Search Results

Search found 249 results on 10 pages for 'dmz'.

Page 6/10 | < Previous Page | 2 3 4 5 6 7 8 9 10  | Next Page >

  • Why is Internet said to be an untrusted network?

    - by Ant's
    From Wikipedia In computer security, a DMZ (sometimes referred to as a perimeter networking) is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. Why does it say … larger untrusted network, usually the Internet. I often see that internet is said to be an untrusted network. Are there any reasons for it?

    Read the article

  • How can I block access to public server IP for OpenSSH in Debian?

    - by VanDerSpar
    I got a Debian server with a public and a private IP in a DMZ. I need to be able to connect to it through SSH on our private side, and then block all access to the public address. Both /etc/hosts.deny and sshd_config seems to only let one block incoming IP addresses. What I really want is to disable SSH connections for the public IP. I've been trying iptables, but I haven't had luck with that neither. Any help is appreciated.

    Read the article

  • WCF Authentication on the Internet - HELP

    - by Eddie
    I have a WCF service using the basicHTTP binding. The service will be targeted to be deployed in production in a DMZ environment on a Windows Server 2008 64 bit running IIS 7.0 and is not in an Active Directory domain. The service will be accessed by a business partner over the Internet with SSL protection. Originally, I had built the service to use x.509 Message authentication with wsHTTPBinding and after a lot of problems I punted and decided to back up and use basicHTTP with UserName authentication. Result: same exact, obscure error message as I received with certificate mode. The service works perfectly inside our domain with the exact same authentication but as soon as I move it to the DMZ I get an error reading: "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail". The inner exception message is: "An error occurred when verifying security for the message." The services' web config with binding configuration is as follows: <services> <service behaviorConfiguration="HSSanoviaFacade.Service1Behavior" name="HSSanoviaFacade.HSSanoviaFacade"> <endpoint address="" binding="basicHttpBinding" contract="HSSanoviaFacade.IHSSanoviaFacade" bindingConfiguration="basicHttp"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" /> <host> <baseAddresses> <add baseAddress="https://FULLY QUALIFIED HOST NAME CHANGED TO PROTECT/> </baseAddresses> </host> </service> </services> <bindings> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName" /> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="HSSanoviaFacade.Service1Behavior"> <serviceMetadata httpsGetEnabled="True" /> <serviceDebug includeExceptionDetailInFaults="True" /> </behavior> </serviceBehaviors> </behaviors> The test client's configuration that gets the error: <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_IHSSanoviaFacade" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://HOST NAME CHANGED TO PROTECT" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IHSSanoviaFacade" contract="MembersService.IHSSanoviaFacade" name="BasicHttpBinding_IHSSanoviaFacade" /> </client> As mentioned earlier, the service works perfectly on the domain and the production IIS box is not on a domain. I have been tweaking and pulling my hair out for 2 weeks now and nothing seems to work. If anyone can help I would appreciate it. Even a recommendation for a work around for authentication. I'd rather not use a custom authentication scheme but use built-in SOAP capabilities. The credentials pass in thru the proxy i.e. proxy.ClientCredentials.UserName.UserName and proxy.ClientCredentials.UserName.Password are valid accounts on both the internal domain in the test environment and as a machine account on the DMZ IIS box.

    Read the article

  • No anti-aliasing with Xmonad

    - by Leon
    I'm looking into Xmonad. One problem I'm having is that most of my applications in Xmonad don't have anti-aliasing. For example gnome-terminal & evolution. I have this in my .Xresources: Xft.dpi: 96 Xft.lcdfilter: lcddefault Xft.antialias: true Xft.autohint: true Xft.hinting: true Xft.hintstyle: hintfull Xft.hintstyle: slight Xft.rgba: rgb And this in my .gtkrc-2.0: gtk-theme-name="Ambiance" gtk-icon-theme-name="ubuntu-mono-dark" gtk-font-name="Sans 10" gtk-cursor-theme-name="DMZ-White" gtk-cursor-theme-size=0 gtk-toolbar-style=GTK_TOOLBAR_BOTH gtk-toolbar-icon-size=GTK_ICON_SIZE_LARGE_TOOLBAR gtk-button-images=1 gtk-menu-images=1 gtk-enable-event-sounds=1 gtk-enable-input-feedback-sounds=1 gtk-xft-antialias=1 gtk-xft-hinting=1 gtk-xft-hintstyle="hintfull" gtk-xft-rgba="rgb" include "/home/leon/.gtkrc-2.0.mine" But I still have no anti-aliasing. When I launch gnome-settings-daemon I do get anti-aliasing. But I don't want to run gnome-settings-daemon. What could be the problem? I'm running Ubuntu 12.04 Desktop.

