Search Results

Search found 27912 results on 1117 pages for 'computer security'.

Page 20/1117 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • security issue of Linux sudo command?

    - by George2
    Hello everyone, 1. I am using Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding? 2. If yes, then is it a security hole? Since users other than root could run with root privilege? thanks in advance, George

    Read the article

  • mod_proxy security

    - by brad
    I'm on Debian Lenny using apache2. in my proxy.conf I tried adding Allow from localhost as suggested in some other forums to get proxying to work. Didn't work. It only worked if I say Allow from all My question is this. Are there any security implications to this Allow from all directive? Most people were saying to make this as limited as possible, but "all" is the client right? I want anyone regardless of their IP to be forwarded properly. Is there a better way to configure this?

    Read the article

  • Setting Sql server security rights for multiple situations

    - by DanDan
    We have an application which uses an instance of Sql Server locally for its backend storage. The administrator windows login has had its sysadmin right revoked, and instead two sql logins have been created; one for the application with a secret password and one read only login we let users view the raw data with. This was working fine until we moved on FileStreams, which requires intergrated windows authentication. So now the sql server logins must be replaced. As a result, I am now reviewing all of our logins but I am not sure how it is possible. It seems that the application needs full read/write access, yet I still need to lock down writing to the tables so the user cannot login into the database and delete data randomly. Does anyone have any tips for setting multiple levels of security using intergrated windows logins, or can you direct me to any further reading? Thanks.

    Read the article

  • Security question pertaining web application deployment

    - by orokusaki
    I am about to deploy a web application (in a couple months) with the following set-up (perhaps anyways): Ubuntu Lucid Lynx with: IP Tables firewall (white-list style with only 3 ports open) Custom SSH port (like 31847 or something) No "root" SSH access Long, random username (not just "admin" or something) with a long password (65 chars) PostgreSQL which only listens to localhost 256 bit SSL Cert Reverse proxy from NGINX to my application server (UWSGI) Assume that my colo is secure (Physical access isn't my concern for the time being) Application-level security (SQL injection, XSS, Directory Traversal, CSRF, etc) Perhaps IP masquerading (but I don't really understand this yet) Does this sound like a secure setup? I hear about people's web apps getting hacked all the time, and part of me thinks, "maybe they're just neglecting something", but the other part of me thinks, "maybe there's nothing you can do to protect your server, and those things are just measures to make it a little harder for script kiddies to get in". If I told you all of this, gave you my IP address, and told you what ports were available, would it be possible for you to get in (assuming you have a penetration testing tool), or is this really protected well.

    Read the article

  • "Account locked out" security event at midnight

    - by Kev
    The last three midnights I've gotten an Event ID 539 in the log...about my own account: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 539 Date: 2010-04-26 Time: 12:00:20 AM User: NT AUTHORITY\SYSTEM Computer: SERVERNAME Description: Logon Failure: Reason: Account locked out User Name: MyUser Domain: MYDOMAIN Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: SERVERNAME Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - It's always within a half minute of midnight. There are no login attempts before it. Right after it (in the same second) there's a success audit entry: Logon attempt using explicit credentials: Logged on user: User Name: SERVERNAME$ Domain: MYDOMAIN Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: MyUser Target Domain: MYDOMAIN Target Logon GUID: - Target Server Name: servername.mydomain.lan Target Server Info: servername.mydomain.lan Caller Process ID: 2724 Source Network Address: - Source Port: - The process ID was the same on all three of them, so I looked it up, and right now at least it maps to TCP/IP Services (Microsoft). I don't believe I changed any policies or anything on Friday. How should I interpret this?

    Read the article

  • modsecurity apache mod-security.conf missing

    - by TechMedicNYC
    Greetings Serverfaultians. I'm not a server guy as you can see from my noob score of 1 point. But maybe those more versed can help me. I'm using Ubuntu v13.10 32-bit Server and Apache2 v2.4.6 and I'm trying to set up and configure modsecurity and modevasive on an internet-exposed production/test server. I am trying to follow this tutorial: http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server. But at step 3: Now add these rules to Apache2. Open a terminal window and enter: sudo vi /etc/apache2/mods-available/mod-security.conf This file does not exist. Any suggestions?

    Read the article

  • Why is autologon in Windows 7 a security risk

    - by Phenom
    If I set my Windows 7 account to automatically logon so I don't have to type a password, and I don't have to click my username on the logon screen, I heard it's a security risk. From Windows 7 Auto Login: Although I don’t personally recommend this, there are some people out there who don’t want to bother with using a password to protect their Windows user account. Of course, using a password in Windows isn’t required, only suggested. But even if you don’t fill one in, you still have to click your user icon to start the login process. An easier way - although again much less secure - is to enable auto-logins for your Windows PC. This is possible in Windows 7, as it was in prior versions, but it takes a little finagling to do so. (And for good reason, darn it.) What is risky about it besides people being able to logon locally? Does it make it easier for hackers to logon remoately?

