbanking site. The entire netbanking session happens in a new window popup and a user neither manually edit the URL or paste the URL in the main browser window. it does not work. Is a popup window needed for this feature? Does it improve security? (Asking because everything that is there in this site revolves around security - so they must have done that for a reason too). Why otherwise they would implement the entire netbanking on a popup window? 3. Is it possible to override browser's popup blocking settings Lastly, the HDFC site succcessfully displays popup window even when in the browser settings popups are blocked. So, how do they do it? Is that a browser hack? To see this - go to http://hdfcbank.com/ Under the "Login to your account" section select "HDFC Bank NetBanking" and click the "Login" button. You can verify that even if popups are blocked/popup blocker is enabled in the browser settings, this site is able to display popups. The answers to this question say that it is not possible to display popup windows if it has been blocked in browser settings. Solved Concluded with Pointy's solution and comments under that. Here is a fiddle demonstrating the same.

    Read the article

  • What prevents a user from adding controls to an ASP.NET page client side?

    - by Curtis White
    This goes back to my other question which I thought was sufficiently answers but upon reflect am not sure that it was (sorry). Backgrounder: I am generating a form dynamically. I am pulling from the database the controls. I must associate each control with a database ID which is not the user's session id. I do this currently by storing my ID in the ID for the web control with some other stuff to make it unique/clear what I am doing. On the post back, I iterate through all the controls on my web page checking for my special identifier, ie, MyGeneratedTextBox_ID_Unique. This process enables for 2 important steps, identifying the control was one I generated and also getting the ID for this input field. And, all of this works but I'm still concerned about the security of it. I do not see a security issue with showing the actual database ID's in this case, although agree it is not desirable. However, I am concerned of the following possibilities: If a user could add a nefarious control to my collection and use that for a SQL injection attack. More academic, but if a user could somehow store data for fields they do not have access too by changing the id's. I agree this is a "hack" of a way to do it. But my question is, is it a security risk and is there an 'easy' way to do it in a less hack way? I assume that only the controls that are created/instantiated on the page are added to the controls list.. thus all controls must be created server side and thus the security issue is address but just wanted to validate. Thanks again. PS: I could see adding a property for each control and encrypting the viewstate would be a little more secure.

    Read the article

  • How do I properly set up and secure a production LAMP Server?

    - by Niklas
    It's very hard to find comprehensive information on this subject. Either I found short tutorials on how you perform the installation, as simple as "apt-get install apache2", or outdated tutorials. So I was hoping I could get some professional information from my fellow members of the Ubuntu community :D I have performed a normal Ubuntu Server 11.04 with LAMP, SAMBA and SSH installed through the system installation. But I'm having some trouble setting up virtual hosts and to make the system secure enough to expose the server to the web. I've somewhat followed this tutorial this far. I have 3 sites in /etc/apache2/sites-available which all looks like this except for different site names: <VirtualHost example.com> ServerAdmin webmaster@localhost ServerAlias www.edunder.se DocumentRoot /var/www/sites/example CustomLog /var/log/apache2/www.example.com-access.log combined </VirtualHost> And I have enabled them with the command a2ensite so I have symbolic links in /etc/apache2/sites-enabled. My /etc/hosts file has these lines: 127.0.0.1 localhost 127.0.1.1 Ubuntu.lan Ubuntu 127.0.0.1 localhost.localdomain localhost example.com www.example.com 127.0.0.1 localhost.localdomain localhost example2.com www.example2.com 127.0.0.1 localhost.localdomain localhost example3.com www.example3.com And I can only access one of them from the browser (I have lynx installed on the server for testing purposes) so I guess I haven't set them up properly :) How should I proceed to get a secure and proper setup? I also use MySQL and I think that this tutorial will be enough to set up SSH securely. Please help me understanding Apache configuration better since I'm new to setting up my own server (I've only run XAMPP earlier) and please advise regarding how I should setup a firewall as well :D

    Read the article

  • How to set up a (relatively) secure kiosk on Natty?

    - by Tim
    I'm trying to get my application to be the only thing a user sees when the machine is powered on - like a kiosk, but a little more secure. Ideally, what I'd like to happen is this: At machine power-on, the user sees the Ubuntu splash image, then my app. While the app is running, the user can't get back to the desktop or a text login prompt via any keyboard shortcut. This is the (relatively) secure bit. When the user exits the app, the user sees a shutdown image, then the machine powers off. In particular, I'd like to configure things so that the user never sees the Gnome desktop on startup or shutdown. At the moment, I've configured a default user to be logged on automatically, with an autostart item which starts my app, but after the Ubuntu startup screen the user sees the Gnome desktop briefly before my app is started. When the app is exited, the user is taken back to the Gnome desktop and has to shut the machine down manually. Also, because of time constraints, I can't really start over with a different window manager. Is there an easy way to configure all of this?

    Read the article

  • TinyMCE Not Defined Error

    - by Tim
    I am trying to add TinyMCE to page but I am getting these errors: Error: tinyMCE is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/langs/en.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/themes/advanced/editor_template.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/pagebreak/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/style/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/advimage/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/advlink/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/iespell/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/preview/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/media/editor_plugin.js Line: 1 Error: tinymce is not defined Source File: https://my.secure.site/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin.js Line: 1 Here is the code I have in header: <script type="text/javascript" src="https://my.secure.site/jquery/jquery-1.3.2.min.js"></script> <script type="text/javascript" src="https://my.secure.site/tinymce/jscripts/tiny_mce/tiny_mce.js"></script> <script type="text/javascript"> $(document).ready(function() { tinyMCE.init({ mode: "textareas", script_url: "https://my.secure.site/tinymce/jscripts/tiny_mce/tiny_mce.js", theme: "advanced", plugins: "pagebreak,style,advimage,advlink,iespell,preview,media,paste", theme_advanced_buttons1: "help,newdocument,|,bold,italic,underline,strikethrough,|,link,unlink,anchor,image", theme_advanced_buttons2: "fontsizeselect,hr,removeformat,charmap,visualaid,sub,sup", theme_advanced_buttons3: "cut,copy,paste,|,undo,redo,|,cleanup,code,preview", theme_advanced_toolbar_location: "top", theme_advanced_toolbar_align: "left", theme_advanced_statusbar_location: "bottom", theme_advanced_resizing: false, editor_selector: "tinymce", width: "398px", force_p_newlines: false, force_br_newlines: true }); }); </script> And this is my textarea that I'm expecting TinyMCE to use: <textarea id="post1msg" class="tinymce" rows="4" cols="40"><?=$r->post->message?></textarea> Please does anyone have any idea why it's not working?

    Read the article

  • Using VLANs/subnetting to separate management from services?

    - by YouAreTheHat
    Background: I recently purchased a server and a managed switch for my home in the hopes of getting more experience and some fun toys to play with. The devices and appliances I either have or plan to have cover a broad spectrum: router, DD-WRT AP, Dell switch, OpenLDAP server, FreeRADIUS server, OpenVPN gateway, home PCs, gaming consoles, etc. I intend to segment my network with VLANs and associated subnets (e.g., VID10 is populated by devices on 192.168.10.0/24). The idea is to secure the more sensitive appliances by forcing traffic through my router/FW. Setup: After thinking and planning for some time, I have tentatively decided on 4 VLANs: one for the WAN connection, one for servers, one for home/personal devices, and one for management. In theory, the home VLAN will have limited access to the servers, and the management VLAN will be totally isolated for security. Question: Since I want to restrict access to management interfaces, but some appliances have to be accessible to other devices, is it possible/wise to have only management (SSH, HTTP, RDP) available on one VLAN/IP and only services (LDAP, DHCP, RADIUS, VPN) available on other? Is this a thing that is done? Does it gain me the security I think it does, or hurt me in some way?

    Read the article

  • Windows 7: Windows Firewall: Logging/Notifying on Outgoing Request Attempts

    - by Maxim Z.
    I'm trying to configure Windows Firewall with Advanced Security to log and tell me when programs are trying to make outbound requests. I previously tried installing ZoneAlarm, which worked wonders for me with this in XP, but now, I'm unable to install ZA on Win7. My question is, is it possible to somehow monitor a log or get notifications when a program tries to do that if I set all outbound connections to auto-block, so that I can then create a specific rule for the program and block it.? Thanks! UPDATE: I've enabled all the logging options available through the Properties windows of the Windows Firewall with Advanced Security Console, but I am only seeing logs in the %systemroot%\system32\LogFiles\Firewall\pfirewall.log file, not in the Event Viewer, as the first answer suggested. However, the logs that I can see only tell me the request's or response's destination IP and whether the connection was allowed or blocked, but it doesn't tell me what executable it comes from. I want to find out the file path of the executable that each blocked request comes from. So far, I haven't been able to.

    Read the article

  • What to do before connecting Ubuntu Server to the internet for the first time?

    - by CodeMonkey
    I just finished installing Ubuntu Server 12.10 on an Asus Eee PC 1000H (to be used as a home server/sandbox) from USB. I installed this software during installation: OpenSSH server LAMP server Samba file server Virtual Machine host I won't use 2, 3 or 4 for a while though. Can/should I turn these off somehow? I have turned home directory encryption on. Security updates are installed automatically. I have chosen a strong password for the single user. I have never plugged in the internet cable so far. Before doing so I'd like to ask: What can/should I do/install to increase security before connecting to the internet? Firewall? Fail2ban? Users/Passwords? Encryption? Enable/Disable functionality? etc. I'm sorry if you get this question a lot. I've searched around quite a while, but it still feels like I might overlook something important.

    Read the article

  • Password Cracking Windows Accounts

    - by Kevin
    At work we have laptops with encrypted harddrives. Most developers here (on occasion I have been guilty of it too) leave their laptops in hibernate mode when they take them home at night. Obviously, Windows (i.e. there is a program running in the background which does it for windows) must have a method to unencrypt the data on the drive, or it wouldn't be able to access it. That being said, I always thought that leaving a windows machine on in hibernate mode in a non-secure place (not at work on a lock) is a security threat, because someone could take the machine, leave it running, hack the windows accounts and use it to encrypt the data and steal the information. When I got to thinking about how I would go about breaking into the windows system without restarting it, I couldn't figure out if it was possible. I know it is possible to write a program to crack windows passwords once you have access to the appropriate file(s). But is it possible to execute a program from a locked Windows system that would do this? I don't know of a way to do it, but I am not a Windows expert. If so, is there a way to prevent it? I don't want to expose security vulnerabilities about how to do it, so I would ask that someone wouldn't post the necessary steps in details, but if someone could say something like "Yes, it's possible the USB drive allows arbitrary execution," that would be great! EDIT: The idea being with the encryption is that you can't reboot the system, because once you do, the disk encryption on the system requires a login before being able to start windows. With the machine being in hibernate, the system owner has already bypassed the encryption for the attacker, leaving windows as the only line of defense to protect the data.

    Read the article

  • Web Application Publishing on Citrix with Restricted Access

    - by Kanini
    We have a Citrix setup enabling users to access our applications from home. Basically, they login to our site using the Windows Authentication. Once, the are successfully logged in, they see the following icons Desktop - Full Screen (which provides them the Desktop as they would see when the login in our office) We now have a requirement where we would like to publish a web application, hxxp://ourlibrary on Citrix with the following security requirement. (this application is already accessible if the users launch the desktop and launch IE within it and navigate to it) The requirement is this - When the are successfully authenticated to our site, they should be able to see The Internet Explorer icon only, NOT the Dekstop - Full Screen icon. On clicking on the icon, Internet Explorer should open up and should automatically navigate to hxxp://ourlibrary They should not be able to access any other URL, such as Google, Hotmail etc., They should not be able to go FileOpen and Browse They should not be able to do FileSave and Browse In effect, they should be able to view the site and that should be it. Any ideas on how to accomplish the security feature? We have already published the application.

    Read the article

  • SSH attack CentOS Amazon EC2

    - by user37143
    Hi, I run a few Rightscale CentOS AMI based instances on Amazon EC2. Two months back I found that our SSHD security is compromised( I had added host.allow and host.deny for ssh). So I created new instances and done an IP based ssh that allows only our IPs through AWS Firewall(ec2-authorize) and chnaged the ssh 22 default port to some other port but two days back I found I was not able to login to the server and when I tried on 22 port the ssh got connected and I found that sshd_conf was changed and when I tried to edit sshd_config I found root had no write permission on the file. So I tried a chmod and it said access denied for 'root' user. This is very strange. I checked secure log and history and found nothing informative. I have PHP, Ruby On Rails, Java, Wordpress apps running on these server. This time I did a chkrootkit scan and found nothing. I renamed the /etc/ssh folder and reinstalled openssh through yum. I had faced this on 3 instances on CentOS(5.2, 5.4) I have instances on Debian as well those working fine. Is this a CentOS/Rightscale issue. Guys, what security measures I should take to prevent this. Please support me this is very critical. Thanks

    Read the article

  • How can visiting a webpage infect your computer?

    - by Cybis
    My mother's computer recently became infected with some sort of rootkit. It began when she received an email from a close friend asking her to check out some sort of webpage. I never saw it, but my mother said it was just a blog of some sort, nothing interesting. A few days later, my mother signed in on the PayPal homepage. PayPal gave some sort of security notice which stated that to prevent fraud, they needed some additional personal information. Among some of the more normal information (name, address, etc.), they asked for her SSN and bank PIN! She refused to submit that information and complained to PayPal that they shouldn't ask for it. PayPal said they would never ask for such information and that it wasn't their webpage. There was no such "security notice" when she logged in from a different computer, only from hers. It wasn't a phishing attempt or redirection of some sort, IE clearly showed an SSL connection to https://www.paypal.com/ She remembered that strange email and asked her friend about it - the friend never sent it! Obviously, something on her computer was intercepting the PayPal homepage and that email was the only other strange thing to happen recently. She entrusted me to fix everything. I nuked the computer from orbit since it was the only way to be sure (i.e., reformatted her hard drive and did a clean install). That seemed to work fine. But that got me wondering... my mother didn't download and run anything. There were no weird ActiveX controls running (she's not computer illiterate and knows not to install them), and she only uses webmail (i.e., no Outlook vulnerability). When I think webpages, I think content presentation - JavaScript, HTML, and maybe some Flash. How could that possibly install and execute arbitrary software on your computer? It seems kinda weird/stupid that such vulnerabilities exist.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >