Search Results

Search found 15648 results on 626 pages for 'wcf security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 226/626 | < Previous Page | 222 223 224 225 226 227 228 229 230 231 232 233  | Next Page >

  • How to securely connect to multiple different LDAPS servers (Debian)

    - by Pickle
    I'm trying to connect to multiple different LDAPS servers. A lot of the documentation I've seen recommends setting TLS_REQCERT never, but that strikes me as horribly unsecure to not verify the certificate. So I've set that to demand. All the documentation I've seen says I need to update ldap.conf with a TLS_CACERT directive pointing to a .pem file. I've got that .pem file set up with the certificate from LDAP Server #1, and ldaps connections are happening fine. I've now got to communicate securely with another LDAP server in another branch of my organization, that uses a different certificate. I've seen no documentation on how to do this, except 1 page that says I can simply put multiple (not chained) certificates in the same .pem file. I've done this and everything is working hunky dorey. However, when I told a colleague what I did, he sounded like the sky was falling - putting 2 non-chained certificates into one .pem file is apparently the worst thing since ... ever. Is there a more acceptable way to do this? Or is this the only accepted way?

    Read the article

  • Member of local Administrators group cannot elevate

    - by fixme
    Hi We have just installed the first Windows 7 (professional) workstation in our domain. Its primary user has been added to the local (computer's) Administrators group (computername\Administrators). Still, whenever elevation is needed, his credentials are not accepted, and he is never allowed to act as an administrator. For example, he cannot write a file to C:\ (not that he needs to, but it illustrates the problem). Putting him in the domain's Administrators group doesn't help either (anyway we'd rather not do that). I suspect that he may be the victim of some policy that controls elevation, but can't seem to find it. Can anyone shed some light?

    Read the article

  • Use .htaccess to block *All* access to specific folders.

    - by Urda
    I am not sure how to do this, but I want to block all access to a specific set of folders on my web server. Say secret01 and secret 02... homeDir |- data |- www | |- .htaccess (file) | |- images | |- js | |- secret01 | |- secret02 | |... |... What rule(s) do I need to add to my root .htaccess file to do this? I want all access from the web blocked from going into these folders, period. Only way one could get to them would be over SFTP or SSH. So what rule am I looking for? I am preferably looking for a one-liner so I can add more folders or move it to another site down the road. I really would prefer if the rule could be placed in the .htaccess root file so I don't have to jump all over the place to lock and unlock folders.

    Read the article

  • is there any valid reason for users to request phpinfo()

    - by The Journeyman geek
    I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

    Read the article

  • Outbound ports to allow through firewall - core requirements

    - by dunxd
    This question was asked before, but in a rather general way. I'm asking more specifically based on my current requirements. We have a number of remote offices made up of a bunch of PCs and an ASA 5505 which is used as firewall and VPN termination point. In the offices we share the internet connection with one or more other organisations over whom we have very little control, asides from the config on the ASAs. For a bunch of reasons I'd like to lock down these ASA 5505s to only allow outbound traffic to ports used by applications we know we need. I'm putting a standard config to roll out to all the ASAs, and if we need to open up ports for the other orgs we can do it on request. But I want to leave open the most commonly required ports so we can get up and running without waiting on other folks technical staff to get back. I plan to allow the following TCP ports to support email and web access, which I know everyone will need: POP3 (110 and 995) HTTP (80 and 443) IMAP4 (143 and 993) SMTP (25 and and 465) The question really is, what other ports do I need to leave open to allow for "normal" working? I've seen UDP port 53 for DNS as one. Are there any others that would be worth opening up? Just to note - I'll also be setting up monitoring systems to keep an eye on the ports we do allow. Any of the above could be misused of course. We'll also back all this up with signed agreements. But I'm aiming for a technical solutions where I don't have to start out with the full requirements of everyone we share connections with. See also: outbound ports that are always open

    Read the article

  • Dangers of the pyton eval() statement

    - by LukeP
    I am creating a game. Specifically it is a pokemon battle simulator. I have an sqlite database of moves in which a row looks something like: name | type | Power | Accuracy | PP | Description However, there are some special moves. For said special moves, their damage (and other attributes not shown above, like status effects) may be dependant on certian factors. Rather than create a huge if/else in one of my classes covering the formulas for every one of these moves. I'd rather include another column in the DB that contains a formula in string form, like 'self.health/2'(simplified example). I could then just plug that into eval. I always see people saying to stay away from eval, but from what I can tell, this would be considered an acceptable use, as the dangers of eval only come into play when accepting user input. Am I correct in this assumption, or is there somthing i'm not seeing.

    Read the article

  • Taking user out of MACHINENAME\Users group does not disallow them from authenticating with IIS site

    - by jayrdub
    I have a site that has anonymous access disabled and uses only IIS basic authentication. The site's home directory only has the MACHINENAME\Users group with permissions. I have one user that I don't want to be able to log-in to this site, so I thought all I would need to do is take that user out of the Users group, but doing so still allows him to authenticate. I know it is the Users group that is allowing authentication because if I remove that group's permissions on the directory, he is not allowed to log in. Is there something special about the Users group that makes it so you are actually always a part of it? Is the only solution to revoke the Users group's permissions on the site's home directory and grant a new group access that contains only the allowed users?

    Read the article

  • How to know who accessed a file or if a file has 'access' monitor in linux

    - by J L
    I'm a noob and have some questions about viewing who accessed a file. I found there are ways to see if a file was accessed (not modified/changed) through audit subsystem and inotify. However, from what I have read online, according to here: http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html it says to 'watch/monitor' file, I have to set a watch by using command like: # auditctl -w /etc/passwd -p war -k password-file So if I create a new file or directory, do I have to use audit/inotify command to 'set' watch first to 'watch' who accessed the new file? Also is there a way to know if a directory is being 'watched' through audit subsystem or inotify? How/where can I check the log of a file? edit: from further googling, I found this page saying: http://www.kernel.org/doc/man-pages/online/pages/man7/inotify.7.html The inotify API provides no information about the user or process that triggered the inotify event. So I guess this means that I cant figure out which user accessed a file? Only audit subsystem can be used to figure out who accessed a file?

    Read the article

  • Unauthorized computer use via keyboard or remote access?

    - by brydaverambo
    I’m suspecting my computer is being used when I’m not at home. This is happening either physically or remotely. My wireless switch is off. Is there any way possible to detect and/or monitor activity without purchasing software? My settings are being changed as well as passwords (Bios PW was changed and I cannot access Bios settings). I connect via the network cable. Is it possible for someone (in range) to connect to my laptop even if the wireless switch is off? This is a Dell Inspiron 1720 with the WLAN 1395 card. Here’s the kicker. When I try to download freeware for monitoring activity, I am not allowed to do this! ????

    Read the article

  • Is Exchange protected from/allow back dated emails?

    - by David
    Does Exchange Server adequately protect against backdating items in a mailbox folder? I want to determine from an auditing perspective what level of risk exists/what trust can be put into Exchange database records. Is there a (mis)feature that allows end point users to modify the sent/recieved date fields on their own messages? Is there a reasonable way short of hand editing the files for an Exchange Server admin to make such a change? And most importantly: Is there any kind of "sequence number" that we could use to audit Exchange records for evidence of date manipulation (ex. msg100 = Dec 15, msg101 = Dec 10, msg102 = Dec 16)

    Read the article

  • How to put fear of God (law) into Wi-Fi hacking neighbors [closed]

    - by Shakehar
    I live in an apartment and some new guys have apparently moved into one of the apartments. They have been shamelessly hacking into my WiFi. Mine was initially a WEP encrypted network and out of laziness I just limited and reserved the IPS on my router for the people in my house. Yesterday I had to free up an IP for a guest in my house but before he could join the network these guys connected in. I have changed my encryption to WPA2 and hope they dont have the hardware/patience required to hack into it, but there are many wi-fi networks in my apartment most of which are secured using WEP. I don't really want to call the police on them. Is there any way to deter them from misusing other people's wi-fi ? I have gone through I think someone else has access to my wireless network. What next? but I have already taken the steps mentioned there.

    Read the article

  • Automated VLAN creation with residential Wireless devices

    - by Zephyr Pellerin
    We've got a few WRT devices from Linksys here, and the issue has arisen to deploy them in a relatively small environment, However, in the interest of manageability we'd like to be able to automatically VLAN (ideally NOT subnet) every user from one another. It seems obvious to me that the default firmware isn't capable of this - can OpenWRT/Tomato/DD-WRT support any sort of functionality such that new users are automatically VLANed or otherwise logically separated from other users? It seems like there's an easy IPtables or PF solution here, but I've been wrong before. (If that seemed a little ambiguous, heres an example) User 1 sends DHCP request to server, new VLAN (We'll call VLAN 1) is created, user is placed in that VLAN. Then, user 2 sends a DHCP request and is placed in VLAN 2 etc. etc.

    Read the article

  • What are the best linux permissions to use for my website?

    - by Nic
    This is a Canonical Question about File Permissions on a Linux web server. I have a Linux web server running Apache2 that hosts several websites. Each website has its own folder in /var/www/. /var/www/contoso.com/ /var/www/contoso.net/ /var/www/fabrikam.com/ The base directory /var/www/ is owned by root:root. Apache is running as www-data:www-data. The Fabrikam website is maintained by two developers, Alice and Bob. Both Contoso websites are maintained by one developer, Eve. All websites allow users to upload images. If a website is compromised, the impact should be as limited as possible. I want to know the best way to set up permissions so that Apache can serve the content, the website is secure from attacks, and the developers can still make changes. One of the websites is structured like this: /var/www/fabrikam.com /cache /modules /styles /uploads /index.php How should the permissions be set on these directories and files? I read somewhere that you should never use 777 permissions on a website, but I don't understand what problems that could cause. During busy periods, the website automatically caches some pages and stores the results in the cache folder. All of the content submitted by website visitors is saved to the uploads folder.

    Read the article

  • Using Windows as a gateway to the internet

    - by James Wright
    My customer currently blocks outbound RDP and SSH, which means that none of their employees can get access to external Windows and Linux boxes (at the console level). However, a need has recently arisen to give access to an assortment of RDP and SSH endpoints scattered throughout the internet. The endpoint IP addresses are a moving target, and an access list exists to define what those IP addresses are. So now my customer wants to have a single Windows Server that they control as the sole outbound point for RDP/SSH to the internet. Consider it a jump box to the internet. If one of our admins have an access to this Windows box then they can log on, and from there bounce around to RDP/SSH endpoints on the internet. Is a standard Windows 2008 box going to work as a jump box? For example, I seem to recall that Win2k8 limits the number of users that can log on simultaneously, which means that the jump box may not be accessible if lots of users are on it. Advice as to how to make this work..?

    Read the article

  • Win7 UAC tokens

    - by Talc
    It is known that under win7 UAC you receive 2 tokens when you logon to the system: std user token and admin token. If I disable UAC, what should I get? only admin token? or still both with no consideration to the UAC status?

    Read the article

  • no internet mail group / mail sending and delivery restrictions

    - by Jeff
    I run a win 2k8 a/d server and an win 2k8 exchange 07 server I have a group called 'No Internet Mail', i made it a distribution group. I tried to setup a transport rule on the exchange server that is configured as follows for outgoing: from a member of no internet mail and sent to users outside the organization redirect the message to administrator and send message refused, forwarded to administrator. Please talk to management for external email use. however , when i enable this it forwards everyones emails to me regardless if they are a member of the no internet mail group or not. not sure what im doing wrong, thanks in advanced.

    Read the article

  • Solaris 11 installed, no updates?

    - by Paul De Niro
    I was messing around with solaris and decided to give Solaris 11 a try so I downloaded it from the Oracle website. After installing the OS, I went into the package manager and did an update. It told me that there were to available updates! I find this hard to believe considering that it's running a vulnerable version of firefox and java, its own in-house software product! Many of the other software products that came with the default install are also out of date and vulnerable. Is this normal for an Oracle install, or did I do something wrong with the upgrade process? I typed "pkg update" at the prompt, and I noticed that it did call out to pkg.oracle.com looking for updates. I find it bizarre that there are no updates available for an OS that was released a couple months ago with vulnerable software...

    Read the article

  • can i use an ip-list include file for iptable blacklisting

    - by rubo77
    I would like to block all countries except mine in iptables, that is a lits with about 100.000 Entries. how can i define this blacklistfile in a script, so iptables blocks all those ip-ranges? maybe i can use http://www.ipdeny.com/ipblocks/data/countries/ that provides lists in the form 117.55.192.0/20 117.104.224.0/21 119.59.80.0/21 121.100.48.0/21 ... i want to be able to change the blacklistfile easily without having to change the iptables-script

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 222 223 224 225 226 227 228 229 230 231 232 233  | Next Page >