    Read the article

  • Running PHP scripts as the owner of the PHP file: security issues

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Security issues of running PHP scripts as the owner of the PHP file with suexec

    - by thomasrutter
    I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

    Read the article

  • Chrome - SSL Security issue on Windows platforms?

    - by al nik
    Fortify.net is a service that displays what's the currently encryption key used by your browser in a https connection. If I browse this site with Chrome 4.1.249.1042 in WinXp SP3 the key used is RC4 cipher, 128-bit key This encryption is weak, and it's the one used by old browsers like IE6. Chrome works fine on Fedora9 and it uses AES cipher, 256-bit key as more modern browsers do (i.e.Firefox) I consider this a security issue. I'm considering to switch back to Firefox in Windows. Do you know if it's possible to change the default encryption key in Chrome?

    Read the article

  • Apache security for multi-user development web server.

    - by mrmartinblue
    I've been searching and reading through documents all morning and understand that I need to use some combination of chown and probably 'jailing' to securely give programmers access to directories on my centos webserver. Here's the situation: I have an apache web server that has any number of virtual sites located in /var/www/site1 /var/www/site2 etc.. I have different developers that need full access both ssh and vsFTP to only the site they are working on. What is the best way to create and maintain security in this scenario. My thought would be to create a new user for each coder, jail that user to the website directory they are allowed to work in, add their user to a group and set the webroot's owner to that group. Any thoughts? Good, bad, ugly? Thanks!

    Read the article

  • Computer Components

    - by Martin
    What is the role of a motherboard in terms of how components communicate with the processor (via the system busses). Therefore, for each component, which communication bus is involved and what is the route that data takes from the component to the processor, including; The bus name Whether bus is serial or parallel The name of any bridges involved Also, what is the the role of a bridge The components are: Internal components: Floppy Drive, Hard Drive, CD/DVD Drive, Memory, Processor Power supply, Graphics card & Sound card External devices: Monitor, Keyboard, Mouse (PS2 & USB), Printer, Pen Drive I have absolutely no idea of what the routes are and how motherboards communicate, could someone give me a start here? Thanks.

    Read the article

  • Set security on pattern of sub folders (Server 2003)

    - by Mark Major
    I have a folder structure similar to the one shown below these paragraphs. How do I change security on every 'Photos' folder without clicking through each individually in Windows Explorer? There are about 50 top level folders (Bob, Jim, Eva, etc, etc) which have the same layout of folders inside. I am keen for any suggestions, either scripting or GUI. I am on Windows Server 2003. Cheap/free method would be good, as the company is part of a registered charity. Ideally I would like to do this via DFS path. E.G. \\mycompany.local\Shared\Staff\Bob\ Thanks for reading. Thanks for any info. Mark Bob Review Profile Photos Jim Review Profile Photos Eva Review Profile Photos

    Read the article

  • Editing the Microsoft Security Essentials context-menu

    - by GPX
    As all MSE users would know, the context-menu item that it adds to Explorer is really long, with one whole sentence "Scan with Microsoft Security Essentials...". Is there a way to edit this and shorten it? I figured out the the file shellext.dll is responsible for registering the context menu. I used ResEdit to edit the DLL and changed the string table entry from Scan with ($BrandName) to Scan with MSE. But it still won't change. I've also tried de-registering the DLL and then registering it again. No luck! Any ideas? Or am I doing something wrong?

    Read the article

  • Security measures for CentOS

    - by cappuccinodrinker
    I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

    Read the article

  • Linux Security/Sysadmin Courses in London?

    - by mister k
    Hi, My employer has offered to send me on a couple of training courses and I'm just looking for some recommendations. I'm mainly looking to improve my security and general sysadmin skills. I would like to do something focused on UNIX as I mainly work with Linux boxes (but also a couple of FreeBSD boxes). I don't want to do a study-from-home course, so I would need to find somewhere based in London. It would be great to hear from anyone who has some experience with this kind of course. The courses I've found so far are: www.learningtree.co.uk/courses/uk433.htm www.city.ac.uk/cae/cfa/computing/systems_it/linux.html www.city.ac.uk/cae/cfa/computing/systems_it/unix_tools_ss.html I'm not sure the City University courses are advanced enough as I already have experience... Thanks!

    Read the article

  • Camtasia on remote computer?

    - by daughtkom
    I have a need to use one laptop for a live presentation (with projector, etc.), but record that presentation on another laptop -- similar to what I can do with Camtasia, only with the recording happening on another laptop. Is this possible? What do I need to do this? Some VGA device that goes between the presenting machine and the projector? Some USB device? My ideal requirements: The machines must be "standard" laptops (so I can't just add a new card to a desktop, etc.). I prefer a hardware solution, but cannot involve studio type equipment. I'd prefer not to install Camtasia (or similar) on the presenting machine for two reasons: licensing issues performance issues (sometimes the presentations are machine intensive and I don't want the recording software to interfere with the presentation) I'd appreciate any tips. Thanks.

    Read the article

  • Security considerations for my first eStore.

    - by Rohit
    I have a website through which I am going to sell few products. It is hosted on a simple shared-hosting and does not have SSL. On the products page, each product has a Buy Now button created from my PayPal Merchant account. PayPal recommends to use it's Button Factory to create secure buttons and save it inside PayPal itself. I have followed the same advice and the code of any button is secure and does not disclose any information on either a product or it's price. When the user clicks on a Buy Now button, he/she is taken to PayPal site where a page is opened in SSL for the user to fill in the credit card and shipping details. After a successful transaction, the control is passed back to my site. I want to know whether there is still any chance when security could be compromised.

    Read the article

  • Building My First Computer And Suprise It Isn't Working

    - by BobbShots
    I've had many years of experience working on and around computers, but this was my first foray into building one completely from scratch. So far that foray has been a disaster. My rig is completely assembled, and on its maiden power-up plus many power cycles I noticed three things: There were a few beeps from the BIOS POST upon powering up the first time, but I wasn't paying attention completely to the sequence. However, every time after that there are 0 POST beeps, even after taking off all hardware except the CPU and MB. There was no video being sent to the monitor. I run a HDMI cable from my video card to the monitor. The video card was LOUD. My card is a Sapphire Radeon HD 5870 which is known for not only being a powerhouse, but being pretty quiet. A few times during my power cycles it ran a lot quieter, but most of the time it was just super loud. Can anyone provide help for any of these issues? My MB, CPU, and Video Card are: MB: ASUS P6X58D Premium LGA 1366 Intel X58 SATA 6Gb/s USB 3.0 ATX Intel Motherboard CPU: i7 920 Video Card: Sapphire Radeon HD 5870

    Read the article

  • Internal Linux machine with Apache that I can access by IP address but not computer name

    - by Parris
    I have an Ubuntu machine running LAMP. While on the machine I can type localhost or the computers name to access htdocs. From another machine I can only access the machine via its IP Address. This just started happening recently when someone rearranged the network cables and removed a hub sitting between the machine and the network, which makes me think it wasn't all the stable to begin with anyways. Any suggestions on where I should start looking?

    Read the article

  • Security considerations in providing VPN access to non-company issued computers [migrated]

    - by DKNUCKLES
    There have been a few people at my office that have requested the installation of DropBox on their computers to synchronize files so they can work on them at home. I have always been wary about cloud computing, mainly because we are a Canadian company and enjoy the privacy and being outside the reach of the Patriot Act. The policy before I started was that employees with company issued notebooks could be issued a VPN account, and everyone else had to have a remote desktop connection. The theory behind this logic (as I understand it) was that we had the potential to lock down the notebooks whereas the employees home computers were outside of our grasp. We had no ability to ensure they weren't running as administrator all the time / were running AV so they were a higher risk at being infected with malware and could compromise network security. With the increase in people wanting DropBox I'm curious as to whether or not this policy is too restrictive and overly paranoid. Is it generally safe to provide VPN access to an employee without knowing what their computing environment looks like?

    Read the article

  • Building a workstation computer for Image processing? [closed]

    - by echolab
    I am taking a gigapixel image my goal is 50gigapixel and shooting is almost done , i am doing some research to build a workstation so i can stitch images together , my questions is ! Could u suggest some dual cpu mainboard that works fine with xeon 5500+ , with 64GB+ ram support ? My other question is which hardware is most important in image processing , all i see in story of gigapixel panoramas is they have dual xeon and 32gb+ ram ? i wonder if i am doing this right , i mean they don't post information on graphic card , mainboard and stuff ! I did asked several websites , but nothing best answer was get some high-end workstation and plenty of hours , i don't want to purchase ready to use workstations, i wanna build it up Thanks in advance

    Read the article

  • Will a computer science college degree ever hurt my employability?

    - by Gio Borje
    Too often, I can see that there are many viable programmers without college degrees in Computer Science, Informatics, etc. Now that I've been reading more articles about underperforming education and the insignificance of college degrees (especially as a programmer), will a college degree ever hurt my employability? (Also accounting for four years from now when I do graduate) P.S. I'm going to UC Irvine; would the school itself matter in the significance of the degree?

    Read the article

  • What Precalculus knowledge is required before learning Discrete Math Computer Science topics?

    - by Ein Doofus
    Below I've listed the chapters from a Precalculus book as well as the author recommended Computer Science chapters from a Discrete Mathematics book. Although these chapters are from two specific books on these subjects I believe the topics are generally the same between any Precalc or Discrete Math book. What Precalculus topics should one know before starting these Discrete Math Computer Science topics?: Discrete Mathematics CS Chapters 1.1 Propositional Logic 1.2 Propositional Equivalences 1.3 Predicates and Quantifiers 1.4 Nested Quantifiers 1.5 Rules of Inference 1.6 Introduction to Proofs 1.7 Proof Methods and Strategy 2.1 Sets 2.2 Set Operations 2.3 Functions 2.4 Sequences and Summations 3.1 Algorithms 3.2 The Growths of Functions 3.3 Complexity of Algorithms 3.4 The Integers and Division 3.5 Primes and Greatest Common Divisors 3.6 Integers and Algorithms 3.8 Matrices 4.1 Mathematical Induction 4.2 Strong Induction and Well-Ordering 4.3 Recursive Definitions and Structural Induction 4.4 Recursive Algorithms 4.5 Program Correctness 5.1 The Basics of Counting 5.2 The Pigeonhole Principle 5.3 Permutations and Combinations 5.6 Generating Permutations and Combinations 6.1 An Introduction to Discrete Probability 6.4 Expected Value and Variance 7.1 Recurrence Relations 7.3 Divide-and-Conquer Algorithms and Recurrence Relations 7.5 Inclusion-Exclusion 8.1 Relations and Their Properties 8.2 n-ary Relations and Their Applications 8.3 Representing Relations 8.5 Equivalence Relations 9.1 Graphs and Graph Models 9.2 Graph Terminology and Special Types of Graphs 9.3 Representing Graphs and Graph Isomorphism 9.4 Connectivity 9.5 Euler and Hamilton Ptahs 10.1 Introduction to Trees 10.2 Application of Trees 10.3 Tree Traversal 11.1 Boolean Functions 11.2 Representing Boolean Functions 11.3 Logic Gates 11.4 Minimization of Circuits 12.1 Language and Grammars 12.2 Finite-State Machines with Output 12.3 Finite-State Machines with No Output 12.4 Language Recognition 12.5 Turing Machines Precalculus Chapters R.1 The Real-Number System R.2 Integer Exponents, Scientific Notation, and Order of Operations R.3 Addition, Subtraction, and Multiplication of Polynomials R.4 Factoring R.5 Rational Expressions R.6 Radical Notation and Rational Exponents R.7 The Basics of Equation Solving 1.1 Functions, Graphs, Graphers 1.2 Linear Functions, Slope, and Applications 1.3 Modeling: Data Analysis, Curve Fitting, and Linear Regression 1.4 More on Functions 1.5 Symmetry and Transformations 1.6 Variation and Applications 1.7 Distance, Midpoints, and Circles 2.1 Zeros of Linear Functions and Models 2.2 The Complex Numbers 2.3 Zeros of Quadratic Functions and Models 2.4 Analyzing Graphs of Quadratic Functions 2.5 Modeling: Data Analysis, Curve Fitting, and Quadratic Regression 2.6 Zeros and More Equation Solving 2.7 Solving Inequalities 3.1 Polynomial Functions and Modeling 3.2 Polynomial Division; The Remainder and Factor Theorems 3.3 Theorems about Zeros of Polynomial Functions 3.4 Rational Functions 3.5 Polynomial and Rational Inequalities 4.1 Composite and Inverse Functions 4.2 Exponential Functions and Graphs 4.3 Logarithmic Functions and Graphs 4.4 Properties of Logarithmic Functions 4.5 Solving Exponential and Logarithmic Equations 4.6 Applications and Models: Growth and Decay 5.1 Systems of Equations in Two Variables 5.2 System of Equations in Three Variables 5.3 Matrices and Systems of Equations 5.4 Matrix Operations 5.5 Inverses of Matrices 5.6 System of Inequalities and Linear Programming 5.7 Partial Fractions 6.1 The Parabola 6.2 The Circle and Ellipse 6.3 The Hyperbola 6.4 Nonlinear Systems of Equations

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >