Search Results

Search found 5864 results on 235 pages for 'secure gateway'.

Page 35/235 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

  • Transparent proxy which preserves client mac address

    - by A G
    I have a customer that wants to intercept SSL traffic as it leaves their network. My proposed solution is to setup a proxy that is transparent and both layer 2 and layer 3 so it can simply be dropped into their network without any change in config required. The proxy has two NICs, one connected to the server, the other to the client. The client, proxy and gateway are under control of the customer, the server is not. For example: client --- Proxy --- gateway -|- server I have my proxy program configured with IP_TRANSPARENT socket option to it can respond to connections destined for a remote IP. I am using the following setup: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 3128 --tproxy-mark 1/1 iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 1 ip rule add fwmark 1/1 table 1 ip route add local 0.0.0.0/0 dev lo table 1 The client in question is on its own subnet and has been configured so that the proxy is the default gateway. The result is: Client sends a frame to the proxy; source IP is client, source mac is client, destination IP is server, destination mac is proxy Proxy forwards this frame to the gateway; source IP is proxy, source mac is proxy, destination IP is server, destination mac is gateway Gateway forwards this to the server and gets a response back. Gateway sends reply back to proxy; source IP is server, source mac is gateway, destination IP is proxy, destination mac is proxy Proxy forwards this reply to client; source IP is server, source mac is proxy, destination IP is client, destination mac is client. The tproxy and iptables configuration lets the proxy send packets with a non local ip address. Is there a way to make something transparent at the mac address level? That is, put the client on the same subnet as the gateway. The gateway sees the source IP and mac as that of the client, even though they originated from the proxy. Could this be done by configuring the proxy as a bridge then use ebtables to escalate the traffic to be handled by iptables? When I use ebtables to push something up to iptables, it appears my proxy program doesn't respond to the packets as they are destined for the gateways's mac address, not the proxy's. What are some other potential avenues I could investigate? EDIT: When the client and gateway are on different subnets (and client has set the proxy as the gateway), it works as described in 1 to 5. But I want to know if it is possible to have the client and gateway on the same subnet and have the proxy fully transparent (ie client is not aware of the proxy). Thanks! EDIT 2: I can configure the proxy as a bridge using brctl, but cannot find a way to direct this traffic to my proxy program - asked here Possible for linux bridge to intercept traffic?. Currently, with the description numbered 1 to 5, it operates at layer 3; it is transparent on the client side (client thinks it is talking to the server's IP), but not on the gateway side (gateway is talking to the proxy's IP). What I want to find out is, is it possible to make this operate at layer 2, so it is fully transparent? What are the available options I should research? Thanks

    Read the article

  • Subscription Management with Merchant Account via API

    - by Josh
    I'm researching gateways/vendors that provide the ability to create subscription based transitions for merchant accounts. In other words, I want to allow customers to signup for a subscription for a website service that charges once a month. Authorize.Net has an ARB (Automated Recurring Billing) Module. The cost is cheap, $10 a month for the service, with unlimited subscriptions, and they have an API that allows XML or SOAP access to create, update and cancel. The LARGE negative of the service is that it doesn't have elegant way to obtain the current status of a subscription. They can send a daily email with an attached CSV file, or someone can login into the site and review statuses – neither is an enterprise solution. The parent company "CyberSource" has a "Recurring Billing Service" which implies a more robust solution, including API access to subscription information. I’m currently waiting for a sales call back on costs related to the service. I also looked at PayPal's Recurring Billing Service, but that appears to require that users are redirected to the PayPal site to signup for the subscription -- again, not an an elegant solution. Does anyone know of any other vendors/gateways that offer subscription service, that meet the following criteria: Vendor/Gateway must host the credit card number and be PCI compliant Have an API that accessible via a Web Service, Post over HTTPS or SOAP Have an API that allows querying the status of subscriptions and/or the ability to query for activity since a certain date. Thanks in advance for your suggestions.

    Read the article

  • How do I get netcat to accept connections from outside the LAN?

    - by Chris
    I'm using netcat as a backend to shovel data back and forth for a program I'm making. I tested my program on the local network, and once it worked I thought it would be a matter of simply forwarding a port from my router to have my program work over the internet. Alas! This seems not to be the case. If I start netcat listening on port 6666 with: nc -vv -l -p 6666, then go to 127.0.0.1:6666 in a browser, as expected I see a HTTP GET request come through netcat (and my browser sits waiting in vain). If I go to my.external.ip.address:6666, however, nothing comes through at all and the browser displays 'could not connect to my.external.ip.address:6666'. I know that the port is correctly forwarded, as www.canyouseeme.org says port 6666 is open (and when netcat is not listening, that its closed). If I run netcat with -g my.adslmodem's.local.address to set the gateway address, I get the same behavior. Am I using this command line option correctly? Any insight as to what I'm doing wrong?

    Read the article

  • How to hold payment in paygate for a while?

    - by Fero
    HI all, I have a query regarding holding the payment in PAYGATE PAYMENT GATEWAY. Here is the problem in brief. I am doing a website where the payment should be made only a certain members buy the product. For Example if there is an iPhone in my site, then that particular phone must be buy by certain quantities which given by admin. It may be done one by one user or a single user can buy all the quantities at a single time. In this case as a developer how can i able to hold the payment which received by user? Because i don't want to receive the payments until the certain quantities bought. Because if certain quantities were not buy i need to refund the money to their account. We don't like to do this process. That's why we are looking for holding the payment. Is it possible or what is the best way to solve this problem? Please let me know what is you professional opinion? thanks in advance... Please let me know what is you professional opinion?

    Read the article

  • magento payment process.. how it works in general

    - by spirytus
    hi everyone, got a question and I hope this is right place to ask :).. don’t quite understand how payment works in magento. client goes to checkout and lets say wants to pay as a guest, so provides address etc. and finally gets to payment methods. Then I want clients to pay thru credit card. Already have module installed for gateway (bank?) of my choice. At that point I would expect users to be redirected to 3rd party page (bank hosted) where they giving all the details, only after being returned to my magento site with appropriate message. In magento however it seems like they need to provide cc numbers and details on magento checkout page. I don’t understand if I (or the payment module I installed) need to transfer then all the credit card details to bank? I would have to have checkout page on ssl connection and static ip right? The thing is I want to avoid touching CC numbers at any point and would love to have it done by a bank page. I like the idea of magento interface all the way without redirecting to another page though, the only problem is not sure if would be able to set it all up properly. If anyone could explain to me possible options, what is the common way to do it and how the whole process works that would be very much appreciated. I did my research and looked all over google and various forums still need someones help though. Please let me know if some parts of my question are not quite clear, will try to better explain if necessary.

    Read the article

  • How to make MAMP PRO / XAMPP secure enough to serve as production webserver? Is it possible?

    - by Andrei
    Hi, my task is to setup a MAMP webserver for our website in the easiest way so it can be managed by my colleagues without experience in server administration. MAMP PRO is an excellent solution, but some guys don't suggest to use it for serving external requests. Could you explain why it is bad (in details if possible) and how to make it secure enough to be a full-scale and not-only-local webserver? Is there a better solution? Update There is a discussion on the MAMP website. XAMPP developers say that one can make their product secure: The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment. Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«. Could you comment it?

    Read the article

  • Using the option port on my Watchguard Firebox as a 2nd gateway exit point?

    - by Donovan
    I'm working on a network project in witch I have to design our network to provide two different exit points. The points are differentiated by the path through the corporate network. One of them travels through some monitoring hardware the other does not. We have a Watchguard Firebox in use as our gateway. Currently the network side provides the unmonitored exit point. I was wondering if i hooked the option port to our lan at a point that would force traffic through the monitored path, would it cause any problems? Access to the unmonitored gateway port would be restricted by ip. That would force all others not authorized to point to the monitored gateway port. I thought with the above design i might be able to get away with not having to buy another firebox to achieve the design I want. Thanks, D

    Read the article

  • Which is more secure: Tomcat standalone or Tomcat behind Apache?

    - by NoozNooz42
    This question is not about performance, nor about load-balancing, etc. Which would be more secure: running Tomcat in standalone mode or running Tomcat behind apache? The thing is, Tomcat is written in Java and hence it is pretty much immune to buffer overrun/overflow (unless a buffer overrun in a C-written lib used by Tomcat can be triggered, but they're rare [the last I remember was in zlib, many many moons ago] and one heck of a hack to actually exploit), which gets rid of a lot of potential exploits. This page: http://wiki.apache.org/tomcat/FAQ/Security has this to say: There have been no public cases of damage done to a company, organization, or individual due to a Tomcat security issue... there have been only theoretical vulnerabilities found. All of those were addressed even though there were no documented cases of actual exploitation of these vulnerabilities. This, combined with the fact that buffer overrun/overflow are pretty much non-existent in Java, makes me believe that Tomcat in standalone mode is pretty secure. In addition to that, I can install both Java and Tomcat on Linux without needing to be root. The only moment I need to be root is to set up a transparent port 8080 to port 80 forwarding (and 8443 to 443). Two iptables line as root, that's all root is needed for. (I don't know for Apache). Apache is much more used than Tomcat and definitely does not have a security track record as good as Tomcat. What would make Tomcat + Apache more secure? What would make Tomcat + Apache less secure? In short: which is more secure, Tomcat standalone or Tomcat with Apache? (remembering that performance aren't an issue here)

    Read the article

  • Can a network interface be configured to have a default gateway for UDP packets?

    - by Vaibhav
    It is quite possible that my question may not make a lot of sense. I apologize, but I am not a networking guy, and that's my excuse. To elaborate, WikiPedia defines "Default Gateway" as a node on a "TCP/IP" network. And the way it works is that if a network interface is sending a packet to an IP address not present on its subnet, it sends it out to the default gateway (which then knows what to do with that packet). Is this true if a UDP packet (datagram) is involved? I mean, if my network interface is sending a UDP packet to an IP address that is not present on its subnet, would it automatically send it to the Default Gateway as well?

    Read the article

  • How to configure OpenVPN server to use custom default gateway?

    - by Arenim
    I have a vpn server at address 10.1.0.2 and the server have another ip in it's network -- 10.0.0.2 in his subnet (it's a tun2socks router). But default server's gateway is NOT 10.0.0.2 (and it's ok) but another external IP. I want all the client's traffic to be forwarded through this ip address -- 10.0.0.2. Here is part of my server's config: dev tap0 server-bridge 10.1.0.1 255.255.255.0 10.1.0.50 10.1.0.100 push "route 10.0.0.0 255.255.255.0" ; now client can ping 10.0.0.2 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 10.1.0.1" push "dhcp-option WINS 10.1.0.1" in fact i want some like push "redirect-gateway 10.0.0.2" How can I achieve this?

    Read the article

  • How should I store and secure self-signed certificates?

    - by Anthony Mastrean
    I'm fairly certain I shouldn't commit certificates into source control. Even if the repository is private and only authenticated coworkers (for example) have access to it. That would allow for accidental exposure (thumb drives, leaked credentials, whatever). But, how should I store and secure certificates? I don't suppose I should just plop them on the network file server, for some of the same reasons I wouldn't put them into source control, right? Is there some kind of secure certificate store that I can run? Does the Java "keystore" do that generally or is it specific for like weblogic servers or something?

    Read the article

  • Le logiciel de protection de F-Secure a pris des fichiers Mac pour des malwares, le problème est heureusement corrigé

    La version bêta du logiciel de protection de F-Secure a pris des fichiers Mac pour des malwares, le problème est heureusement corrigé Un petit rien peu parfois se transformer en quelque chose de gigantesque, avec un effet boule de neige. C'est ce qu'est en train de constater actuellement F-Secure. La firme spécialisée dans la sécurité informatique a rencontré un bogue sur son programme anti-virus qui provoque l'indignation d'un grand nombre d'internautes. En effet, le logiciel, qui est actuellement en version bêta pour Mac OS X a de "sérieux problèmes de fausse alarme". Sur les Macs sur lesquels il est installé, il a par accident supprimé des fichiers sains en les prenant pour des malwares. Des erreurs de ...

    Read the article

  • La Linux Foundation arrache une solution pour le Secure Boot de Windows 8, qui empêche le démarrage d'autres systèmes

    La Linux Fondation arrache une solution de contournement pour le Secure Boot de Windows 8 Qui empêche le démarrage d'autres systèmes sur les PC certifiés Depuis que Microsoft a opté pour le ?Secure Boot? pour les PC sous Windows 8, un grand désarroi règne dans la communauté Linux. Cette fonctionnalité de démarrage sécurisé, directement intégrée à l'UEFI (interface micrologicielle extensible unifiée), empêche de facto l'installation de tout autre système d'exploitation. Microsoft transmet en effet une signature numérique aux constructeurs de cartes mères certifiées Windows 8. [IMG]http://upload.wikimedia.org/wikipedia/commons/thumb/d/df/Uefi_logo.svg/150px-Uefi_logo.svg.png[/IM...

    Read the article

  • Is the php method md5() secure? Can it be used for passwords? [migrated]

    - by awiebe
    So executing a php script causes the form values to be sent to the server, and then they are processed. If you want to store a password in your db than you want it to be a cryptographic hash(so your client side is secure, can you generate an md5 using php securely( without submitting the user:password pair in the clear), or is there an alternative standard method of doing this, without having the unecrypted pasword leaving the clients machine? Sorry if this is a stupid question I'm kind of new at this. I think this can be done somehow using https, and on that note if a site's login page does not use https, does that mean that while the databse storage is secure, the transportation is not?

    Read the article

  • Canonical détaille ses plans pour le support de l'UEFI Secure Boot, GRUB 2 ne sera plus utilisé par défaut sur les futures versions d'Ubuntu

    Canonical détaille ses plans pour le support de l'UEFI Secure Boot GRUB 2 ne sera plus utilisé par défaut sur les futures versions d'Ubuntu Pour son futur système d'exploitation Windows 8, Microsoft a opté pour l'utilisation de l'UEFI ( Unified Extensible Firmware Interface) en remplacement du BIOS. Les constructeurs désireux de proposer des dispositifs sous l'OS seront donc obligés de passer à l'UEFI, avec une activation par défaut de la fonction Secure Boot. Cette fonctionnalité de sécurité offrira au système d'exploitation un processus de démarrage signé et mesuré, qui aide à protéger le PC en détectant les logiciels malveillants au démarrage, et en empêchant le chargement de c...

    Read the article

  • Prerequisites for Account management via an IPhone App?

    - by Icky
    Hello. I have been reading a couple of threads for this topic on this site. I want to create an App, which communicates with a server and has the following features: the User can create/manage an account on the server the App communicates with the server via a secure connection the User is updated about important news through messages From what I understood so far, I need to take care of the following: establish a secure connection with the server send account information(user data, password) to the server and authenticate the client side management and encryption of account data/information is handled by the server, so the App only sends data, the server stores/encrypts (no need for me to take care of anything) So far, I think, I have covered the most important features. I have read, that NSURLConnection can be used, to send the authentication data. But how is further communication ensured? And how is the encryption managed? Are there any useful tutorials on this, because this is the first time I delve into this topic, and any guidance is greatly appreciated! Also, if I have missed anything important (e.g. with managing accounts) please tell me.

    Read the article

  • Is Movable Type among the most secure PHP blogs? How secure are the various PHP blog applications?

    - by user6025
    Basically I'm trying to find a blog for a website, and security is the highest priority in our case. We don't need any features that I would imagine are special. Wordpress was our first idea, but its reputation precedes it, and though it may have cleaned up its act lately, I'm not seeing much solid evidence. I get the impression that Movable Type (at least the Perl version) has a much better reputation for security than Wordpress (historically at least). I'm not sure I want to take a chance with Wordpress at this point, but is there some objective source I can got to to back up (or counter) the notion that MT is at least among the best? Secunia doesn't recommend using their stats for comparisons, and securityfocus.com doesn't have stats at all that I can see. Searching here http://web.nvd.nist.gov makes MT look way better than WP (at least in 2007), but this site was referenced by MT's own page boasting about their security, so I don't know how relevant it is or how seriously people take it. Any suggestions on sites where I could/should make a somewhat objective comparison?

    Read the article

  • SOHO Netflix and network security

    - by TW
    I want to use WIFI for HiDef video, but I don't trust it for my office PC's. I've heard of VLANs but I have no idea how to set it up or what (SOHO) hardware to buy. Other than getting 2 different DSL lines, how can I be absolutely sure that the PC side doesn't get hacked? What if I want to use MS Home server as a backup device for both sides? Can I make it "read only" for the PC side, and physically change the cable if I need to restore? TW

    Read the article

  • Synergy client drops and reconnects at UAC dialog

    - by sidran32
    I've been using Synergy for a while at work to connect my XP machine (the host) to my Win 7 laptop (the client). I previously was having issues with using Synergy and the UAC prompt, as described in this question, and have had no issues since, until recently. I upgraded to Synergy 1.4.10 and now am seeing odd behavior whenever a UAC prompt appears on my laptop. When the UAC prompt appears on my laptop, Synergy momentarily drops its connection to my laptop, causing my mouse and keyboard focus to revert to my host machine (the XP machine). After about a second or so, though, the connection gets re-established and I am able to type and use the mouse buttons in the UAC prompt. Once the prompt clears, the connection drops again for a second, and then gets re-established again. Is this something to do with configuration or perhaps should I just chalk it up to a change in behavior in version 1.4.10?

    Read the article

  • Cloudfront - How to invalidate objects in a distribution that was transformed from secured to public?

    - by Gil
    The setting I have an Amazon Cloudfront distribution that was originally set as secured. Objects in this distribution required a URL signing. For example, a valid URL used to be of the following format: https://d1stsppuecoabc.cloudfront.net/images/TheImage.jpg?Expires=1413119282&Signature=NLLRTVVmzyTEzhm-ugpRymi~nM2v97vxoZV5K9sCd4d7~PhgWINoTUVBElkWehIWqLMIAq0S2HWU9ak5XIwNN9B57mwWlsuOleB~XBN1A-5kzwLr7pSM5UzGn4zn6GRiH-qb2zEoE2Fz9MnD9Zc5nMoh2XXwawMvWG7EYInK1m~X9LXfDvNaOO5iY7xY4HyIS-Q~xYHWUnt0TgcHJ8cE9xrSiwP1qX3B8lEUtMkvVbyLw__&Key-Pair-Id=APKAI7F5R77FFNFWGABC The distribution points to an S3 bucket that also used to be secured (it only allowed access through the cloudfront). What happened At some point, the URL singing expired and would return a 403. Since we no longer need to keep the same security level, I recently changed the setting of the cloudfront distribution and of the S3 bucket it is pointing to, both to be public. I then tried to invalidate objects in this distribution. Invalidation did not throw any errors, however the invalidation did not seem to succeed. Requests to the same cloudfront URL (with or without the query string) still return 403. The response header looks like: HTTP/1.1 403 Forbidden Server: CloudFront Date: Mon, 18 Aug 2014 15:16:08 GMT Content-Type: text/xml Content-Length: 110 Connection: keep-alive X-Cache: Error from cloudfront Via: 1.1 3abf650c7bf73e47515000bddf3f04a0.cloudfront.net (CloudFront) X-Amz-Cf-Id: j1CszSXz0DO-IxFvHWyqkDSdO462LwkfLY0muRDrULU7zT_W4HuZ2B== Things I tried I tried to set another cloudfront distribution that points to the same S3 as origin server. Requests to the same object in the new distribution were successful. The question Did anyone encounter the same situation where a cloudfront URL that returns 403 cannot be invalidated? Is there any reason why wouldn't the object get invalidated? Thanks for your help!

    Read the article

  • Set up SSL/HTTPS in zend application via .htaccess

    - by davykiash
    I have been battling with .htaccess rules to get my SSL setup working right for the past few days.I get a requested URL not found error whenever I try access any requests that does not do through the index controller. For example this URL would work fine if I enter the it manually https://www.example.com/index.php/auth/register However my application has been built in such a way that the url should be this https://www.example.com/auth/register and that gives the requested URL not found error My other URLs such as https://www.example.com/index/faq https://www.example.com/index/blog https://www.example.com/index/terms work just fine. What rule do I need to write in my htaccess to get the URL https://www.example.com/auth/register working? My htaccess file looks like this RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] I posted an almost similar question in stackoverflow

    Read the article

  • How to securly join two networks together over the Internet?

    - by Pyrolistical
    Let's say there are two locations. Both locations have their own fast Internet connections. How do you join these two networks together such that every computer can see every other computer? Do you need a domain controller, or can you do this with workgroups? EDIT The obvious solution seems to be VPN, but can VPN be implemented on the routers only? Can the computers on the network be configuration free?

    Read the article

  • Erase personal data from corporate laptop

    - by microspino
    I need to delete my data from the company laptop. Nothing special just 2 or 3 folders (I have Dropbox installed on this PC) and I'd like to be sure they are gone. I read about free tools and bootable CDs to erase the entire disk, I don't need those but just a free tool to put some zeros where my data were before.

    Read the article

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >