Search Results

Search found 20283 results on 812 pages for 'security context'.

Page 159/812 | < Previous Page | 155 156 157 158 159 160 161 162 163 164 165 166 | Next Page >

Is it okay to use an administrator account for everyday use if UAC is on?

- by Valentin Radu

Since I switched to Windows 7 about 3 years ago, and now using Windows 8.1, I have become familiar with the concept of User Account Control and used my PC the following way: a standard account which I use for every day work and the built-in Administrator account activated and used only to elevate processes when they request so, or to ”Run as administrator” applications when I need to. However, recently after reading more about User Account Control, I started wondering if my way of working is good? Or should I use an administrator account for every day work, since an administrator account is not elevated until requested by apps, or until I request so via the ”Run as administrator” option? I am asking this because I read somewhere that the built-in Administrator account is a true administrator, by which I mean UAC doesn't pop up when logged in within it, and I am scared of not having problems when potential malicious software come into scene. I have to mention that I do not use it on a daily basis, just when I need to elevate some apps. I barely log in into it 10 times a year... So, how's better? Thanks for your answers! And Happy New Year, of course! P.S. I asked this a year ago (:P) and I think I should reiterate it: is an administrator account as safe these days as a standard account coupled with the built-in Administrator account when needed?

Read the article
Protect individual sites on Ubuntu/Apache server

- by Christoffer

Hi,?? I need to set up a Apache server configuration for some client sites that run under the same Ubuntu 9.10 machine. All sites are allowed to run PHP, Python and Ruby on Rails. I do not control the source code of these sites and so I need to set up a filter in order to prevent one user to reach files on another users account.?? If I run a script to list files in "/" from one account, I can browse some files and directories in the actual server root. I want to set the root for each account to /var/usersite.com/www/ instead so that listing files in "/" shows the files in the client's root. ??How is this most easily configured??? Cheers!? /Christoffer

Read the article
How to copy password from Mono-executed KeePass2 to xterm on Linux?

- by Steve Emmerson

I use KeePass2 to access username/password information in a Dropbox file. This allows convenient access from multiple devices. I can't seem to copy a password to the clipboard on my Linux 2.6.27.41-170.2.117.fc10.x86_64 system, however, in order to supply the password to a prompt in an xterm(1). I've tried both Ctrl+C/Ctrl+V and highlighting and mouse button 2 clicking. The KeePass2 program on the Linux system is executed by Mono. How can I copy the password to the xterm(1)? [Aside: I think we need a "KeePass" tag.] ADDENDUM: My mouse buttons were misconfigured: button 2 wasn't set to "copy". Sorry for the false alarm.

Read the article
Protect Windows VPN from Unauthorized Users

- by kobaltz

I have a VPN connection that I use while away from home to remote into my home network. I would use a zero config solution like Hamachi, but need access from my mobile device. Therefore, I have my Windows Home Server acting as the VPN server and will accept incoming connections. Both the username and password are strong. However, I'm worried about brute force attacks against my network. Is there something else that I should do to protect my network from having unauthorized access attempts to my network? I'm familiar with Linux's FAIL2BAN, but wasn't sure if something similar existing for Windows.

Read the article
I am starting to think that Prevx.com isnt a legit site...but heres my long-winded question

- by cop1152

I apologize in advance for the long-winded post. I posted it all because I believe its informative and may be useful. Also, I posted my question at the end. Moments ago I was RDC to a file server in my home (from inside my home). I had opened Firefox and Googled for a manufacturers website. Immediately after clicking the link, Firefox abruptly closed. This seemed odd to me to so I checked the running processes and discovered d.exe, e.exe, and f.exe running. I Googled these processes on a different machine and found them belonging to a key-logger/screen-capturer/trojan called defender.exe, which according to the Prevx lives in c:\documents and settings\user\local settings\temp. (Prevx link http://www.prevx.com/filenames/147352809685142526-X1/DEFENDER32.EXE.html) Simultaneously, an obviously-spoofed Windows Firewall popup appeared on the server asking me to click ‘yes’ to update Windows Firewall. At this time I ended all rogue processes, emptied the temp folder, removed defender.exe from startup, and checked my registry and a few other locations. Before deleting Defender.exe I noted that it was created moments ago, just before Firefox crashed. I believe that I was ‘almost’ infected with this malware. I believe that it needed me to click the phony popup in order to complete infection because it wasn’t allowed to execute processes from the temp folder. After cleaning the machine, I restarted it and have been monitoring it for over an hour. I am debating on whether or not to restore the Windows partition (a separate physical drive from the data) or to just watch it for awhle. I should mention that, because of the specs on this machine, I do not run antivirus software, but I know it well and inspect it regularly. It is a very old Compaq with a 400mhz processer and 512mb of ram. I have a static IP and the server is in the DMZ running an FTP client and some HTTP server software. All files transferred to and stored on this machine are scanned for malware before transferring. Usually the machine only runs 19 processes and performs pretty well for its intended purpose. I posted the story so that you could be aware of a possible new piece of malware and how it acts, but I also have a question or two. First, over the last few months I have noticed that PREVX is listed at the top of most of my Google searches when researching malware, especially for new or obscure malware…and they always want you to purchase something. I don’t think they are one of the top AV companies, so it seems odd that they are always the top Google result. Does anyone have any experience with any of their products? Also, what sites do you rely on for malware researching? Recently, I have found it difficult to find good info because of HijackThis-logs and other deadend info cluttering up my searches. And lastly, besides antivirus, third-party firewall, etc, what settings would you use to lock down a machine to make it more secure in instances where a stubborn admin like myself refuses to run AV? Thanks.

Read the article
How can I protect files on my NGiNX server?

- by Jean-Nicolas Boulay Desjardins

I am trying to protect files on my server (multiple types), with NGiNX and PHP. Basically I want people to have to sign in to the website if they want to access those static files like images. DropBox does it very well. Where by they force you to sign in to access any static files you put on there server. I though about using NGiNX Perl Module. And I would write a perl script that would check the session to see if the user was sign in to give them access to a static file. I would prefer using PHP because all my code is running under PHP and I am not sure how to check a session created by PHP with PERL. So basically my question is: How can I protect static files of any types that would need the user to have sign in and have a valid session created with a PHP script?

Read the article
Password protect a folder

- by Lee Treveil

What are the available options for password protecting a folder? I'm talking about requiring a password to actually access the folder, not just user access rights. Is the third-party software out there secure and stable? What are the recommendations?

Read the article
Managing service passwords with Puppet

- by Jeff Ferland

I'm setting up my Bacula configuration in Puppet. One thing I want to do is ensure that each password field is different. My current thought is to hash the hostname with a secret value that would ensure each file daemon has a unique password and that password can be written to both the director configuration and the file server. I definitely don't want to use one universal password as that would permit anybody who might compromise one machine to get access to any machine through Bacula. Is there another way to do this other than using a hash function to generate the passwords? Clarification: This is NOT about user accounts for services. This is about the authentication tokens (to use another term) in the client / server files. Example snippet: Director { # define myself Name = <%= hostname $>-dir QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/var/run/bacula" Maximum Concurrent Jobs = 3 Password = "<%= somePasswordFunction =>" # Console password Messages = Daemon }

Read the article
Trouble getting started with the STEALTH monitoring package

- by dlanced

Is anyone here familiar with the Linux-based STEALTH package (for monitoring FS integrity of client systems)? I'm trying to get started with a very simple configuration, but I'm running into trouble (this is running under Ubuntu 14.04): Config line `USE BASE/root/stealth/10.0.0.79' invalid STEALTH (2.11.02) started at Fri, 30 May 2014 15:25:00 +0000 Program terminated due to non-zero exit value for -type f -exec /usr/bin/sha1sum {} \; (EOC Fri May 30 15:25:00 2014 127) Stealth is creating a binary tmp file in the Stealth server root and generating a "report" file in the start directory, but not much else. Regarding the "USE BASE...invalid" error, and just to be sure, I manually created the directories in /root, but it didn't help. And, by the way, I am running stealth with sudo. Everything seems to be configured correctly: I'm able to ssh into root@client from the stealth machine without a password Here's my "policy" file (I've removed the email directives just for simplicity): DEFINE SSHCMD /usr/bin/ssh [email protected] -T -q exec /bin/bash --noprofile DEFINE EXECSHA1 -xdev -perm +u+s,g+s ( -user root -or -group root ) \ -type f -exec /usr/bin/sha1sum {} \; USE BASE/root/stealth/10.0.0.79 USE SSH ${SSHCMD} USE DD /bin/dd USE DIFF /usr/bin/diff USE PIDFILE /var/run/stealth- USE REPORT report USE SH /bin/sh GET /usr/bin/sha1sum /root/tmp LABEL \nchecking the client's /usr/bin/find program CHECK LOG = remote/binfind /usr/bin/sha1sum /usr/bin/find LABEL \nsuid/sgid/executable files uid or gid root on the / partition CHECK LOG = remote/setuidgid /usr/bin/find / ${EXECSHA1} LABEL \nconfiguration files under /etc CHECK LOG = remote/etcfiles \ /usr/bin/find /etc -type f -not -perm /6111 \ -not -regex "/etc/(adjtime\|mtab)"\ -exec /usr/bin/sha1sum {} \; Any ideas? Thanks,

Read the article
Change OpenSSH account password in Linux

- by TK Kocheran

I suppose that my main Linux user account password serves as my SSH password as well. Is there a way I can modify this? As it turns out, I'd like to have a REALLY secure SSH password for obvious reasons, but a less secure local password, as it makes typing in passwords a heck of a lot easier on a machine. Is there a way I can change my account password in SSH without changing my Linux user password?

Read the article
Why some recovery tools are still able to find deleted files after I purge Recycle Bin, defrag the disk and zero-fill free space?

- by Ivan

As far as I understand, when I delete (without using Recycle Bin) a file, its record is removed from the file system table of contents (FAT/MFT/etc...) but the values of the disk sectors which were occupied by the file remain intact until these sectors are reused to write something else. When I use some sort of erased files recovery tool, it reads those sectors directly and tries to build up the original file. In this case, what I can't understand is why recovery tools are still able to find deleted files (with reduced chance of rebuilding them though) after I defragment the drive and overwrite all the free space with zeros. Can you explain this? I thought zero-overwritten deleted files can be only found by means of some special forensic lab magnetic scan hardware and those complex wiping algorithms (overwriting free space multiple times with random and non-random patterns) only make sense to prevent such a physical scan to succeed, but practically it seems that plain zero-fill is not enough to wipe all the tracks of deleted files. How can this be?

Read the article
SFTP: How to keep data out of the DMZ

- by ChronoFish

We are investigating solutions to the following problem: We have external (Internet) users who need access to sensitive information. We could offer it to them via SFTP which would offer a secure transport method. However, we don't want to maintain the data on server as it would then reside in the DMZ. Is there an SFTP server that has "copy on access" such that if the box in the DMZ were to be compromised, no actual data resided on that box? I am envisioning an SFTP Proxy or SFTP passthrough. Does such a product exist currently?

Read the article
How would you secure a home router with a self-signed certificate?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article
How would you secure a home router with a self-signed certificate?

- by jldugger

littleblackbox is publishing "private keys" that are accessible on publicly available firmwares. Debian calls these "snake-oil" certs. Most of these routers are securing their HTTPS certs with these, and as I think about it, I've never seen one of these internal admin websites with certs that wasn't self signed. Given a webserver on IP 192.168.1.1, how do you secure it to the point that Firefox doesn't offer warnings (and is still secured)?

Read the article
How do I remove the ServerSignature added by mod_fcgid?

- by matthew

I'm running Mod_Security and I'm using the SecServerSignature to customize the Server header that Apache returns. This part works fine, however I'm also running mod_fcgid which appends "mod_fcgid/2.3.5" to the header. Is there any way I can turn this off? Setting ServerSignature off doesn't do anything. I was able to get it to go away by changing the ServerTokens but that removed the customization I had added.

Read the article
How to detect/list rogue computers connected to a WIFI network without access to the Wifi Router interface? [migrated]

- by JJarava

This is what I believe to be an interesting challenge :) A relative (that leaves a bit too far to go there in person) is complaining that their WIFI/Internet network performance has gone down abysmally lately. She'd like to know if some of the neighbors are using her wifi network to access the internet but she's not too technically savvy. I know that the best way to prevent issues would be to change the Router password, but it's a bit of a PITA having to re-configure all wifi devices... and if the uninvited guest broke the password once, they can do it again... Her wifi router/internet connection is provided by the telco, and remotely managed so she can log-on to their telco account's page and remotely change the router's Wifi password, but doesn't have access to the router status page/config/etc unless she opts out of the telco's remote support and mainteinance service... So, how could she check if there are guests in the wifi with this restrictions and in the most "point and click way"? In this case I'd probably use nmap to look for other devices in the network, but I'm not sure if that's the easiest way to do it. I'm not a wifi expert, so I don't know if there are any wifi-scanning utils that can tell us who's talking to the router... Lastly, she's a Windows user as I guess that'll influence the choice of tools available Any suggestions more than welcome Regards!

Read the article
china and gmail attachs -

- by doug

"We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” [source] I don't know much about how internet works, but as long the chines gov has access to the chines internet providers servers, why do they need to hack gmail accounts? I assume that i don't understand how submitting/writing a message(from user to gmail servers) works, in order to be sent later to the other email address. Who can tell me how submitting a message to a web form works?

Read the article
CPANEL ModSec2 not working with SecFilterSelective

- by jfreak53

Ok, I have cPanel/WHM latest on a Dedi, here are my specs on apache: Server version: Apache/2.2.23 (Unix) Server built: Oct 13 2012 19:33:23 Cpanel::Easy::Apache v3.14.13 rev9999 I just ran a re-compile using easyapache as you can see by the date. When running it I made sure that ModSec was selected and it stated in big bold letters something to the effect of If you install Apache 2.2.x you get ModSec 2 So I believed it :) I recompiled, I then ran: grep -i release /home/cpeasyapache/src/modsecurity-apache_2.6.8/apache2/mod_security2.c Hmm, the file is there but grep doesn't output anything, if I run: grep -i release /home/cpeasyapache/src/modsecurity-apache_1.9.5/apache2/mod_security.c I of course get the ModSec 1 version output. But the thing is that ModSec2 is installed since the c file is there. So I continued and put the following in modsec2.user.conf: SecFilterScanOutput On SecFilterSelective OUTPUT "text" Now when I restart Apache I get this error: Syntax error on line 1087 of /usr/local/apache/conf/modsec2.user.conf: Invalid command 'SecFilterScanOutput', perhaps misspelled or defined by a module not included in the server configuration Now supposedly this is supposed to work, I even have it running in ModSec2 on a non-cpanel server setup manually. So I know ModSec2 supports it. Anyone have any ideas? I have asked this question over at cpanel forum and it got nowhere.

Read the article
is there any valid reason for users to request phpinfo()

- by The Journeyman geek

I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

Read the article
Is there a filesystem firewall?

- by Jenko

Ever since firewalls appeared on the scene, it became hard for rogue programs to access the internet. But you and I know that running applications get unrestricted access to the filesystem. They can read your files and send them to poppa. (programs such as web browsers and IM clients, which are allowed thru the internet firewall) Any way to know which programs are accessing your files? or limit their access to a specific partition?

Read the article
How can I stop SipVicious ('friendly-scanner') from flooding my SIP server?

- by a1kmm

I run an SIP server which listens on UDP port 5060, and needs to accept authenticated requests from the public Internet. The problem is that occasionally it gets picked up by people scanning for SIP servers to exploit, who then sit there all day trying to brute force the server. I use credentials that are long enough that this attack will never feasibly work, but it is annoying because it uses up a lot of bandwidth. I have tried setting up fail2ban to read the Asterisk log and ban IPs that do this with iptables, which stops Asterisk from seeing the incoming SIP REGISTER attempts after 10 failed attempts (which happens in well under a second at the rate of attacks I'm seeing). However, SipVicious derived scripts do not immediately stop sending after getting an ICMP Destination Host Unreachable - they keep hammering the connection with packets. The time until they stop is configurable, but unfortunately it seems that the attackers doing these types of brute force attacks generally set the timeout to be very high (attacks continue at a high rate for hours after fail2ban has stopped them from getting any SIP response back once they have seen initial confirmation of an SIP server). Is there a way to make it stop sending packets at my connection?

Read the article
Explanation of nodev and nosuid in fstab

- by Ivan Kovacevic

I see those two options constantly suggested on the web when someone describes how to mount a tmpfs or ramfs. Often also with noexec but I'm specifically interested in nodev and nosuid. I basically hate just blindly repeating what somebody suggested, without real understanding. And since I only see copy/paste instructions on the net regarding this, I ask here. This is from documentation: nodev - Don't interpret block special devices on the filesystem. nosuid - Block the operation of suid, and sgid bits. But I would like a practical explanation what could happen if I leave those two out. Let's say that I have configured tmpfs or ramfs(without these two mentioned options set) that is accessible(read+write) by a specific (non-root)user on the system. What can that user do to harm the system? Excluding the case of consuming all available system memory in case of ramfs

Read the article
Which linux x86 hardware keystore?

- by byeo

I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

Read the article
How to setup server to accept pem(private RSA key) login w/o password like EC2?

- by Chandler.Huang

I am manage a group of VM and I need to setup all vm create a ssh tunnel to a specific host A. One way to do this is append public key of each VM to host's authorized_keys, but I guess I have to do the append each time i create a VM. So I am trying to config host A to accept pem or private key login without passowrd, just like EC2, client can use "ssh -i PEM" to login host A. But I have tried in vain for hours. I create a rsa public/private key and let VM use the private key to login, no matter what I do, host a still ask for password. Is there anything I missed ? Thanks.

Read the article
Setting the secure flag on cookies from Outlook Web Access

- by Cheekysoft

I'm running Exchange 2007 SP3 which is exposing outlook web access over only HTTPS. However the server delivers the sessionid cookie without the secure flag set. Even though I don't have port 80 open, this cookie is still vulnerable to being stolen over port 80 in the event of a man-in-the-middle attack. It also contributes to a PCI-DSS failure Does anyone know if I can persuade the web server/application to set the secure flag?

Read the article

< Previous Page | 155 156 157 158 159 160 161 162 163 164 165 166 | Next Page >