Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 428/596 | < Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435 | Next Page >

Proxy Server suggestions

- by Jon Menefee

Here is the question I have that hopefully is not too general of a question. I have a network with approximately 25 PC's, 3 servers and 25 IP cameras. I have a firewall already on the network and it works fine for what I need, but my client is asking me if there is a way to put a Proxy server on the network to monitor where his employees are going when they surf the Internet. He is not wanting to block them (at least not thru the Proxy server), but he wants to make sure that they arent going to sites that would compromise the networked PCs. I have looked at TMG and it is a little more than what I want. I hesitate adding another firewall to the system because of the security cameras that are presently on the network (IP Cameras). I just want to put a policy in AD that would make certain Users (or Computers) use a Proxy server. Any suggestions on a good proxy server are welcome. Thank you

Read the article
Would there be any problems with DEP turned off?

- by IneedHelp

I recently moved to a fresh Windows 8 x64 system and I learned that my favourite firewall (JPF - Jetico Personal Firewall) doesn't get along with Win8x64 (CRITICAL_STRUCTURE_CORRUPTION errors), but I can not do without JPF, so I kind of tried everything I could think of (test mode, debugging, various system changes), but I was still getting blue screens because of the firewall driver/software. I know for sure that it is the firewall that is causing the problems because I get blue screens as soon as I install it and they stop when I uninstall it. I Also tested it thoroughly on virtual computers. Anyway, I have discovered that by completely turning DEP off by using this command: bcdedit.exe /set {current} nx AlwaysOff the firewall would not cause blue screens anymore. So my question is, what could go wrong with DEP completely turned off? Note: I do not care much about hardware/windows security, I keep myself secured by using sandboxes and virtual computers (and I also have backups), so I'm not concerned with viruses and root kits or whatever people are freaking out about.

Read the article
Help with Corrupt version of IE8 on WinXPsp3

- by Anon

I've upgrade from IE6 to 7 to 8 and back down and back up, but still have critical issues in IE such as * cannot see any version info in "about internet explorer" * cannot run windows update * cannot load SharePoint pages (and other pages using ActiveX or IE-specific dhtml) I've also re-installed sp3, but still no luck. Also, also - I've changed security settings to be most permissive. Next step is blowing it all away and starting with windows7. Short of that, any suggestions are welcome. Thanks in advance.

Read the article
Routing between two networks on linux?

- by gGololicic

I got stuck with one problem I cant find solution. I have linux pc with two NIC. first nic (eth1) is connected to public ip (probably switch or whatever, doesnt really mater) so eth1 is connected to wan and another eth0 that I connected to switch and make it a lan nic. configuration: eth1 ip address 88.200.1xx.xxx //xxx's are cuz of security reasons eth0 ip address 192.168.1.1 wan ------ [eth1 (linux PC) eth0]<----[switch]<---- [eth1 (PC1)] Now I want to connect this two networks, so PC1 can access linux PC and wan. I think I know how to do it but I cant confiugre it right. This is what I tried: I turend on ip forwarding (for sure) I set eth1 default gw to the right ip on the wan I tried to set eth0 default gw to the same ip (but i couldnt) What or how can I do this, I was trying with linux route command, but I got stuck. Please help.

Read the article
Blocked Chrome by Company's Proxy

- by gol.d.ace

Chrome has just suddenly being blocked by my company for accessing internet. Instead, IE still works fine. It blocks the connection, the error says that my Chrome connection is timeout & the server is not responding Error 118 (net::ERR_CONNECTION_TIMED_OUT): The operation timed out). I guess the reason behind this is to standardize all user's browser for only using IE for security reason. I have tried to change the user-agent string (--user-agent="... ") so that the Chrome will pretend to be as IE. and yet, still not working! Could anyone shed my problem here? IE is just not comfortable so-called for surfing the web!

Read the article
Sharepoint 2007 reset permission inheritance

- by e-mre

I have this SharePoint 2007 document library which has several levels of folders and files. Some folders in the middle of the hierarchy do not inherit permissions from their parents and have their unique permissions defined. It is a huge library and there are many folders like this. I am currently changing the permission model of my library and I want to reset all those unique permissions and have all of them inherit permissions from the library root. (Something like "Replace child object permissions" checkbox available in windows files system security window) If this is not possible, seeing a list of folders that have their unique permissions defined would also do.

Read the article
Does admin=true and root has the same privileges on AIX?

- by Boaz Tirosh

Does a user in /etc/security/user with the parameter admin set to true (admin = true) has the same privileges as the root user? According to IBM (full information here): admin Defines the administrative status of the user. Possible values are: true The user is an administrator. Only the root user can change the attributes of users defined as administrators. false The user is not an administrator. This is the default value. Is there another type of user, or are admin and root the same?

Read the article
Duplicating keepass files instead of creating a new file

- by BlakBat

I'm currently using KeePass 2 and syncing them via dropbox. I have a few KeePass files (one for websites, one to store software licenses, etc...) Every time I need a new KeePass file, I just create a copy of the kbdx file, open it, remove all existing entries, change the key transformation rounds to another pseudo-random value. I do not change the master password. I want to know if this was unsafe practice, or was a security risk, compared to just creating a new KeePass file via the "File-New" menu. The reason I don't use the menu: i'm lazy enough to not want to reconfigure "database settings" every time.

Read the article
Is looking for Wi-Fi access points purely passive?

- by Aric TenEyck

Say I carry a Wi-Fi enabled phone or laptop through an area where there are WAPs. Assuming that I don't actively try to connect to them or otherwise interact with them, is it possible for the owner of that WAP to know that I was there? I'm asking this in the context of my earlier question: Looking for MACs on the network I was talking with a friend about my newfound ability to detect phones (and other devices with MAC addresses) on the network, and he pointed out that it might be useful to detect unknown phones on the network; I could use that data to track down anyone who was in my house and brought a Wi-Fi phone with them. So, if I set up a logging fake WAP with no security or encryption, can I glean any useful information about the devices that come into the house? Assuming that the thief doesn't actively try to connect...

Read the article
Is there any way to enable remote desktop with a password without setting a password on the os?

- by Coder

I'm running Windows 7 and would like to use remote desktop to connect to my home computer. As such i want to enable password security for remote desktop, but I do not want to have to enter a password to log into my computer if i'm physically at my computer. Is there any way to do this? I am an administrator user and I want to have the same icons and configuration regardless of if i log in remotely or locally but i want only the remote connection to require a password. I read about being able to do something similar by adding another user account, but is there any way to do it so that the same icons and settings take affect regardless of how i log in? Thanks.

Read the article
Browser keeps being really rude to me today

- by j-t-s

Hi All I've had this problem only once before, years ago. I bought a new computer the other day and last night I visited a website which Google Chrome suspected was an insecure site. So I proceeded to view the page anyway (Stupid, I know... But I was curious), and all of a sudden the window closed and ever since, every few minutes either Google chrome or Internet Explorer keeps popping up with random websites, most of which are porn-related sites. I have downloaded ZoneAlarm, IOBit 360, Eset Smart Security and none of them reported any problems. I still have the rube browser problem. Can somebody please suggest any software/ways to fix this? (Other than to reformat please :)) Thank you :)

Read the article
PuTTY automatically supply password

- by Kyle Cronin

I have a situation where I need to have PuTTY (or another SSH client for Windows) automatically log into another machine via SSH. I realize that this isn't a good idea security-wise, but unfortunately I'm constrained by the limitations both on the client and the server. The best solution would be to have a shortcut or script on the desktop that, when double clicked, will connect to the server and automatically log in. Can I do this with PuTTY? I am willing to explore public key authentication, but I'm not sure where the PuTTY key resides or how to copy it to the server, as the app starts automatically upon login.

Read the article
Zfs Drive config on FreeNas

- by Martyn

Couple of related questions. Background: I have a stock of drives lying about that I want to use in a HP Proliant Microserver which has a 4 slot SAS cage with FreeNas. I don't want to spend any more on parts. 1) With Zfs and RAIDZ, how bad would it be to mix 2 x 1TB Seagate Barracudas with 2 x 1TB WD Green drives. The latter Green drives are I believe only 5,400 RPM, but I can't find that info for sure. 2) Which would be better, the above mis-match in a RAIDZ or 2 x 3TB Seagate Barracuda in a mirror. Considering both performance and data security 3) I have a spare 250GB drive and a spare SATA slot (for optical drive, not sure on speed) as well, would that be a performance gain to use that for the ZIL and L2ARC (over just using the main drives). Thanks in advance.

Read the article
What would prevent a .BAT file from being run on a mapped drive?

- by JBurace

In WinXP SP3, I have a .BAT file on a mapped drive. When I try to run this .BAT file (or even right click-edit) it gives me: --------------------------- Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. --------------------------- OK --------------------------- This happens with any .BAT file, no matter what is within the file. If the file is on my local computer (like C:) it will run just fine. If someone else runs it from another computer (on the same mapped drive), it runs just fine. I have full permissions on the drive; I can edit/delete/save/write/create in that folder and/or .BAT file and I've ruled out permissions being the issue. It seems like a security prevention, but I can't tell what it would be. It would have to be something on my PC, but I don't use any 3rd party software. What would cause this error?

Read the article
VPN pre-shared key problems

- by Owl

I have two vpns set up on a Symantec Gateway Security 320. VPN 1 goes to a Symantec Firewall/VPN 100 to another clinic of ours and every hour they lose connectivity and the error log on the Firewall/VPN100 shows an invalid pre-shared key error, although, both devices show the same pre-shared key entered. VPN 2 goes to our software vendor to use an additional part of our program. I am unable to ping the remote address and so is the other company, but my VPN status shows it is connected. They have told me the pre-shared key seemed to be automatically trying to resubmit itself as if it were incorrect, about every hour even though it is correct. They also told me port80 traffic was closed but I show the HTTP service using 80 redirected to 80 in my firewall settings. Please help.

Read the article
Do TCP connections work differently within the same subnet?

- by Dean

I've encountered some network behaviour that confuses me while trying to get Java RMI working. I use netcat to connect to a local machine: [my_machine]$ nc -w 1 192.168.0.100 60000 && echo success success I try to do the same to my server: [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success This doesn't work, unless I explicitly listen on the server socket: [amazon_ec2]$ nc -l 60000 [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success success For the version that fails, the SYN packet receives a RST, ACK in response. I'm not too knowledgable about this stuff, at this point I only have wild theories such as the one in the question. Any ideas? Potentially useful details: Local Machine (192.168.0.100) - Macbook Remote Machine (Amazon EC2) - Amazon Linux AMI 2012.03 Security Group Settings: 22 (SSH) 0.0.0.0/0 1099 0.0.0.0/0 49152-65535 0.0.0.0/0 "iptables -L" shows no rules set

Read the article
Share folder with active directory group permissions

- by Hihui

I have a Debian as a member of our AD (which is a 2k3). I want to share 2 folders from our Debian. 1 with full access for everyone, the second only readable by group "ADM", and "PROD". Part of smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL netbios name = SERV-FTP wins server = "IP serv 2k3" security = domain [JUKEBOX] // full access path = /media/JUKEBOX/JUKEBOX comment = sharing writable = yes browsable = yes public = yes read only = no valid users = @ASYLUM\prod_std admin users = @ASYLUM\ADM [SOFTWARE] comment = Software path = /media/JUKEBOX/SOFTWARE valid users = @ASYLUM\prod_adv, @ASYLUM\ADM writable = yes read only = no My log : [2013/10/25 09:24:37.316643, 0] smbd/service.c:1055(make_connection_snum) canonicalize_connect_path failed for service SOFTWARE, path /media/JUKEBOX/SOFTWARE And, from my Windows's client, if i want to access on that folder : Windows can't access to \serv-ftp\software Where is the problem ... ? Thx !

Read the article
Duplicating an instance into a new VPC from a Snapshot

- by Remmus

We have a group of instances in an Amazon VPC we use for our live environment. We have a big release to do and want to test that the deployment will run smoothly. I have created a second VPC, created instances of the same size on the same private ips and then removed their original volumes and attached new volumes that were created from snapshots of the live environment. Unfortunately none of the instance will allow me to connect. They start running fine, but I don't get any system logs appear and can't connect. The only thing I can think of is that the new instance was created from a new AMI as the old one is deprecated due to new security fixes. Is this a problem? If so can I fix it in any way? And if this isn't a problem, does anyone have any ideas how I can fix it?

Read the article
Why do mapped drives only reappear after logging out and back in, and not after a reboot?

- by razumny

I work in a corporate environment, where we use mostly Windows 7 Professional computers, though some legacy applications are still being run on Windows XP. We have security in place on the network not to allow access to network resources to computers that are not members of Active Directory. When logging in, our users get their home folder and a common network drive mapped to H: and F:, respectively. Sometimes, this does not happen, and the drives are not mapped. The solution is to have the user log off, and back in to Windows. If they reboot, the drives remain unmapped. Does anyone know why this may be?

Read the article
WAN and LAN setup for IPv6

- by neu242

We just got a IPv6 /48 range (a gateway and an IP address) for our company, but I'm unsure about how to set it up. We use FreeBSD 8.4 (pfSense 2.1) as a router/firewall. Currently we have IPv4 setup with a WAN towards the internet, and a NAT-ed LAN behind it for office PCs. We want to keep the LAN network for security, and we want IPv6 addresses from the /48 for all office PCs (without NAT). The WAN is configured with the IPv6 gateway 1111:2222:3333::1/48 and interface address 1111:2222:3333::2/48. But when it's configured this way, I guess it's impossible to fit the LAN on a /64 within the /48? I believe I should configure the WAN subnet on 1111:2222:3333:1::/64 and the LAN on a subnet like 1111:2222:3333:2::/64. Is this something I can configure myself, or do I have to ask the ISP to configure that routing for me?

Read the article
Which TCP ports to use?

- by rowatt

Is there a TCP port range which I can be sure will not be used by anything else for traffic between two machines? If I am reading RFC6335 correctly, I can be sure that no other applications will use specific ports in the Dynamic/Private/Ephemeral range of 49152-65535. However, if I understand correctly, it also states (section 8.1.2) that an application shouldn't assume that any given port in that range is available at any given time, which would mean I can't be 100% sure that it will be unused all the time. Specifically, I want to assign specific SSH traffic to a different port for the security benefit and so I can classify it differently for QoS purposes, and not have to worry about changing the port in the future.

Read the article
Apache Key: Which is it using?

- by quindraco

I'm running an Apache server on Ubuntu. When I restart it, it asks me for a pass phrase; here's what the dialog looks like: Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server 127.0.0.1:443 (RSA) Enter pass phrase: I've already worked out how to remove the pass phrase from the key file in question, but I can't find any information anywhere on how to determine which key file Apache is complaining about in the above dialog. I have dozens of key files on the server in question, although I don't know which ones are in active use (all I did is 'locate .pem' and ignore the false positives). Does anyone know how to track down which pem file I need to remove the passphrase from?

Read the article
Amazon EC2 Socket connection not being accepted

- by Joseph

I am trying to run a java application on my EC2 instance. The application accepts socket connections on port 54321. If I try and connect to it, it times out. My Security Group is set as: TCP Port (Service) Source Action 21 0.0.0.0/0 Delete 22 (SSH) 0.0.0.0/0 Delete 80 (HTTP) 0.0.0.0/0 Delete 20393 0.0.0.0/0 Delete 54321 0.0.0.0/0 Delete Is there anything else I need to do? # iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination # iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination #

Read the article
Best way to restrict FTP access to a single directory?

- by John Debs

I have a VPS running Ubuntu 10.04, and I'd like to give someone SFTP access to a single directory, but prevent them from seeing anything else on the system. What's the best way to pull this off? I considered removing "everyone" permissions from everything on the system, but that seems like a really blunt tool for this problem (and one that'll cause other issues) - I'm hoping there's a better option here. Edit: I appreciate the answers! (And I learned a bunch reading/researching through them). I ended up finding and using this guide from Linode as it spelled all the steps: http://library.linode.com/security/sftp-jails/

Read the article
IIS7.5 Domain Account Application Pool Identity for SQL Server Authentication

- by user38652

In Windows Server 2003/IIS6 land we typically create an app pool that runs as the identity of an AD account created with minimal privileges simply for that purpose. This same domain user would also be granted access to SQL Server so that any ASP.NET application in that app pool would be able to connect to SQL Server with Integrated Security=SSPI. We are making a brave move to the world of Windows Server 2008 R2/IIS7.5 and are looking to replicate this model, but I am struggling with how to make the application pool in IIS7.5 run as the identity of an AD account? I know this sounds simple and hopefully it is, but my attempts so far have been fruitless. Should the application pool identity be a 'Custom account' for a domain account? Does the domain account need to be added to any groups?

Read the article

< Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435 | Next Page >