    Read the article

  • OWSM vs. OEG - When to use which component - 11g

    - by Prakash Yamuna
    A lot of people both internal to Oracle and customers keep asking about when should OWSM be used vs. OEG. Sometime back I posted Oracle's vision for layered SOA security Here is a quick summary: Use OWSM in Green Zone Use OEG in Red Zone (DMZ) If you need end-to-end security in which case they will want both OWSM and OEG. This is the topology I would recommend for most customers. If you need only Green Zone security - then use OWSM in conjunction with Oracle FMW products like SOA Suite, OSB, ADF, WLS, BI, etc both on the Client Side and Service Side (assuming you are using FMW technologies for both Clients and Services). If you need only Red Zone security - then use OEG on the Service Side. You can use OWSM for the Client Side if you are using FMW to build your clients.

    Read the article

  • What's the location of a personal 'gtkrc' file in Ubuntu 12.04?

    - by Kevin Perez
    Good day everyone! I am currently writting a software that makes easy to change default cursor theme with a few clicks. At this point it works well, but applications like Firefox or Lazarus IDE remain with the DMZ-White cursor, everything else is ok. I noticed that when I change the default cursor using my software, and later change the 'personalized' cursor theme using Ubuntu Tweak, it does the job, and the new theme is now applied everywhere. So, what file is need to modify in order to change 'personal' cursor theme? If my software can do this, that would be great! I found that 'gtkrc' is a file where settings of GTK+ are stored. I searched in my home folder but I can't find yet. Can you help me with this, noble people of Ubuntu? :)

    Read the article

  • MSDTC - Communication with the underlying transaction manager has failed (Firewall open, MSDTC netwo

    - by SocialAddict
    I'm having problems with my ASP.NET web forms system. It worked on our test server but now we are putting it live one of the servers is within a DMZ and the SQL server is outside of that (on our network still though - although a different subnet) I have open up the firewall completely between these two boxes to see if that was the issue and it still gives the error message "Communication with the underlying transaction manager has failed" whenever we try and use the "TransactionScope". We can access the data for retrieval it's just transactions that break it. We have also used msdtc ping to test the connection and with the amendments on the firewall that pings successfully, but the same error occurs! How do i resolve this error? Any help would be great as we have a system to go live today. Panic :) Edit: I have created a more straightforward test page with a transaction as below and this works fine. Could a nested transaction cause this kind of error and if so why would this only cause an issue when using a live box in a dmz with a firewall? AuditRepository auditRepository = new AuditRepository(); try { using (TransactionScope scope = new TransactionScope()) { auditRepository.Add(DateTime.Now, 1, "TEST-TRANSACTIONS#1", 1); auditRepository.Save(); auditRepository.Add(DateTime.Now, 1, "TEST-TRANSACTIONS#2", 1); auditRepository.Save(); scope.Complete(); } } catch (Exception ex) { Response.Write("Test Error For Transaction: " + ex.Message + "<br />" + ex.StackTrace); } This is the ErrorStack we are getting when the problem occurs: at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken) at System.Transactions.TransactionStatePSPEOperation.PSPEPromote(InternalTransaction tx) at System.Transactions.TransactionStateDelegatedBase.EnterState(InternalTransaction tx) at System.Transactions.EnlistableStates.Promote(InternalTransaction tx) at System.Transactions.Transaction.Promote() at System.Transactions.TransactionInterop.ConvertToOletxTransaction(Transaction transaction) at System.Transactions.TransactionInterop.GetExportCookie(Transaction transaction, Byte[] whereabouts) at System.Data.SqlClient.SqlInternalConnection.GetTransactionCookie(Transaction transaction, Byte[] whereAbouts) at System.Data.SqlClient.SqlInternalConnection.EnlistNonNull(Transaction tx) at System.Data.SqlClient.SqlInternalConnection.Enlist(Transaction tx) at System.Data.SqlClient.SqlInternalConnectionTds.Activate(Transaction transaction) at System.Data.ProviderBase.DbConnectionInternal.ActivateConnection(Transaction transaction) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at System.Data.Linq.SqlClient.SqlConnectionManager.UseConnection(IConnectionUser user) at System.Data.Linq.SqlClient.SqlProvider.get_IsSqlCe() at System.Data.Linq.SqlClient.SqlProvider.InitializeProviderMode() at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query) at System.Data.Linq.ChangeDirector.StandardChangeDirector.DynamicInsert(TrackedObject item) at System.Data.Linq.ChangeDirector.StandardChangeDirector.Insert(TrackedObject item) at System.Data.Linq.ChangeProcessor.SubmitChanges(ConflictMode failureMode) at System.Data.Linq.DataContext.SubmitChanges(ConflictMode failureMode) at System.Data.Linq.DataContext.SubmitChanges() at RegBook.classes.DbBase.Save() at RegBook.usercontrols.BookingProcess.confirmBookingButton_Click(Object sender, EventArgs e)

    Read the article

  • Is it possible to do DNS-based ACLs on a Cisco ASA?

    - by pickles
    Short of using static IP addresses, is it possible to have a Cisco ASA use a DNS name rather than an IP address? For instance, if I want to limit a host in the DMZ to access only one particular web service, but that web service might be globally load balanced or using DynDNS or cloud, how can the ACL be expressed so that a fixed IP address isn't used and the admin doesn't have to keep opening and closing down IP addresses?

    Read the article

  • Issues with Verizon's "Network Extender" device talking on my home network.

    - by Logan
    I recently switched my phone service to Verizon from ATT, and I get somewhat spotty service in my house. I called them and they sent me a "network extender" device for free. Its a femtocell that connects to my home network. The directions that come with it are very dumbed down, basically just say to connect it to your router and put it near a window (so it can get a GPS signal, it has to make sure its within the correct area before operating). The problem I'm having is the network light on it stays red. The troubleshooting information that came with it tells me this means there is a bad network connection. Its connected through an ASUS router running DD-WRT. No other devices on my network have a problem with it, including a Western Digital WDLIVE device, mine and my wife's cell phones (via wifi), a Wii, and an Xbox. If I connect the device directly to my cable modem, the light goes blue (which means good) and it starts working. So this tells me that its definately a configuration issue with my router. Verizon basically washed their hands of me when I connected it to my cable modem, and told me that its a router issue and to try a different router. Because normal people just have extra routers laying around their houses... When I connect it to the router, I can watch the DHCP Clients list on the status page, and the MAC of the network extender quickly fills up the clients list, grabbing every available DHCP address. Its like it grabs an address, can't connect to the internet, releases it, grabs another, then another, then another. So in the DHCP server settings I assigned a static IP to its MAC. This made it quit doing what it was doing before, but its still not working. I found the ports I needed to open on verizon's website, and opened them in the port forwarding config on my router. This still didn't help. So, I tried setting the network extender device's IP as the DMZ IP on the router. This still did no good. I called Verizon back and got the tech to write up a report which he passed on to a "senior network tech" who I got a call back from a few hours ago. This guy told me that while an ASUS router isn't listed as a supported device, he's not really sure why its not working. He suggested restoring the firmware to stock ASUS firmware and trying again. I have a very hard time believing its DD-WRT doing this, since every other device is working just fine with it. But its also not the Network Extender, since it works just fine when connected directly to the modem. At this point I'm out of ideas, and the next step is to restore the stock firmware on my router, and then going to walmart and getting a linksys WRT-54G to try. Is there anything else I could try before going that drastic? Cliffs- -Network extender won't work behind router, works when connected directly to cable modem. -Extender goes nuts when allowed to pick its own DHCP address, I had to assign it a static IP. -Won't work when correct ports are forwarded to it -Won't work with a DMZ address.

    Read the article

  • MSDTC - Communication with the underlying transaction manager has failed (Firewall open, MSDTC netwo

    - by SocialAddict
    I'm having problems with my ASP.NET web forms system. It worked on our test server but now we are putting it live one of the servers is within a DMZ and the SQL server is outside of that (on our network still though - although a different subnet) I have open up the firewall completely between these two boxes to see if that was the issue and it still gives the error message "Communication with the underlying transaction manager has failed" whenever we try and use the "TransactionScope". We can access the data for retrieval it's just transactions that break it. We have also used msdtc ping to test the connection and with the amendments on the firewall that pings successfully, but the same error occurs! How do i resolve this error? Any help would be great as we have a system to go live today. Panic :)

    Read the article

  • Redundancy and Automated failover using Forefront TMG 2010 Standard between Production-DR site ?

    - by Albert Widjaja
    Hi, I'm using MS TMG 2010 Standard as my single firewall to publish my Exchange Server and IIS website to the internet, however it is just one VM in the DMZ network with just one network card (vNIC), what sort of redundancy method that is suitable for making this firewall VM redundant / automatically failover in my DR site ? Because it is very important in the event of disaster recovery all important email through various mobile device will still need to operate and it is impossible if this TMG 2010 VM is offline. is it by using: 1. Multicast NLB 2. Any other clustering 3. VMware HA / FT (one VM in production, the other VM in DR site with different subnet ?) Any suggestion and idea willl be appreciated. Thanks

    Read the article

  • Multiple vlan issue with procurve switch

    - by Chris-AZ
    I have a cisco asa5505 as my rtr/fw(10.1.3.254). I have vlan 1 and vlan 3. Vlan 1 is my default all access vlan. Vlan 3 is my Guest(dmz) vlan. I can't seem to get a dhcp ip address when my laptop is plugged into port 42 on my procurve. I have plugged my laptop directly into the firewall and it gets a dhcp ip fine(the firewall is dhcp server). the firewall is plugged into port 41. Only vlan3 needs to go over port 41. I'm sure I have a bonehead config problem however I'm about ready to pull out what little hair I have left. vlan 1 name "Computers" forbid 45 untagged 1-41,43-44 ip helper-address 10.1.1.16 ip address 10.1.1.1 255.255.255.0 tagged 46-48 no untagged 42,45 exit vlan 3 name "Guest Wireless" ip helper-address 10.1.3.254 ip address 10.1.3.1 255.255.255.0 tagged 41-42,44-48 exit

    Read the article

  • Setup Linksys 3200 remote access

    - by Greg
    I'm trying to setup remote access for my linksys 3200 so that I can configure it through the WAN port. I have turned on remote access, however when I try to connect I get a 404 error. The settings I have are: When I try to access xxx.xxx.xxx.xxx:9999 I just get a 404 error. I have allowed RDP access to a computer behind the router and this works fine on the same IP address. Any idea's on what else I have to do to allow remote management access? UPDATE: I tried changing the port to 80 and it works. Change it back to any other number and it doesn't work. Modem is setup with a DMZ to the router's IP. Why does it only work on port 80? BTW I can't use port 80 because there is a website hosted behind the router.

    Read the article

  • OpenVPN Cloud for Network monitoring

    - by mezgani
    I'm working on a supervision project based on OpenVPN, a good way to send some network traffic through a secure channel to office from there out to the Internet. On office i have an OpenVPN server installed and i need to monitor all branches servers that are behind firewalls. I know that the point to point solution is very easy so we may only install OpenVPN client on node that i need to monitor. In the fact, is there any other issue that could help to supervise all branches DMZ network, without installing the client on each machines.

    Read the article

  • IIS seems to send email twice

    - by David Brunelle
    Hi, we have a request page in our website that send email to confirm the request. It seem that whenever this page is accessed, some (not all of them) are sent more than once at different time, sometime hours apart. The code (which is an old ASP page) looks fine as it sends only once to the recipient. So I doubt it's a programming related problem. When looking at the Exchange server, the tech told me that he seems to be receiving the request twice at different time, so the problem comes from what's between the code and Exchange. My hypothesis is that IIS seem to 'remember' the page and rerun it for some reason. Any hint on where to start? We have IIS 6 (in french if it makes any difference) with Exchange 2007. IIS is running on a Windows Server 2003 machine (virtual machine I believe) in a DMZ. I don't know about Exchange. Thank you.

    Read the article

  • Load balancing SMTP in a way that doesn't hide the source IP address

    - by makerofthings7
    I need to load balance SMTP to handle some applications that don't know how to use MX records. I set up a Netscaler using the TCP option on port 25 and now Exchange sees the source IP as that of the DMZ of the Netscaler for every connection, not the client. Obviously this prevents RBLs, Whitelists, and all other IP-based reputation to fail. It also make it impossible to whitelist a trusted IP for anonymous relay. Question How should I configure the NetScaler (or Windows Load Balancing) so that I can allow load balancing yet still maintain visibility of the source IP?

    Read the article

  • VPN to Buffalo WHR-HP-G300N produces a Connection Error 807

    - by Darius
    My friend has modem/router from Clear and I have sent him Buffalo router to put it between his Clear device and the Network. I walked him thru establishing VPN in DD-WRT but when I try to VPN I get a VPN Connection Error 807. I am out of ideas how to solve this. Any suggestion? Clear Modem WAN: xx.xx.xx.xx Clearn Modem NAT's to: 192.168.15.XXX Clear Modem DHCP: 192.168.15.2 - 192.168.15.2 (range is limited to that of ONE ip address) Clear Modem DMZ: 192.168.15.2 the LAN of the clear modem is 192.168.15.XXX The DD-WRT IP: 192.168.4.1 Port FWD: 1723 to 192.168.4.1 PPTP server listens on 192.168.4.1 Where is the problem with this setup?

    Read the article

  • Connectiong adsl router/modem and router with bridgemode

    - by Zvonko Telefonko
    I have one adsl modem/router which is not "top" of the line and it lack allot of options which I need. I was able to acquire one Cisco router recently which has all options that I need ( like DMZ, VPN, port forwarding, etc). I'm interested, if I connect the old modem/router to new Cisco router using bridge mode, will I be able to use all the features on the Cisco? For instance, the old router is lacking of port forward options. Does this mean that I will not be able to use port forwarding on Cisco router either or, since I will be using bridge mode, this will not affect Cisco router and it will work as the modem is in him? thank you

    Read the article

  • FortiGate firewall configuration with /30 and /28 networks

    - by slyderc
    I have fiber coming in from a new ISP which is being handed off via Ethernet on a single physical port. I'm having doubts about how to approach the configuration on my FortiGate 200A firewall because I've been given a /30 containing the ISP's gateway and another /28 for external IPs I can use: x.y.76.12/30 (.13 is the GW) x.y.76.64/28 (public IP space) How do I configure the FG200A's WAN1 interface to be aware of the two networks? As I only have one physical ISP port, will I need to plug it into a switch to break-out two cables and use a DMZ port on the FG200A for setting up the /28? Thanks in advance for your insight!

    Read the article

  • SNMP counter issues with cisco RV082

    - by Chance
    Does anyone else poll this router with SNMP? We are using firmware version: 2.0.0.19-tz We are having problems with the traffic counters, some of them appear to be implemented as 16 bit counter instead of 32 bit counters. The reason this is causing problems is that they roll over (at 65,000) to 0 in less than our minute polling cycle, really skewing our metrics. The counter for the Lan (interface 2) seems to be functioning properly, however interfaces 3 and 4 (WAN and DMZ / WAN2) rollover at 65000. Tue May 11 08:38:31 EDT 2010 IF-MIB::ifInOctets.1 = Counter32: 137634 IF-MIB::ifInOctets.2 = Counter32: 1865677943 IF-MIB::ifInOctets.3 = Counter32: 12450 IF-MIB::ifInOctets.4 = Counter32: 49354 Look at counter IF-MIB::ifInOctets.4 5 seconds later: Tue May 11 08:38:36 EDT 2010 IF-MIB::ifInOctets.1 = Counter32: 137634 IF-MIB::ifInOctets.2 = Counter32: 1865836207 IF-MIB::ifInOctets.3 = Counter32: 13167 IF-MIB::ifInOctets.4 = Counter32: 12900 Any suggestions? Seems like a bug to me, however I just wanted to make sure I wasn't crazy.. Thanks!

    Read the article

  • How do you implement NAT-T passthrough on a Juniper SRX series Firewall?

    - by Chris
    We have 3 juniper SRX-100 firewalls, they are configured like so: FW1 - FW2 - INTERNET - FW3 We would like to create an IPSEC tunnel between FW3 and FW1 passing through FW2 preferably using NAT-T. Is this possible? FW1 and FW2 have some strict access rules only allowing 1 port connected (it's a DMZ with a server in) so we can't just create a route based vpn between FW1 and FW2 to forward the traffic (otherwise all traffic will be forwarded) We know the tunnel is fine because we have managed to test it between FW1 and FW3 (without FW2 in the middle) so we know that the issue is to do with the 'passthrough' on FW2. Essentially, the question is - What options do we need to select on FW2 to enable it to pass through the IPSEC traffic straight to FW1? Many thanks in advance

    Read the article

  • Why do I see router and not my real IIS?

    - by Tim Tom
    I am trying to access IIS through web but unable to do so. Basically I have a router (which functions as router and modem) that is given by ISP and I have another router connected to the router given by ISP. My ISP's router can be visited through 192.168.0.1 and the router that I connected to ISP's router can be visited through 192.168.1.1 Please see my ISP's router: As you can see I have DMZ enabled for my router of 192.168.1.1 Now please see my router of 192.168.1.1: As you can see I added a virtual server for port 80 where 192.168.1.125 is my private IP. I rebooted both of my modems an tried to visit my IP from: http://www.whatsmyip.org/ and after doing so, when I type my live IP I still see my router of 192.168.0.1 instead of my IIS. What am I missing? Note: I have disabled Firewall on both of the routers. Any help would be appreciated.

    Read the article

  • Why should I use Firewall Zones and not just Address Objects?

    - by SRobertJames
    I appreciate Firewall Address Objects and Address Groups - they simplify management by letting me give a name to a group of addresses. But I don't understand what Firewall Zones (LAN, WAN, DMZ, etc.) do for me over Address Groups. I know all firewalls have them, so there must be a good reason. But what do I gain by stating a rule applies to all traffic from LAN Zone to WAN Zone which comes from LAN Address Group to WAN Address Group? Why not just mention the Address Groups?

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10  | Next Page >