Search Results

Search found 29222 results on 1169 pages for 'network security'.

Page 28/1169 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • OpenBSD has open ports in default installation

    - by celil
    I have been considering replacing Ubuntu with OpenBSD to improve the security on my local server. I need to have ssh access to it, and I also need it to serve static web content - so the only ports I need open are 22 and 80. However, when I scan my server for open ports after installing OpenBSD 4.8, and enabling ssh and http at /etc/rc.conf httpd_flags="" sshd_flags="" I discovered that it had several other open ports: Port Scan has started… Port Scanning host: 192.168.56.102 Open TCP Port: 13 daytime Open TCP Port: 22 ssh Open TCP Port: 37 time Open TCP Port: 80 http Open TCP Port: 113 ident ssh (22) and http (80) should be open as I enabled httpd and sshd, but why are the other ports open, and should I worry about them creating additional security vulnerabilities? Should they be open in a default installation?

    Read the article

  • TV network capabilities.

    - by Narcolapser
    Question: Can the major TV producer's internet TV systems access network resource? Info: I'm looking for large TV's right now for my company to set up in conference rooms. We want the ability to load presentations with out having to have a computer to do so. Our hope is to put things on to network drives and access and display them from there. I've heard that LG's can do this if you convert the power point file in to a show format. that's fine. I just need to get this information to the TV with out the computer attached. Can anyone tell me if companies like LG, Vizio, Sony, Samsung, etc. have TV's that are capable of doing this? Thanks ~n

    Read the article

  • Un-balanced network speed although using fiberoptic cable line

    - by Hoàng Long
    I'm not sure this is a right place to ask this question, but there's a strange thing that I don't quite sure what the reason is. My company has hired a fiberoptic cable line for network use (Wifi and cable through a router). But the strange thing is that, whenever someone view YouTube or listen stream music, then network speed for all the others become extremely slow. The download speed for that person is about 4-5 MB/s (or more), but others suffer. I'm still a newbie about networking. But I know there should be a solution. Could anyone tell me a way to stop this bad behavior? It's not possible for asking people not viewing YouTube, since that's part of their jobs. Any insights about this problem would be very welcome.

    Read the article

  • Error message when renaming files on a network drive stored in Windows 7 favorites

    - by paulmorriss
    I have a network drive mapped to a share on a Window Server 2003. I have a shortcut to this drive stored in my Windows 7 favorites. When I double click the shortcut and then rename a file on the drive, if the file is longer than 8 chars or contains spaces then I get this error The drive that this file or folder is stored on does not allow long file names, or names containing blanks or any of the following characters:... If I get to the network drive by click on it in the tree under computer then it works fine. Is there a way to get round this?

    Read the article

  • Server Config on Github Security Considerations?

    - by Alan Griffith
    What are the security considerations of having my server configs in a repo on Github with world read-only access. I know to not include /etc/shadow and other password files. I'd like to share any of my good ideas and allow others to contribute, but I don't want to roll out a welcome mat for crackers.

    Read the article

  • Network with bridge and port forwarding?

    - by rafek
    Hi! Below is my current (and planned) home network configuration. I would like to connect my non-wifi-capable desktop to my home network. The question is: HOW? What device do I need? The primary requiremen is that I need to be able to forward ports to my desktop. How would I achieve this? Is there something like "double port forwarding"? Could anyone please explain this configuration to me? Thank you in advance!

    Read the article

  • Belarc Advisor (Store Passwords using Reversible Encryption)

    - by Steve
    Hi, I'm using Belarc Advisor to examine my PC. Part of BA is a security benchmark summary, which examines components of windows security and provides a benchmark rating. Two items are marked as Fail: - Store Passwords using Reversible Encryption - Password History Size I have opened the Local Security Settings tool from the Control Panel Administrative Tools, and ensured that the "Store passwords using reversible encryption" setting is enabled. Also, I've set the password history to a number. So I'm a bit miffed about the Fail marks. Any idea why the Fail marks appear? Any clues how I can Pass them? Thanks, Steve.

    Read the article

  • Enumerating network shares with NetBIOS

    - by Karrax
    Hello, I have a case where I need to find all connectable shares on my network, and preferably as much information about the share possible. I could do this manually but its quite a big network and it would be too slow. If I did it manually Im guessing I would do something like net view net use //hostname <browse it manually> This would however not give me hidden shares so its not a viable option. Does anyone know of a tool which can help me out in this case? I already tried Sysinternals ShareEnum but it did not work properly. It did a half decent job, but it gave me access denied on tons of shares that was actually open. Any tips in how I can script this is also appriciated. Thank you

    Read the article

  • Security camera for HQ and remote sites?

    - by Atlas
    We want to install security cams at HQ site and 3 remotes sites. Basically: (1) Each site would have N cams (2) Each site should have DVR locally to record everything. What we want is that HQ to be able to see the live/recorded videos of each remote site and including itself. Preferably HQ would have 1 large screen, and display all cams of itself and remotes sites, say showing it in 32x32 cells. Does such system exists?

    Read the article

  • Network Monitoring Tool Recommendation

    - by user42801
    Hello, My company is looking for a monitoring app/tool that would allow us to capture and graph statistics on network performance. As a starting point, we would like to ping remote host(s) and gateway(s) from several of our servers, grab an average of the ping times from each of our servers to the remote host(s), and then graph it (preferably in a central location). Also, we would like to be able to graph the results for time frames as short as a week to as long as 6 months. It is reasonable to expect that we would ask more of the selected monitoring app/tool as we come up with other key network performance indicators in the future. So an app with great flexibility and features would be ideal. Upon first glance, Cacti looks like it might be a fit. Any other recommendations? Thanks in advance for any input.

    Read the article

  • Why doesn't the network drive not automatically connect?

    - by Sheldon
    I've set up samba on my Ubuntu desktop. It appears to be something to do with the server. With all user accounts on Ubuntu(except the default one I use all the time) windows isn't able to/doesn't automatically map the network drive. In other words: I am only able to to automatically map the network drive on windows with only one of the accounts created on Ubuntu. Edit: I am able to connect using other accounts, I'm just not able to automatically map using those credentials. Details: Windows 7, Ubuntu 12.10

    Read the article

  • Troubleshooting Network Speeds -- The Age Old Inquiry

    - by John K
    I'm looking for help with what I'm sure is an age old question. I've found myself in a situation of yearning to understand network throughput more clearly, but I can't seem to find information that makes it "click" We have a few servers distributed geographically, running various versions of Windows. Assuming we always use one host (a desktop) as the source, when copying data from that host to other servers across the country, we see a high variance in speed. In some cases, we can copy data at 12MB/s consistently, in others, we're seeing 0.8 MB/s. It should be noted, after testing 8 destinations, we always seem to be at either 0.6-0.8MB/s or 11-12 MB/s. In the building we're primarily concerned with, we have an OC-3 connection to our ISP. I know there are a lot of variables at play, but I guess I was hoping the experts here could help answer a few basic questions to help bolster my understanding. 1.) For older machines, running Windows XP, server 2003, etc, with a 100Mbps Ethernet card and 72 ms typical latency, does 0.8 MB/s sound at all reasonable? Or do you think that slow enough to indicate a problem? 2.) The classic "mathematical fastest speed" of "throughput = TCP window / latency," is, in our case, calculated to 0.8 MB/s (64Kb / 72 ms). My understanding is that is an upper bounds; that you would never expect to reach (due to overhead) let alone surpass that speed. In some cases though, we're seeing speeds of 12.3 MB/s. There are Steelhead accelerators scattered around the network, could those account for such a higher transfer rate? 3.) It's been suggested that the use SMB vs. SMB2 could explain the differences in speed. Indeed, as expected, packet captures show both being used depending on the OS versions in play, as we would expect. I understand what determines SMB2 being used or not, but I'm curious to know what kind of performance gain you can expect with SMB2. My problem simply seems to be a lack of experience, and more importantly, perspective, in terms of what are and are not reasonable network speeds. Could anyone help impart come context/perspective?

    Read the article

  • Optimize Windows file access over network

    - by Djizeus
    At my company I frequently need to access shared files over a Windows network. These files are located on the other side of the planet, so I guess the file share goes through some kind of VPN over Internet, but I don't control this and it is supposed to be "transparent" for me. However it is extremely slow. Displaying the content of a directory in the file explorer takes about 10s. Even if over the Internet, I did not expect that retrieving a list of file names would be that long. Are there any settings to optimize this from my Windows XP workstation, or is it mostly related to the way the network is configured? The only thing I have found so far is to cache all file names, while by default only short file names are cached (http://support.microsoft.com/kb/843418).

    Read the article

  • Exchange 2010 allows outside access to network files

    - by user2891127
    One of our users discovered by accident he could access our network files from his smartphone while at home. No VPN needed. He was sent an email with an internal link to a network share on his android. When he opened the email and clicked on the link, he could browse our files while at home. Looking at the access logs, the connection to the share and files he accessed came from our mail server (Exchange 2010). We have no sharepoint servers running at all, and certainly not on the Exchange server. What is this function/feature called, and is it possible to turn this function/feature off? Should I turn this off?

    Read the article

  • batch file to disable network share on Windows XP

    - by Robb
    Loosely related to this question Network Share causing Cygwin to run slowly after 'ls', I'd like to write a little batch file that I can execute to disconnect the host from any network shares and subsequently another batch file to reconnect. Ideally, this would be something that I can execute from a PuTTY terminal, SSHed into the box running cygwin. I'm pretty sure the batch files can be written easily, but I don't know about executing them from a PuTTY terminal. Regardless, I'd still like the batchfiles anyways. For the sake of simplicity my process would be: Log into server via PuTTY Run batch files to disconnect shares Do what I need to do Run batch files to reconnect shares Exit session, closing PuTTY

    Read the article

  • Limiting database security

    - by Torbal
    A number of texts signify that the most important aspects offered by a DBMS are availability, integrity and secrecy. As part of a homework assignment I have been tasked with mentioning attacks which would affect each aspect. This is what I have come up with - are they any good? Availability - DDOS attack Integrity Secrecy - SQL Injection attack Integrity - Use of trojans to gain access to objects with higher security roles

    Read the article

  • Windows 7 Mapped Network Drive Multiplying to Create Duplicates all the way to Z:

    - by bendiy
    A strange issue came in today from some users. At least two Windows 7 x64 boxes that have duplicate mappings of a network drive. The drive is not mapped with a log in script, but done manual through "Map Network Drive". Everything has been fine for months, but all of the sudden, Explorer looks like this: Files (\\fileServerPath) (S:) Files (\\fileServerPath) (T:) Files (\\fileServerPath) (U:) Files (\\fileServerPath) (V:) Files (\\otherServerPath) (W:) Files (\\fileServerPath) (X:) Files (\\fileServerPath) (Y:) Files (\\fileServerPath) (Z:) There are some other networks drives mixed in there that did not duplicate. The drive is normally mapped to S:\, but it decided to make its way to Z:. What is going on here? I've found this and will be trying soon: http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/b5647cc3-15d0-4776-bb00-a869bd8f930b

    Read the article

  • Windows 7 not showing other computers on network

    - by user24559
    I have several other machines that are on other operating systems (XP, etc.) and they show up just fine on other machines NOT running Windows 7. However, they do not show on the Windows 7 "Network" area. I can directly access them by typing the computer (\\mycomputer), then they show up on the list. However, they don't stick around and when I close Windows Explorer and open it again, the computer is not listed again in Network. There was never a problem using Windows XP where all the machines showed up just fine. This is not an access problem but a listing problem.

    Read the article

  • How to create a virtual network with Azure Connect

    - by Herve Roggero
    If you are trying to establish a virtual network between machines located in disparate networks, you can either use VPN, Virtual Network or Azure Connect. If you want to establish a connection between machines located in Windows Azure, you should consider using the Virtual Network service. If you want to establish a connection between local machines and Virtual Machines in Windows Azure, you may be able to use your existing VPN device (assuming you have one), as long as the device is supported by Microsoft. If the VPN device you are using isn’t supported, or if you are trying to create a virtual network between machines from disparate networks (such as machines located in another cloud provider), you can use Azure Connect. This blog post explains how Azure Connect can help you create virtual networks between multiple servers in the cloud, various servers in different cloud environments, and on-premise. Note: Azure Connect is currently in Technical Preview. About Azure Connect Let’s do a quick review of Azure Connect. This technology implements an IPSec tunnel from machines to to a relay service located in the Microsoft cloud (Azure). So in essence, Azure Connect doesn’t provide a point-to-point connection between machines; the network communication is tunneled through the relay service. The relay service in turn offers a mechanism to enforce basic communication rules that you define through Groups. We will review this later. You could network two or more VMs in the Azure cloud (although you should consider using a Virtual Network if you go this route), or servers in the Azure cloud and other machines in the Amazon cloud for example, or even two or more on-premise servers located in different locations for which a direct network connection is not an option. You can place any number of machines in your topology. Azure Connect gives you great flexibility on how you want to build your virtual network across various environments. So Azure Connect makes sense when you want to: Connect machines located in different cloud providers Connect on-premise machines running in different locations Connect Azure VMs with on-premise (if you do not have a VPN device, or if your device is not supported) Connect Azure Roles (Worker Roles, Web Roles) with on-premise servers or in other cloud providers The diagram below shows you a high level network topology that involves machines in the Windows Azure cloud, other cloud providers and on-premise. You should note that the only required component in this diagram is the Relay itself. The other machines are optional (although your network is useful only if you have two or more machines involved). Relay agents are currently available in three geographic areas: US, Europe and Asia. You can change which region you want to use in the Windows Azure management portal. High Level Network Topology With Azure Connect Azure Connect Agent Azure Connect establishes a virtual network and creates virtual adapters on your machines; these virtual adapters communicate through the Relay using IPSec. This is achieved by installing an agent (the Azure Connect Agent) on all the machines you want in your network topology. However, you do not need to install the agent on Worker Roles and Web Roles; that’s because the agent is already installed for you. Any other machine, including Virtual Machines in Windows Azure, needs the agent installed.  To install the agent, simply go to your Windows Azure portal (http://windows.azure.com) and click on Networks on the bottom left panel. You will see a list of subscriptions under Connect. If you select a subscription, you will be able to click on the Install Local Endpoint icon on top. Clicking on this icon will begin the download and installation process for the agent. Activating Roles for Azure Connect As previously mentioned, you do not need to install the Azure Connect Agent on Worker Roles and Web Roles because it is already loaded. However, you do need to activate them if you want the roles to participate in your network topology. To do this, you will need to click on the Get Activation Token icon. The activation token must then be copied and placed in the configuration file of your roles. For more information on how to perform this step, visit MSDN at http://msdn.microsoft.com/en-us/library/windowsazure/gg432964.aspx. Firewall Rules Note that specific firewall rules must exist to allow the agent to communicate through the Relay. You will need to allow TCP 443 and ICMPv6. For additional information, please visit MSDN at http://msdn.microsoft.com/en-us/library/windowsazure/gg433061.aspx. CA Certificates You can optionally require agents to sign their activation request with the Relay using a trusted certificate issued by a Certificate Authority (CA). Click on Activation Options to learn more. Groups To create your network topology you must first create a group. A group represents a logical container of endpoints (or machines) that can communicate through the Relay. You can create multiple groups allowing you to manage network communication differently. For example you could create a DEVELOPMENT group and a PRODUCTION group. To add an endpoint you must first install an agent that will create a virtual adapter on the machine on which it is installed (as discussed in the previous section). Once you have created a group and installed the agents, the machines will appear in the Windows Azure management portal and you can start assigning machines to groups. The next figure shows you that I created a group called LocalGroup and assigned two machines (both on-premise) to that group. Groups and Computers in Azure Connect As I mentioned previously you can allow these machines to establish a network connection. To do this, you must enable the Interconnected option in the group. The following diagram shows you the definition of the group. In this topology I chose to include local machines only, but I could also add worker roles and web roles in the Azure Roles section (you must first activate your roles, as discussed previously). You could also add other Groups, allowing you to manage inter-group communication. Defining a Group in Azure Connect Testing the Connection Now that my agents have been installed on my two machines, the group defined and the Interconnected option checked, I can test the connection between my machines. The next screenshot shows you that I sent a PING request to DEVLAP02 from DEVDSK02. The PING request was successful. Note however that the time is in the hundreds of milliseconds on average. That is to be expected because the machines are connecting through the Relay located in the cloud. Going through the Relay introduces an extra hop in the communication chain, so if your systems rely on high performance, you may want to conduct some basic performance tests. Sending a PING Request Through The Relay Conclusion As you can see, creating a network topology between machines using the Azure Connect service is simple. It took me less than five minutes to create the above configuration, including the time it took to install the Azure Connect agents on the two machines. The flexibility of Azure Connect allows you to create a virtual network between disparate environments, as long as your operating systems are supported by the agent. For more information on Azure Connect, visit the MSDN website at http://msdn.microsoft.com/en-us/library/windowsazure/gg432997.aspx. About Herve Roggero Herve Roggero, Windows Azure MVP, is the founder of Blue Syntax Consulting, a company specialized in cloud computing products and services. Herve's experience includes software development, architecture, database administration and senior management with both global corporations and startup companies. Herve holds multiple certifications, including an MCDBA, MCSE, MCSD. He also holds a Master's degree in Business Administration from Indiana University. Herve is the co-author of "PRO SQL Azure" from Apress and runs the Azure Florida Association (on LinkedIn: http://www.linkedin.com/groups?gid=4177626). For more information on Blue Syntax Consulting, visit www.bluesyntax.net. Special Thanks I would like thank those that helped me figure out how Azure Connect works: Marcel Meijer - http://blogs.msmvps.com/marcelmeijer/ Michael Wood - Http://www.mvwood.com Glenn Block - http://www.codebetter.com/glennblock Yves Goeleven - http://cloudshaper.wordpress.com/ Sandrino Di Mattia - http://fabriccontroller.net/ Mike Martin - http://techmike2kx.wordpress.com

