Search Results

Search found 25503 results on 1021 pages for 'browser security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 165/1021 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

  • Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?

    - by jamesfm
    I am a dev with little admin expertise, administering a single dedicated web server remotely. A recent independent security audit of our site recommended that "RDP is not exposed to the Internet and that a robust management solution such as a VPN is considered for remote access. When used, RDP should be configured for Server Authentication to ensure that clients cannot be subjected to man-in-the-middle attacks." Having read around a bit, it seems like Network Level Authentication is a Good Thing so I have enabled the "Allow connections only from Remote Desktop with NLA" option on the server today. Is this acion enough to mitigate the risk of a Man-in-the-Middle attack? Or are there other essential steps I should be taking? If VPN is essential, how do I go about it?

    Read the article

  • How to make sure Windows PC is reasonably secure?

    - by Coder
    I'm not much of a network and network security expert, but I need to add an existing Windows PC to a network with always on connection. The problem is, I have no idea if the PC is really clean, and, actually, no knowledge to check it. I scanned the PC with Process Explorer to verify if all running processes are signed, ran an AVG scan, but this is where my knowledge ends. IIRC, there can be bad code attached to svchost or something, bad drivers, and so on, but I have no idea how to check all those things. Reformatting the PC is unfeasible as of now. Are there any suggestions on what I could do?

    Read the article

  • Enable file download via redirect in IE7

    - by Christian W
    Our application enables our customers to download files to their computer. The way I have implemented it is using asp.net with a dropdown. When the user clicks the dropdown they get the choice of "PDF","Powerpoint", and a couple of other choices depending on circumstances. Then, in postback depending on the choice the user made, it will return a file (changing the content-header and such and then bitbanging a file to the user). This works perfectly in all browsers, but IE7 complains that this is a security risk and blocks the download. Is there any way for the users to authorize downloads from our webapplication?

    Read the article

  • Hacking prevention, forensics, auditing and counter measures.

    - by tmow
    Recently (but it is also a recurrent question) we saw 3 interesting threads about hacking and security: My server's been hacked EMERGENCY. Finding how a hacked server was hacked File permissions question The last one isn't directly related, but it highlights how easy it is to mess up with a web server administration. As there are several things, that can be done, before something bad happens, I'd like to have your suggestions in terms of good practices to limit backside effects of an attack and how to react in the sad case will happen. It's not just a matter of securing the server and the code but also of auditing, logging and counter measures. Do you have any good practices list or do you prefer to rely on software or on experts that continuously analyze your web server(s) (or nothing at all)? If yes, can you share your list and your ideas/opinions?

    Read the article

  • Why does mod_security require an ACCEPT HTTP header field?

    - by ripper234
    After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

    Read the article

  • McAfee VirusScan Enterprise or avast! Free?

    - by Pieter
    I currently have McAfee VirusScan Enterprise on my computer. This was preinstalled on my PC. (My university did a bulk laptop purchase so I got a sweet deal on my laptop. McAfee was one of the extras that were included.) Apparently, it's getting bad ratings from sites such as Virus Bulletin and AV-Test. Am I better off with avast's free antivirus? Is it worth considering avast! Internet Security? I currently have a three-year license for VirusScan Enterprise. I keep my software up to date using Secunia PSI and I don't click on any suspicious links.

    Read the article

  • google.com re-directing to local html copy

    - by Sneha
    When I type http://google.com and press ENTER on any of my browsers ( Mozilla, Chrome ), the URL bar suddenly transforms into this file:///C:/Users/Administrator/AppData/Roaming/Google_Toolbar/Google_Toolbar/1.0.0.0/MyGoogle.html After this too, I can continue to search in google but the URL bar still shows the local address. Surprisingly this is happening only for google.com and not other sites.

    Read the article

  • How easy is it to alter a browser fingerprint?

    - by JFig
    I am researching this question for a possible paper. Given the exploitation of user identities for risk management and market tracking, how easy is it to alter a browser enough to throw off fingerprinting techniques? My current sources are the EFF Panopticlick project- https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy and Peter Eckersly's follow-up presentation at Def Con 18- http://privacy-pc.com/articles/how-safe-is-your-browser-peter-ackersley-on-personally-identifiable-information-basics.html

    Read the article

  • firefox add-on dialogue box

    - by Bobby S
    was wondering if anyone knew how to disable the add-on update dialogue box that appears after everytime an extension is updated in firefox? i've googled and looked for an about:config setting but could not find any related one.

    Read the article

  • Wordpress Automatic Updating/Installing Plugins Permissions

    - by karmic
    I am using the latest Wordpress and I have always had issues with the automatic updater. For the files in the wordpress directory, i set them to permission 770, and add the webserver user 'www-data' as the group owner. I use lighttpd. However, the automatic updating plugins or installing plugins does not work. It works if I chmod 777 the files or if I set the actual owner to the web server as well. What are the best permission settings for security while still allowing the updating feature to work properly in wordress? Also, by 'not work' i mean, it will go to the screen that asks me for FTP credentials when I try to update.

    Read the article

  • Finding how a hacked server was hacked

    - by sixtyfootersdude
    I was just browsing through the site and found this question: My server's been hacked EMERGENCY. Basically the question says: My server has been hacked. What should I do? The best answer is excellent but it raised some questions in my mind. One of the steps suggested is to: Examine the 'attacked' systems to understand how the attacks succeeded in compromising your security. Make every effort to find out where the attacks "came from", so that you understand what problems you have and need to address to make your system safe in the future. I have done no system admin work so I have no idea how I would start doing this. What would be the first step? I know that you could look in the server log files but as an attacker the first thing that I would do would be errasing the log files. How would you "understand" how the attacks succeeded?

    Read the article

  • Search selected text in Firefox

    - by Jeremy Rudd
    What are the different Firefox extensions that can start a search with the selected text? Firefox has an inbuilt feature to search using the currently selected engine. Select any text Right click the selection Search Google for ... I'm looking for something that will let me choose which search engine I want to search with, from my current list of installed search engines.

    Read the article

  • Are animated GIFs supported in Google Chrome?

    - by user30852
    I have recently been testing a website and found animated gif images that seem to show fine in IE and Firefox but in Google Chrome they only show briefly and then dissapear! This happens if I view the image on the page or view the file directly. Are there any reported problems in displaying GIFs in Chrome, or is it just being fussy? There seemed to have been some problems in older versions of Chrome, but it's hard to believe something as simple as this wouldn't have been fixed by now. The version of Google Chrome I am using is: 4.1.249.1021 Not sure if this is relevant, but some info about the image: Width: 216 pixels Height: 36 pixels Horizontal resolution: 96dpi Vertical resolution: 96dpi Bit Depth: 32 Frame Count: 3 EDIT: Seems to be a problem relating to the latest beta version of Chrome, as it works fine in 4.0.249

    Read the article

  • Is there a work around for the broken IE Tab in Firefox 3.6?

    - by Nathan Fellman
    My Firefox upgraded itself automatically to version 3.6, and I found that IE tab is broken there. Apparently IE tab is known to be broken in this version. Are there any known workarounds such as these? a different plugin with the same functionality a way to tell FF to behave in some legacy or compatibility mode for certain plugins a new version of IE tab In the meanwhile I'm glad that Chrome's current release supports plugins, and IE tab works there.

    Read the article

  • How can I set up VLANs in a way that won't put me at risk for VLAN hopping?

    - by hobodave
    We're planning to migrate our production network from a VLAN-less configuration to a tagged VLAN (802.1q) configuration. This diagram summarizes the planned configuration: One significant detail is that a large portion of these hosts will actually be VMs on a single bare-metal machine. In fact, the only physical machines will be DB01, DB02, the firewalls and the switches. All other machines will be virtualized on a single host. One concern that has been is that this approach is complicated (overcomplicated implied), and that the VLANs are only providing an illusion of security, because "VLAN hopping is easy". Is this a valid concern, given that multiple VLANs will be used for a single physical switch port due to virtualization? How would I setup my VLANs appropriately to prevent this risk? Also, I've heard that VMWare ESX has something called "virtual switches". Is this unique to the VMWare hypervisor? If not, is it available with KVM (my planned hypervisor of choice)?. How does that come into play?

    Read the article

  • I just got a linode VPS a week ago and I've been flagged for SSH scanning...

    - by meder
    I got a 32-bit Debian VPS from http://linode.com and I really haven't done any sort of advanced configuration for securing it ( port 22; password enabled ). It seems somehow there is ssh scanning going on from my IP, I'm being flagged as this is against the TOS. I've been SSHing only from my home Comcast ISP which I run Linux on. Is this a common thing when getting a new vps? Are there any standard security configuration tips? I'm quite confused as to how my machine has been accused of this ssh scanning.

    Read the article

  • How can I flush my ssh keys on power management activity?

    - by Sam Halicke
    Hi all, Using ssh-agent and private keys per the usual. Everything's working as normal. My question regards best practices on flushing keys from ssh-add on activity like sleep, suspend, hibernate, etc. I thought about writing a simple wrapper around those commands, but then wondered if are they even called? Or does the kernel initiate this activity directly? Are the PM utilities strictly userland? I would like this additional layer of security beyond locking my screen, etc. and was wondering if anyone else had solved this elegantly or has best practices to recommend. Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >