Search Results

Search found 15441 results on 618 pages for 'ssl security'.

Page 48/618 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • Basic security practices for desktop Ubuntu

    - by Daisetsu
    Most of us know the basic security practices on Windows: use a limited account set a password disable unused services uninstall bloatware Antivirus / Antimalware etc. I haven't ran linux as my main desktop computer before, so I don't know how to properly secure it. I have heard linux is supposed to be more secure than Windows, but I know that the default settings of anything are rarely secure. What are some things I should do as a new Linux user to secure my desktop system from attack?

    Read the article

  • Security question pertaining web application deployment

    - by orokusaki
    I am about to deploy a web application (in a couple months) with the following set-up (perhaps anyways): Ubuntu Lucid Lynx with: IP Tables firewall (white-list style with only 3 ports open) Custom SSH port (like 31847 or something) No "root" SSH access Long, random username (not just "admin" or something) with a long password (65 chars) PostgreSQL which only listens to localhost 256 bit SSL Cert Reverse proxy from NGINX to my application server (UWSGI) Assume that my colo is secure (Physical access isn't my concern for the time being) Application-level security (SQL injection, XSS, Directory Traversal, CSRF, etc) Perhaps IP masquerading (but I don't really understand this yet) Does this sound like a secure setup? I hear about people's web apps getting hacked all the time, and part of me thinks, "maybe they're just neglecting something", but the other part of me thinks, "maybe there's nothing you can do to protect your server, and those things are just measures to make it a little harder for script kiddies to get in". If I told you all of this, gave you my IP address, and told you what ports were available, would it be possible for you to get in (assuming you have a penetration testing tool), or is this really protected well.

    Read the article

  • Troubles configuring SSL for an Apache host

    - by Ryan
    I configured it on Friday night and all worked well. Today for some reason it stopped working and I can't figure out why. When you goto the secure page it's acting like I have a self-signed certificate and I don't. I have the host configured like so ServerAdmin [email protected] DocumentRoot "/path/to/site" Servername www.mydomain.com ServerAlias mydomain.com DirectoryIndex index.cfm index.htm SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/path/to/mydomain.com.crt SSLCertificateKeyFile /etc/httpd/path/to/www.mydomain.com.key SSLCertificateChainFile /etc/httpd/path/to/gd_bundle.crt Apache starts with no errors and I can't seem to find anything meaningful in any of the logs. It's got to be something minor but I can't seem to see it. It's an updated Centos/Apache VM. I have worn Google out.

    Read the article

  • Firefox: This connection is untrusted + Behind corporate firewall

    - by espais
    I've seen some similar issues strewn throughout Google's results about this, but none seem to be corporate-specific. I continually get the 'This connection is untrusted' screen every time I attempt to log into a secure site...for instance Gmail. This is pretty annoying as sometimes I have to go through the process of adding the exception two or three times before it finally lets me into Gmail. I am behind a corporate firewall, going through an internal proxy server to get to the Internet, so there is no possibility for me to update the firewall...etc. Does anybody know a way around this? Can it simply be disabled (and is that safe)? EDIT I'm going to reopen this question with a bit of new information. I have been using Google Chrome lately until today, and one thing that I noticed was that I never had this issue when using either Chrome or Internet Explorer. Is there something that these other browsers do that I need to manually do in FF?

    Read the article

  • SSL pages under ASP.NET MVC

    - by David Laing
    How do I go about using HTTPS for some of the pages in my ASP.NET MVC based site? Steve Sanderson has a pretty good tutorial on how to do this in a DRY way on Preview 4 at: http://blog.codeville.net/2008/08/05/adding-httpsssl-support-to-aspnet-mvc-routing/ Is there a better / updated way with Preview 5?,

    Read the article

  • How to add security zone information to files?

    - by user33938
    I recently enabled "Do not preserve zone information in file attachments", to get rid that annoying "Do you want to run this program" security warning. Now, how can I add this information to a file that doesn't have it? I would like to get that warning back on certain files.