    Read the article

  • Network unreachable on Ubuntu guest after trying to set up a host only network on Virtualbox

    - by gkb0986
    I have a Mac OS X host and a bunch of guests including Ubuntu and Arch Linux. I was trying to set up a host-only network at eth1 to let me ssh into the system. But now eth0 isn't working properly either. Ubuntu can no longer connect to remote hosts or browse the internet. It tells me that the network is unreachable. What's gone wrong here? I've included some diagnostics below. $ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10968 errors:0 dropped:0 overruns:0 frame:0 TX packets:10968 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:897264 (897.2 KB) TX bytes:897264 (897.2 KB) Other diagnostic commands and the output: $sudo lspci -n 00:00.0 0600: 8086:1237 (rev 02) 00:01.0 0601: 8086:7000 00:01.1 0101: 8086:7111 (rev 01) 00:02.0 0300: 80ee:beef 00:03.0 0200: 8086:100e (rev 02) 00:04.0 0880: 80ee:cafe 00:05.0 0401: 8086:2415 (rev 01) 00:06.0 0C03: 106B:003F 00:07.0 0680: 8086:7113 (REV 08) 00:0D.0 0106: 8086:2829 (REV 02) $sudo lshw -c network *-network DISABLED description: Ethernet interface product: 82540EM Gigabit Ethernet Controller vendor: Intel Corporation physical id: 3 bus info: pci@0000:00:03.0 logical name: eth0 version: 02 serial: 08:00:27:7d:22:df size: 1Gbit/s capacity: 1Gbit/s width: 32 bits clock: 66MHz capabilities: pm pcix bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k8-NAPI duplex=full firmware=N/A latency=64 link=no mingnt=255 multicast=yes port=twisted pair speed=1Gbit/s resources: irq:19 memory:f0000000-f001ffff ioport:d010(size=8) $lsmod Module Size Used by nls_utf8 12557 1 isofs 40257 1 vboxsf 43743 2 vesafb 13844 1 snd_intel8x0 38570 2 snd_ac97_codec 134869 1 snd_intel8x0 ac97_bus 12730 1 snd_ac97_codec snd_pcm 97275 2 snd_intel8x0,snd_ac97_codec snd_seq_midi 13324 0 snd_rawmidi 30748 1 snd_seq_midi snd_seq_midi_event 14899 1 snd_seq_midi rfcomm 47604 0 snd_seq 61929 2 snd_seq_midi,snd_seq_midi_event bnep 18281 2 bluetooth 180113 10 rfcomm,bnep ppdev 17113 0 psmouse 97519 0 snd_timer 29990 2 snd_pcm,snd_seq joydev 17693 0 snd_seq_device 14540 3 snd_seq_midi,snd_rawmidi,snd_seq vboxvideo 12622 1 serio_raw 13211 0 snd 79041 11 snd_intel8x0,snd_ac97_codec,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device soundcore 15091 1 snd vboxguest 235498 7 vboxsf parport_pc 32866 0 drm 241971 2 vboxvideo i2c_piix4 13301 0 snd_page_alloc 18529 2 snd_intel8x0,snd_pcm mac_hid 13253 0 lp 17799 0 parport 46562 3 ppdev,parport_pc,lp usbhid 47238 0 hid 99636 1 usbhid e1000 108589 0

    Read the article

  • How to deal with transport level security policy with OSB

    - by Jian Liang
    Recently, we received a use case for Oracle Service Bus (OSB) 11gPS4 to consume a Web Service which is secured by HTTP transport level security policy. The WSDL of the remote web service looks like following where the part marked in red shows the security policy: <?xml version='1.0' encoding='UTF-8'?> <definitions xmlns:wssutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="https://httpsbasicauth" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="https://httpsbasicauth" name="HttpsBasicAuthService"> <wsp:UsingPolicy wssutil:Required="true"/> <wsp:Policy wssutil:Id="WSHttpBinding_IPartyServicePortType_policy"> <wsp:ExactlyOne> <wsp:All> <ns1:TransportBinding xmlns:ns1="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <ns1:TransportToken> <wsp:Policy> <ns1:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </ns1:TransportToken> <ns1:AlgorithmSuite> <wsp:Policy> <ns1:Basic256/> </wsp:Policy> </ns1:AlgorithmSuite> <ns1:Layout> <wsp:Policy> <ns1:Strict/> </wsp:Policy> </ns1:Layout> </wsp:Policy> </ns1:TransportBinding> <ns2:UsingAddressing xmlns:ns2="http://www.w3.org/2006/05/addressing/wsdl"/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <types> <xsd:schema> <xsd:import namespace="https://proxyhttpsbasicauth" schemaLocation="http://localhost:7001/WS/HttpsBasicAuthService?xsd=1"/> </xsd:schema> <xsd:schema> <xsd:import namespace="https://httpsbasicauth" schemaLocation="http://localhost:7001/WS/HttpsBasicAuthService?xsd=2"/> </xsd:schema> </types> <message name="echoString"> <part name="parameters" element="tns:echoString"/> </message> <message name="echoStringResponse"> <part name="parameters" element="tns:echoStringResponse"/> </message> <portType name="HttpsBasicAuth"> <operation name="echoString"> <input message="tns:echoString"/> <output message="tns:echoStringResponse"/> </operation> </portType> <binding name="HttpsBasicAuthSoapPortBinding" type="tns:HttpsBasicAuth"> <wsp:PolicyReference URI="#WSHttpBinding_IPartyServicePortType_policy"/> <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/> <operation name="echoString"> <soap:operation soapAction=""/> <input> <soap:body use="literal"/> </input> <output> <soap:body use="literal"/> </output> </operation> </binding> <service name="HttpsBasicAuthService"> <port name="HttpsBasicAuthSoapPort" binding="tns:HttpsBasicAuthSoapPortBinding"> <soap:address location="https://localhost:7002/WS/HttpsBasicAuthService"/> </port> </service> </definitions> The security assertion in the WSDL (marked in red) indicates that this is the HTTP transport level security policy which requires one way SSL with default authentication (aka. basic authenticate with username/password). Normally, there are two ways to handle web service security policy with OSB 11g: Use WebLogic 9.x policy Use OWSM Since OSB doesn’t support WebLogic 9.x WSSP transport level assertion (except for WS transport), when we tried to create the business service based on the imported WSDL, OSB complained with the following message: [OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button. Unfortunately, when tried with OWSM, we couldn’t find http_token_policy from OWSM since OSB PS4 doesn’t support OWSM http_token_policy. It seems that we ran into an unsupported situation that no appropriate policy can be used from both WebLogic and OWSM. As this security policy requires one way SSL with basic authentication at the transport level, a possible workaround is to meet the remote service's requirement at transport level without using web service policy. We can simply use OSB to establish SSL connection and provide username/password for authentication at the transport level to the remote web service. In this case, the business service within OSB will be transparent to the web service policy. However, we still need to deal with OSB console’s complaint related to unsupported security policy because the failure of WSDL validation prohibits OSB console to move forward. With the help from OSB Product Management team, we finally came up with the following solutions: Solution 1: OSB PS5 The good news is that the http_token_policy is made available in OSB PS5. With OSB PS5, you can simply add OWSM oracle/wss_http_token_over_ssl_client_policy to the business service. The simplest solution is to upgrade to OSB PS5 where the OWSM solution is provided out of the box. But if you are not in a position where upgrading is an immediate option, you might want to consider other two workaround solutions described below. Solution 2: Modifying WSDL This solution addresses OSB console’s complaint by removing the security policy from the imported WSDL within OSB. Without the security policy, OSB console allows the business service to be created based on modified WSDL.  Please bear in mind, modifying WSDL is done only for the OSB side via OSB console, no change is required on the remote Web Service. The main steps of this solution: Connect to OSB console import the remote WSDL into OSB remove security assertion (the red marked part) from the imported WSDL create a service account. In our sample, we simply take the user weblogic create the business service and check "Basic" for Authentication and select the created service account make sure that OSB consumes the web service via https. This solution requires modifying WSDL. It is suitable for any OSB version (10g or OSB 11g version) prior to PS5 without OWSM. However, modifying WSDL by hand is troublesome as it requires the user to remember that the original WSDL was edited.  It forces you to make the same edit each time you want to re-import the service WSDL when changes occur at the service level. This also prevents you from using UDDI to import WSDL.  Solution 3: Using original WSDL This solution keeps the WSDL intact and ignores the embedded policy by using OWSM. By design, OWSM doesn’t like WSDL with embedded security assertion. Since OWSM doesn’t provide the feature to explicitly ignore the embedded policy from a remote WSDL, in this solution, we use OWSM in a tricky way to ignore the embedded policy. Connect to OSB console import the remote WSDL into OSB create a service account create the business service in which check "Basic" for Authentication and select the created service account as the imported WSDL is intact, the OSB Kernel:398133 error is expected ignore this error message for the moment and navigate to the Policies Page of business service Select “From OWSM Policy Store” and click “Add” button, the list of policies will pop-up Here is the tricky part: select an arbitrary policy, and click “Cancel” Update and save By clicking “Cancel’ button, we didn’t add any OWSM policy to business service, but the embedded policy is ignored. Yes, this is tricky. According to Oracle OSB Product Manager, the future release of OWSM will add a button “None” which allows to ignore the embedded policy explicitly. This solution keeps the imported WSDL intact which is the big advantage over the solution 2. It is suitable for OSB 11g (version prior to PS5) domain with OWSM configured. This blog addressed the unsupported transport level web service security policy with OSB PS4. To summarize, if you are using OSB PS5 or in a position to upgrade to PS5, the recommendation is to use OWSM OOTB transport level security policy directly. With the release prior to 11g PS5, you can consider the solution 2 or 3 depending on if OWSM is configured.

    Read the article

  • Running .net application over a network

    - by Marlon
    Hello, I need some advice please. I need to enable a .Net application to run over a network share, the problem is that this will be on clients network shares and so the path will not be identical. I've had a quick look at ClickOnce and the publish options in VS2008 but it wants a specific network share location - and I'm assuming this location gets stored somewhere when it does its thing. At the moment the job is being done with a old VB6 application and so gets around all these security issues, but that application is poorly written and almost impossible to maintain so it really needs to go. Is it possible for the domain controller to be set up to allow this specific .Net application to execute? Any other options would be welcomed as I want to get this little application is very business critical. I aught to say that the client networks are schools, and thus are often quite locked down as are the client machines, so manually adding exceptions to each client machine is a big no no. Marlon

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >