Search Results

Search found 14771 results on 591 pages for 'security policy'.

Page 162/591 | < Previous Page | 158 159 160 161 162 163 164 165 166 167 168 169  | Next Page >

  • Designing a persistent asynchronous TCP protocol

    - by dogglebones
    I have got a collection of web sites that need to send time-sensitive messages to host machines all over my metro area, each on its own generally dynamic IP. Until now, I have been doing this the way of the script kiddie: Each host machine runs an (s)FTP server, or an HTTP(s) server, and correspondingly has a certain port opened up by its gateway. Each host machine runs a program that watches a certain folder and automatically opens or prints or exec()s when a new file of a given extension shows up. Dynamic IP addresses are accommodated using a dynamic DNS service. Each web site does cURL or fsockopen or whatever and communicates directly with its recipient as-needed. This approach has been suprisingly reliable, however obvious issues have come up and the situation needs to be addressed. As stated, these messages are time-sensitive and failures need to be detected within minutes of submission by end-users. What I'm doing is building a messaging protocol. It will run on a machine and connection in my control. As far as the service is concerned, there is no distinction between web site and host machine -- there is only one device sending a message to another device. So that's where I'm at right now. I've got a skeleton server and a skeleton client. They can negotiate high-quality authentication and encryption. The (TCP) connection is persistent and asynchronous, and can handle delimited (i.e., read until \r\n or whatever) as well as length-prefixed (i.e., read exactly n bytes) messages. Unless somebody gives me a better idea, I think I'll handle messages as byte arrays. So I'm looking for suggestions on how to model the protocol itself -- at the application level. I'll mostly be transferring XML and DLM type files, as well as control messages for things like "handshake" and "is so-and-so online?" and so forth. Is there anything really stupid in my train of thought? Or anything I should read about before I get started? Stuff like that -- please and thanks.

    Read the article

  • Cloud storage services offering one-time download links? [closed]

    - by TARehman
    Is anyone aware of consumer-targeted cloud storage services that allow users to generate a one-time download link for hosted files? Case in point: I have an encrypted container with some documents I need to send to a vendor. I would prefer to give them a one-time download link, so that I know when they have accessed the file, and then inform them of the passphrase by phone. I have heard that MediaFire offers 1-time links, but that they are buried in tons of advertising. At the moment, I'm not sure that I consider MediaFire fully legitimate; I'm more interested in solutions with Google Drive, Box.net, DropBox, etc.

    Read the article

  • How to know if a file has 'access' monitor in linux

    - by J L
    I'm a noob and have some questions about viewing who accessed a file. I found there are ways to see if a file was accessed (not modified/changed) through audit subsystem and inotify. However, from what I have read online, according to here: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html it says to 'watch/monitor' file, I have to set a watch by using command like: # auditctl -w /etc/passwd -p war -k password-file So if I create a new file or directory, do I have to use audit/inotify command to 'set' watch first to 'watch' who accessed the new file? Also is there a way to know if a directory is being 'watched' through audit subsystem or inotify? How/where can I check the log of a file?

    Read the article

  • Is it possible to change User's Home Directorys permission in OSX?

    - by Sosiska
    Most of your staff uses OSX as main operation system. The problem is that recently we were attacked with some odd malware: users are getting zip-file via mail, and when they open this zip file, they execute a binary keylogger malware, that is inside this zipped file. (One click is enough). We have some non-technical limitations and due this limitation we can't configure user's mail servers. But actually we have physical access to their laptops. As far as I know, there is possible to mount user's home directory without "x" (execution) permission in Linux and *BSD. So users can't run some binary file inside home directory. Is it possible to configure OS X so that user can't execute files inside /Users/?

    Read the article

  • On my Mac, under the 'Shared' folder it shows another computer in my house, am I hacked?

    - by user27449
    I didnt' setup any connection to another computer in my house (its a PC), and I just noticed under my 'Shared' folder in the file explorer on my Mac laptop I see the name of the PC. How could this have shown up when I didn't even try to connect to it before? Could I possibly be hacked or is this normal it just scanned our internal wireless network? I havent' setup any kind of network really, just have a wireless modem that other computers share.

    Read the article

  • How to automatically copy a file uploaded by a user by FTP in Linux (CentOS)?

    - by Buttle Butkus
    Outside contractor says they need read/write/execute permissions on part of the filesystem so they can run a script. I'm ok with that, but I want to know what they're running, in case it turns out there is some nefarious code. I assume they are going to upload the file, run it, and then delete it to prevent me from finding out what they've done. How can I find out exactly what they've done? My question specifically asks for a way of automatically copying the file, which would be one way. But if you have another solution, that's fine. For example, if the file could be automatically copied to /home/root/uploaded_files/ that would be awesome.

    Read the article

  • How to forbid postfix to send to external domains [closed]

    - by elhoim
    I have a local postfix server, and i want it to only relay emails to the only local domain (localdomain.be): myhostname = localdomain.be mydomain = localdomain.be alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $myhostname mydestination = $myhostname relay_domains = $mydomain default_transport = smtp relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24 mailbox_size_limit = 64000000 message_size_limit = 1000000 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtp_host_lookup = native This configuration works fine to allow relay mail locally and on external destination domains, but i would like it to be an impossibility to send to other domains (ie: gmail.com). relay_domains is supposed to ensure that but it does not seem to really filter since i can still send to my gmail address.

    Read the article

  • How to wipe free disk space in Linux?

    - by Alex B
    When a file is deleted, its contents may still be left in the filesystem, unless explicitly overwritten with something else. "wipe" can securely erase files, but does not seem to allow erasing free disk space not used by any files. What should I use to achieve this?

    Read the article

  • Hosting solution for sensitive client data

    - by Mark
    Hello, We are developing a web application that will deal with highly sensitive (financial) data of clients (audience is medium to large sized businesses). Clients will be under scrutiny from regulators & auditors and, as such, we will be too. More importantly to give clients a level of comfort our application and related hosting arrangement should instill a lot of confidence with them. We are looking into using a cloud based service like Linode, Amazon EC2, etc. To allow for maximum flexibility We are keen on putting everything on virtual servers and avoiding having to buy our own hardware. Does a cloud based service make sense for our particular scenario? If not what type of hosting should we consider? If so what should we look out for? Thanks!

    Read the article

  • What are the best linux permissions to use for my website?

    - by Nic
    This is a Canonical Question about File Permissions on a Linux web server. I have a Linux web server running Apache2 that hosts several websites. Each website has its own folder in /var/www/. /var/www/contoso.com/ /var/www/contoso.net/ /var/www/fabrikam.com/ The base directory /var/www/ is owned by root:root. Apache is running as www-data:www-data. The Fabrikam website is maintained by two developers, Alice and Bob. Both Contoso websites are maintained by one developer, Eve. All websites allow users to upload images. If a website is compromised, the impact should be as limited as possible. I want to know the best way to set up permissions so that Apache can serve the content, the website is secure from attacks, and the developers can still make changes. One of the websites is structured like this: /var/www/fabrikam.com /cache /modules /styles /uploads /index.php How should the permissions be set on these directories and files? I read somewhere that you should never use 777 permissions on a website, but I don't understand what problems that could cause. During busy periods, the website automatically caches some pages and stores the results in the cache folder. All of the content submitted by website visitors is saved to the uploads folder.

    Read the article

  • Disabling certain JBoss ports

    - by Rich
    We are trying to configure JBoss 5.1.0 to be as lightweight and as secure as possible. One of the parts of this process is to identify and close any ports we do not need. Three ports that we have outstanding but don't believe we need are: 4457 - bisocket 4712 - JBossTS Recovery Manager 4713 - JBossTS Transaction Status Manager We don't think we need any of these features (but could be wrong). Bisocket seems to be a way for JMS clients behind a firewall to communicate with JBoss. We hardly use JMS now and when we do, it is very unlikely that we will need this firewall traversing ability. I am less sure about whether we need the two JBossTS ports - I am guessing these are used in a clustered environment - we aren't clustered. So my question is, how do we disable these ports (and associated processes where possible), or if we need these ports, why do we need to keep them open?

    Read the article

  • Which ports to open for Microsoft SQL Server?

    - by dnolan
    Having searched the internet a few times on the best way to open up SQL Server connectivity through windows firewall i've yet to find a best way of doing it. Does anyone have a guaranteed way of finding which ports SQL is running on so you can open them in windows firewall?

    Read the article

  • Mac on My Router?

    - by Yar
    There is a computer that is not mine that is accessible on my network. I can even access its filesystem via AFP. What I want to know is how the computer could get on my network. My network is secured like this: Does that mean that they've used password cracking tools? The pass is not easy to guess but not hard to figure out via brute-force hacking, I guess. If I am being hacked, should I switch to WPA?

    Read the article

  • Store system passwords with easy and secure access

    - by CodeShining
    I'm having to handle several VPS/services and I always set passwords to be different and random. What kind of storage do you suggest to keep these passwords safe and let me access them easily? These passwords are used for services like databases, webserver user and so on that run customers' services, so it's really important to keep them in a safe place and strong. I'm actually storing them in a google drive spreadsheet file, describing user, password, role, service. Do you know of better solutions? I'd like to keep them on a remote service to make sure I don't have to make backup copies (in case my hdd would fail somehow). I do work on *nix platforms (so windows specific solutions are not a choice here).

    Read the article

  • how to protect php app (vbulletin) from hackers

    - by samsmith
    Our vBulletin system is under constant attack, raising cpu load and making the system very slow for legit users. The attack is a script type attack that is attempting to log in and/or create new login ids (mostly it is trying to create login ids in order to spam the site). In vBulletin, we have black listed large ranges of ips, which has helped a lot, but the attacks continue. Is there an automated way to protect the application or web server? ideally, the protection would detect the pages accessed and automatically black list the ip.

    Read the article

  • non-interactive ssh sudo... prompts for the password in plain text

    - by Iain
    I'm running some non-interactive ssh commands. The ssh authentication is taken care of fine through the ssh agent, but if I run a command that requires sudo then the password prompt in my terminal is plain text. For example: ssh remotemachine "sudo -u www mkdir -p /path/to/new/folder" will prompt me for the password in plain text. Does anyone know how I can get it to use the normal secure prompt or that I can pass the password via a switch? (as then I can set up a secure prompt on this side before I send the command) Any help is much appreciated.

    Read the article

  • compromised site

    - by pinniger
    So, I have a web site that has been compromised twice in two weeks. every index.php and .js file gets a script injecting into the source code of the file. The problem is that I have no idea how they're doing it. I've seen this done via sql injection before, but I don't know how they are actually writing to the file. I've dug through the Apache logs but didn't find anything interesting. The site is built using the cakephp framework on a godaddy shared server. Anybody know what secturity settings or log files to check to see how they are doing this?

    Read the article

  • How to use OpenVPN through a restrictive firewall?

    - by R.L. Stine
    I'm currently in the situation of attempting to setup OpenVPN on a personal VPS, for connection primarily through an overly restrictive firewall. All of the setups mentioned below work when used through a reasonably-firewalled connection. I have tried: OpenVPN running on the standard port OpenVPN running on port 443 (I start OpenVPN manually from the command line on the VPS and see that the server reports the connection being closed almost immediately, I assume this is a result of DPI on the firewall) STunnel running on port 443 to access OpenVPN and evade DPI. This is the most successful and allows a connection and internet access through the VPN for ~10-20 seconds, before the connection is forcibly closed. Is there anything else I can attempt?

    Read the article

  • securing hard drive when users boot from usb external

    - by eshriek
    I supervise the use of a 'community' desktop computer. I would like to allow the use of the desktop via an external drive to a specific individual. How do I secure the internal hard drive so that no access is possible while using the external drive? Primarily I want to avoid accidental modification of the hard drive. The desktop runs Vista. The external is Ubuntu.

    Read the article

  • Preventing users from deleting SQL data

    - by me2011
    We just purchased a program that requires the users to have an account in the MS SQL server, with read/write access to the program's database. My concern is that since these users will now have write access to the database, they could directly connect to the SQL server outside of the program's client and then mess with the data directly in the tables. Is there anyway I can prevent access to the database while still allowing access via the client program?

    Read the article

  • Netgear routers don't allow you to disable wireless admin??

    - by MousePad
    I just bought a new router, the NetGear WGR614. Nowhere in the settings can you disable the ability to administrate the router from a wireless connection, which opens it up to brute force attacks from outside the building. Furthermore, it doesn't require a direct connection to the router to admin either, you can admin it while you're connected to the Internet. This means it opens itself to the possibility of an attack from within the network. This is unbelievable to me. What am I missing? Can this be possible?

    Read the article

  • Server load increases by lot of httpd request with same PID

    - by user3740955
    I can see that my server load increases to more than 200-300 range. Before 1 week the maximum load was around 20-25. In top and ps -ef i can see a lot of httpd threads and the PPID of most of the httpd request are of the same PID. When i verified this the parent process ID is of root. Please let me know how i can reduce the server load. I have searched a lot for this but not able to find out a proper solution for this. Please let me know. Please see below a part of the top output. apache 29698 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29700 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29701 2062 10 16:54 ? 00:00:02 /usr/sbin/httpd apache 29702 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29703 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29705 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29706 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29707 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29708 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29709 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29710 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29711 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29712 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd Server version: Apache/2.2.3

    Read the article

  • Iptables to lock down compromised server to a single ip

    - by ollybee
    I have a Linux server which is compromised, I can see nasty looking perl scripts executing with root privileges. I want to get some data off it before I wipe it. How can I block all inbound and outbound traffic except for my ip? It's a Centos server I assume i can do this with iptables? I'm aware a the server is rooted there is a possibility that attackers could have made changes on the server that would prevent this from working. Ill be testing to make sure and only have the server online for a couple of hours before it is nuked.

    Read the article

< Previous Page | 158 159 160 161 162 163 164 165 166 167 168 169  | Next Page >