    Read the article

  • "Hostile" network in the company - please comment on a security setup

    - by TomTom
    I have a little specific problem here that I want (need) to solve in a satisfactory way. My company has multiple (IPv4) networks that are controlled by our router sitting in the middle. Typical smaller shop setup. There is now one additional network that has an IP Range OUTSIDE of our control, connected to the internet with another router OUTSIDE of our control. Call it a project network that is part of another companies network and combined via VPN they set up. This means: They control the router that is used for this network and They can reconfigure things so that they can access the machines in this network. The network is physically split on our end through some VLAN capable switches as it covers three locations. At one end there is the router the other company controls. I Need / want to give the machines used in this network access to my company network. In fact, it may be good to make them part of my active directory domain. The people working on those machines are part of my company. BUT - I need to do so without compromising the security of my company network from outside influence. Any sort of router integration using the externally controlled router is out by this idea So, my idea is this: We accept the IPv4 address space and network topology in this network is not under our control. We seek alternatives to integrate those machines into our company network. The 2 concepts I came up with are: Use some sort of VPN - have the machines log into VPN. Thanks to them using modern windows, this could be transparent DirectAccess. This essentially treats the other IP space not different than any restaurant network a laptop of the company goes in. Alternatively - establish IPv6 routing to this ethernet segment. But - and this is a trick - block all IPv6 packets in the switch before they hit the third party controlled router, so that even IF they turn on IPv6 on that thing (not used now, but they could do it) they would get not a single packet. The switch can nicely do that by pulling all IPv6 traffic coming to that port into a separate VLAN (based on ethernet protocol type). Anyone sees a problem with using he switch to isolate the outer from IPv6? Any security hole? It is sad we have to treat this network as hostile - would be a lot easier - but the support personnel there is of "known dubious quality" and the legal side is clear - we can not fulfill our obligations when we integrate them into our company while they are under a jurisdiction we don't have a say in.

    Read the article

  • I need Internet Security software with following properties

    - by Eias.N
    Hello ,, I want to own an Internet Security software , but I prefer that it has following properties : Not a heavy one that killing the machine (Like Norton) . Delete the viruses , and don't keep it after clean it . The most important off all : Has an Offline databases that Can I download and add to program database without connecting to Internet (Not Like KIS 2010) Containing (anti spam -anti Virus - Fire wall - ....... ) So what is in your mind?(Don't tell me AVG I tested it)

    Read the article

  • Mobile security solutions

    - by techzen
    What are the mobile security solutions used by you / your organization. What are the pro's and cons of usage of these solution - and how far have you been successful in implementing these - were there any loopholes / issues faced in using them?. In general, can you suggest a set of guidelines to watch for when going for going for selecting a specific solution in this context.

    Read the article

  • Remove the Microsoft Security Essentials icon

    - by unam3d
    I've been using Microsoft Security Essentials on Windows 7 for sometime now and so far I don't have a bad word to say about it. I would like to permanently remove the MSE icon from the task bar and pop-up box, though I would still like to be informed when it detects a threat, etc.

    Read the article

  • What tangible security are gained by blocking all but a few outgoing ports in a firewall

    - by Frankie Dintino
    Our current hardware firewall allows for blocking incoming and outgoing ports. We have two possibilities: Block certain troublesome ports (unsecured smtp, bittorrent, etc.) Block all but a few approved ports (http, https, ssh, imap-ssl, etc.) I see several downsides with option 2. Occasionally web servers are hosted on non-standard ports and we would have to deal with the resulting issues. Also, there is nothing preventing a malicious or unwanted service from being hosted on port 80, for instance. What are are the upsides?

    Read the article

  • ip based ssl certificate

    - by user121196
    I have two domain names pointing to the same ip, I am currently not using virtual host in my apache configuration. I simply use /var/www/html/ as root of the app. do I need to buy 2 godaddy certificates, one for each domain? It seems that godaddy certificate is tied to a domain, not ip, can someone clarify?

    Read the article

  • A non interactive alternative to makecert.

    - by mark
    Dear ladies and sirs. I have a need to create a self signed certificate non interactively. Unfortunately, the only tool that I know of (makecert) is interactive - it uses GUI to ask for a password. My OS is Windows (from XP to 2008). The only thing close that I managed to find is http://www.codeproject.com/Tips/125982/How-to-run-Makecert-without-password-window.aspx, however, it is still not good. Any ideas?

    Read the article

  • openssl ssl encryption

    - by deddihp
    Hello, I want to discuss about openssl write and read method. Assume I have an data structure like below: /-----------------------------------------------------\ | my_header | PAYLOAD | \-----------------------------------------------------/ | | \ / \ / not encrypted encrypted I think the proper algorithm would be like this : SEND: build my_header with my own header. encrypt PAYLOAD with encryption function attach my_header and PAYLOAD (encrypted) to one buffer send it using common POSIX function just like send or sendto RECV: using common POSIX function just like recv or recvfrom. extract my_header and PAYLOAD(encrypted) decrypt PAYLOAD with decryption function at last i got my_header and PAYLOAD(decrypted). How is your approach if you face a problem like above. Since openssl encrypt all of data that is sent to SSL_write function (CMIIW). Thanks

    Read the article

  • Exposing server uptime a potential security vulnerability?

    - by Edward Mazur
    I run a browser-based game and as part of a page with a bunch of game statistics, I have the server uptime listed. It's currently at 177 days and so someone mentioned to me that I shouldn't do this because a long uptime indicates the kernel is old and therefore missing security updates. This certainly sounds logical, but I searched around and couldn't find any evidence to support it. So I'm just wondering, is this indeed something I should not have exposed?

    Read the article

  • How to generate, sign and import SSL certificate from Java

    - by Demiurg
    I need to generate a self signed certificates at run time, sign them and import to the Java keystore. I can do this using "keytool" and "openssl" from command line in the following way: keytool -import -alias root -keystore keystore.txt -file cacert.pem keytool -genkey -keyalg RSA -keysize 1024 -alias www.cia.gov -keystore keystore.txt keytool -keystore keystore.txt -certreq -alias www.cia.gov -file req.pem openssl x509 -req -days 3650 -in req.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out reqsigned.pem keytool -import -alias www.cia.gov -keystore keystore.txt -trustcacerts -file reqsigned.pem I can, of course, ship my application with keytool and openssl binaries and execute the above commands from Java, but I'm looking for a cleaner approach which would allow me to do all of the above using pure Java. Any libraries I can use ?

    Read the article

  • Creating SSL on IIS - Remote access problem

    - by ile
    I followed these instructions: http://www.visualwin.com/SelfSSL/ When I type https://localhost/ than it works, but when I try to access it remotely (i set up my router to port forward to localhost), for example https://myip the page does not load. Also, I noticed one other thing. When I access localhost locally then I am asked to enter user/pass, but if I access remotely the I get the following warning: Under Construction The site you were trying to reach does not currently have a default page. It may be in the process of being upgraded and configured. ... I don't know if it is related with this but I hope someone know the answer. Thanks, Ile

    Read the article

  • INDY WebService over SSL contains link with HTTP protocol instead of HTTPS in WSDL

    - by user1437820
    When creating new SOAP WebService server project using Delphi XE2 the wizard allows to set change port and HTTPS properties. Port is set to 443, HTTPS flag is checked, but when trying to connect to created server it returns incorrect transport (HTTP instead of HTTPS) in WSDL and generates HTTP links on the Service Info Page. The auto-generated page is not so important, but wrong information in WSDL file is a problem. Below you can see the returned WSDL - there are no HTTPS: <?xml version="1.0"?> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xs="http://www.w3.org/2001/XMLSchema" name="Itest123service" targetNamespace="http://tempuri.org/" xmlns:tns="http://tempuri.org/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:ns1="urn:test123Intf"> <types> <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:test123Intf"> <simpleType name="TEnumTest"> <restriction base="string"> <enumeration value="etNone"/> <enumeration value="etAFew"/> <enumeration value="etSome"/> <enumeration value="etAlot"/> </restriction> </simpleType> <complexType name="TDoubleArray"> <complexContent> <restriction base="soapenc:Array"> <sequence/> <attribute ref="soapenc:arrayType" n1:arrayType="xs:double[]" xmlns:n1="http://schemas.xmlsoap.org/wsdl/"/> </restriction> </complexContent> </complexType> <complexType name="TMyEmployee"> <sequence> <element name="LastName" type="xs:string"/> <element name="FirstName" type="xs:string"/> <element name="Salary" type="xs:double"/> </sequence> </complexType> </schema> </types> <message name="echoEnum0Request"> <part name="Value" type="ns1:TEnumTest"/> </message> <message name="echoEnum0Response"> <part name="return" type="ns1:TEnumTest"/> </message> <message name="echoDoubleArray1Request"> <part name="Value" type="ns1:TDoubleArray"/> </message> <message name="echoDoubleArray1Response"> <part name="return" type="ns1:TDoubleArray"/> </message> <message name="echoMyEmployee2Request"> <part name="Value" type="ns1:TMyEmployee"/> </message> <message name="echoMyEmployee2Response"> <part name="return" type="ns1:TMyEmployee"/> </message> <message name="echoDouble3Request"> <part name="Value" type="xs:double"/> </message> <message name="echoDouble3Response"> <part name="return" type="xs:double"/> </message> <portType name="Itest123"> <operation name="echoEnum"> <input message="tns:echoEnum0Request"/> <output message="tns:echoEnum0Response"/> </operation> <operation name="echoDoubleArray"> <input message="tns:echoDoubleArray1Request"/> <output message="tns:echoDoubleArray1Response"/> </operation> <operation name="echoMyEmployee"> <input message="tns:echoMyEmployee2Request"/> <output message="tns:echoMyEmployee2Response"/> </operation> <operation name="echoDouble"> <input message="tns:echoDouble3Request"/> <output message="tns:echoDouble3Response"/> </operation> </portType> <binding name="Itest123binding" type="tns:Itest123"> <binding xmlns="http://schemas.xmlsoap.org/wsdl/soap/" style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="echoEnum"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoEnum" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> <operation name="echoDoubleArray"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoDoubleArray" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> <operation name="echoMyEmployee"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoMyEmployee" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> <operation name="echoDouble"> <operation xmlns="http://schemas.xmlsoap.org/wsdl/soap/" soapAction="urn:test123Intf-Itest123#echoDouble" style="rpc"/> <input> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </input> <output> <body xmlns="http://schemas.xmlsoap.org/wsdl/soap/" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="urn:test123Intf-Itest123"/> </output> </operation> </binding> <service name="Itest123service"> <port name="Itest123Port" binding="tns:Itest123binding"> <address xmlns="http://schemas.xmlsoap.org/wsdl/soap/" location="http://localhost:443/soap/Itest123"/> </port> </service> </definitions> When I'm trying to import WSDL to soapUI tool to check WebService work I need to change manually binding link to "https://" and only then RPCs will work. I will be very grateful for any idea how to force INDY to return links in WSDL with HTTPS protocol. Thanks in advance!

    Read the article

  • certutil -ping fails with 30 seconds timeout - what to do?

    - by mark
    Dear ladies and sirs. The certificate store on my Win7 box is constantly hanging. Observe: C:\1.cmd C:\certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface C:\set PROMPT=$P($t)$G C:\(13:04:28.57)certutil -ping CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:04:58.68)certutil -pingadmin CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:05:28.79)set PROMPT=$P$G C:\ Explanations: The first command shows you that there are –ping and –pingadmin parameters to certutil Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt) This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share. Thanks. P.S. 1.cmd is simply a batch of these commands: certutil -? | findstr /i ping set PROMPT=$P($t)$G certutil -ping certutil -pingadmin set PROMPT=$P$G

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >