Search Results

Search found 13810 results on 553 pages for 'security roles'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 71/553 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >

  • How to set up an rsync backup to Ubuntu securely?

    - by ws_e_c421
    I have been following various other tutorials and blog posts on setting up a Ubuntu machine as a backup "server" (I'll call it a server, but it's just running Ubuntu desktop) that I push new files to with rsync. Right now, I am able to connect to the server from my laptop using rsync and ssh with an RSA key that I created and no password prompt when my laptop is connected to my home router that the server is also connected to. I would like to be able to send files from my laptop when I am away from home. Some of the tutorials I have looked at had some brief suggestions about security, but they didn't focus on them. What do I need to do to let my laptop with send files to the server without making it too easy for someone else to hack into the server? Here is what I have done so far: Ran ssh-keygen and ssh-copy-id to create a key pair for my laptop and server. Created a script on the server to write its public ip address to a file, encrypt the file, and upload to an ftp server I have access to (I know I could sign up for a free dynamic DNS account for this part, but since I have the ftp account and don't really need to make the ip publicly accessible I thought this might be better). Here are the things I have seen suggested: Port forwarding: I know I need to assign the server a fixed ip address on the router and then tell the router to forward a port or ports to it. Should I just use port 22 or choose a random port and use that? Turn on the firewall (ufw). Will this do anything, or will my router already block everything except the port I want? Run fail2ban. Are all of those things worth doing? Should I do anything else? Could I set up the server to allow connections with the RSA key only (and not with a password), or will fail2ban provide enough protection against malicious connection attempts? Is it possible to limit the kinds of connections the server allows (e.g. only ssh)? I hope this isn't too many questions. I am pretty new to Ubuntu (but use the shell and bash scripts on OSX). I don't need to have the absolute most secure set up. I'd like something that is reasonably secure without being so complicated that it could easily break in a way that would be hard for me to fix.

    Read the article

  • Asp.net Login Status Question: It Aint Working

    - by contactmatt
    I'm starting to use Role Management in my website, and I'm current following along on the tutorial from http://www.asp.net/Learn/Security/tutorial-02-vb.aspx . I'm having a problem with the asp:LoginStatus control. It is not telling me that I am currently logged in after a successful login. This can't be true because after successfully logging in, my LoggedInTemplate is shown. The username and passwords are simply stored in a array. Heres the Login.aspx page code. Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) _ Handles btnLogin.Click ' Three valid username/password pairs: Scott/password, Jisun/password, and Sam/password. Dim users() As String = {"Scott", "Jisun", "Sam"} Dim passwords() As String = {"password", "password", "password"} For i As Integer = 0 To users.Length - 1 Dim validUsername As Boolean = (String.Compare(txtUserName.Text, users(i), True) = 0) Dim validPassword As Boolean = (String.Compare(txtPassword.Text, passwords(i), False) = 0) If validUsername AndAlso validPassword Then FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkRemember.Checked) End If Next ' If we reach here, the user's credentials were invalid lblInvalid.Visible = True End Sub Here is the content place holder on the master page specifically designed to hold Login Information. On successfull login, the page is redirected to '/Default.aspx', and the LoggedIn Template below is shown...but the status says Log In. <asp:ContentPlaceHolder Id="LoginContent" runat="server"> <asp:LoginView ID="LoginView1" runat="server"> <LoggedInTemplate> Welcome back, <asp:LoginName ID="LoginName1" runat="server" />. </LoggedInTemplate> <AnonymousTemplate> Hello, stranger. </AnonymousTemplate> </asp:LoginView> <br /> <asp:LoginStatus ID="LoginStatus1" runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Logout.aspx" /> </asp:ContentPlaceHolder> Forms authentication is enabled. I'm not sure what to do about this :o.

    Read the article

  • SSL + Jquery + Ajax

    - by chobo2
    Hi I starting too look at a bit of security into my site. My site I would consider a very low security risk as it has really no personal information from the user other than email. However the security risk will go up a bit as I am partnering with a company and the initial password for this companies users will be the same password they use essentially to get onto the network and every piece of software. So I have up my security( what is fine by me...I wanted to get around to this anyways). So one of my security concerns is this. A user logs in. form submit(non ajax is done). Password is hashed & Salted and compared to one in the database. Reject or let them proceed. So this uses no jquery or ajax but is just asp.net mvc and C#. Still if my understanding is right the password is sent in clear text. So if a use SSL and I would not need to worry about that is this correct? If that is true is that all I need? Second the user can change their password at anytime. This is done through ajax. So when the password is sent it is sent in clear text( and I can verify this by looking at firebug). So if I have SSL enabled on this page is that all I need or do I need to do more? So I am just kinda confused of what I need to make the password being sent to the server(both ajax and full post ways secure). I am not sure if I need to do more then SSL or if that is enough and if it is not enough what is the next layer of security?

    Read the article

  • apt-get update error after removing apt-key

    - by Caterpillar
    After Running apt-get update on ubuntu 10.04 server, I found this issue, Can any help me to solve this issue. Before this I had remove apt-key. Where can I get this apt-key to add it again. apt-get update Get:1 http://security.ubuntu.com lucid-security Release.gpg [198B] Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_IN Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_IN Get:2 http://in.archive.ubuntu.com lucid Release.gpg [189B] Ign http://in.archive.ubuntu.com/ubuntu/ lucid/main Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid/restricted Translation-en_IN Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_IN Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_IN Get:3 http://security.ubuntu.com lucid-security Release [44.7kB] Err http://security.ubuntu.com lucid-security Release Ign http://in.archive.ubuntu.com/ubuntu/ lucid/universe Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid/multiverse Translation-en_IN Get:4 http://in.archive.ubuntu.com lucid-updates Release.gpg [198B] Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/main Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/restricted Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/universe Translation-en_IN Ign http://in.archive.ubuntu.com/ubuntu/ lucid-updates/multiverse Translation-en_IN Hit http://in.archive.ubuntu.com lucid Release Ign http://in.archive.ubuntu.com lucid Release Get:5 http://in.archive.ubuntu.com lucid-updates Release [44.7kB] Err http://in.archive.ubuntu.com lucid-updates Release Hit http://in.archive.ubuntu.com lucid/main Packages Hit http://in.archive.ubuntu.com lucid/restricted Packages Hit http://in.archive.ubuntu.com lucid/main Sources Hit http://in.archive.ubuntu.com lucid/restricted Sources Hit http://in.archive.ubuntu.com lucid/universe Packages Hit http://in.archive.ubuntu.com lucid/universe Sources Hit http://in.archive.ubuntu.com lucid/multiverse Packages Hit http://in.archive.ubuntu.com lucid/multiverse Sources Fetched 587B in 1s (465B/s) Reading package lists... Done W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://security.ubuntu.com lucid-security Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 W: GPG error: http://in.archive.ubuntu.com lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://in.archive.ubuntu.com lucid-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/lucid-security/Release W: Failed to fetch http://in.archive.ubuntu.com/ubuntu/dists/lucid-updates/Release W: Some index files failed to download, they have been ignored, or old ones used instead.

    Read the article

  • Open file - Security warning

    - by joker
    Does anyone know how to disable the unknown publisher security warning when running an application in Windows Xp Home? It's pretty annoying to have to click run everytime... I have tried: Run gpedit.msc, and go to Local Computer Policy-User Configuration-Administrative Templates-Windows Components-Attachment Manager and enable "Default risk level for file attachments", and then enable "Inclusion list for low risk file types" and add to this list the file extensions that you want to open without triggering this crap. But this file 'gpedit.msc' doest not exist on my computer, i checked system32 folder also =/ maybe its for xp pro

    Read the article

  • SSL security error

    - by shah
    What would the reason of getting the following error? Microsoft OLE DB Provider for SQL Server error '80004005' [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

    Read the article

  • http, https and ftp is not working but smtp and imap is working

    - by Unicron
    hi all, yesterday on a computer of a friend a strange thing happened. after booting the ports fo http, https and ftp are closed but e-mail is still working. in the control panel the windows firewall seems active even if he tries to deactivate it. i have a suspision that it is the faul of norton internet security 2010, we have tried to uninstall it, but the uninstallation did not work. when using the removal tool from symantec it just goes to 23% and then it crashes. the process ccSvcHst.exe is still running. how can i safeley remove the rest of norton internet security? thanks in advance [edit] norton internet security 2010 is sucesfully removed, but still no connectivity

    Read the article

  • McAfee Security Scan appears out of thin air

    - by Jacques
    Hi, We have a Windows Server 2008 Standard edition server and when we logged in today a service, McAfee Security Scan, had been installed. I checked all the logs, but can't find any trace of who or how this install was initiated. We already use Nod32 so there would be no reason for us to install McAfee. Any idea how this happens? I did look for other installs like Flash or the like, but didn't see anything. Thanks Jacques

    Read the article

  • Users can't change password trough OWA for Exchange 2010

    - by Rémy Roux
    Here's our problem, users who want to change their password trough OWA get this error "The password you entered doesn't meet the minimum security requirements.", even if users are respecting the minimum security requirements. With these settings, we have the error: Enforced password history 1 passwords remembered Maximum password age 185 days Minimum password age 1 day Minimum password length 7 characters Password must meet complexity requirements enabled With these test settings, we don't have an error: Enforced password history not defined Maximum password age not defined Minimum password age not defined Minimum password length not defined Password must meet complexity requirements not defined People can change their password but there is no more security! Just changing one parameter of the GPO for example "Enforced password history", brings back this error. Here's our server configuration : Windows Server 2008 R2 Exchange Server 2010 Version: 14.00.0722.000 If anybody has a clue it would very helpful !

    Read the article

  • Cannont add service account to domain group during sql cluster install

    - by Sam
    I'm installing a 2008 instance on a 2003 machine which is already running 2005. I need to set up domain groups for the security setup step: http://msdn.microsoft.com/en-us/library/ms179530.aspx On Windows Server 2003, specify domain groups for SQL Server services. All resource permissions are controlled by domain-level groups that include SQL Server service accounts as group members. Much more info on this here: http://support.microsoft.com/kb/910708 I've had problems with being able to add the windows service accounts to the groups at install time. The security admins had to make my account a domain admin - which they were hesitant to do. The account under which SQL Server Setup is running must have permissions to add accounts to the domain groups. Is there a specific security setting which would allow my account to add accounts to a group?

    Read the article

  • Security System Preference won't open on Macos 10.6 Snow Leopard

    - by adambox
    When I try to open the Security preference pane on my iMac running Mac OS 10.6.6, it says "loading..." and it never opens. I get this in the console: 3/5/11 4:16:56 PM System Preferences[724] Could not connect the action resetLocationWarningsSheetOk: to target of class AppleSecurity_Pref 3/5/11 4:16:56 PM System Preferences[724] Could not connect the action resetLocationWarningsSheetCancel: to target of class AppleSecurity_Pref 3/5/11 4:16:56 PM System Preferences[724] *** -[NSCFDictionary initWithObjects:forKeys:count:]: attempt to insert nil value at objects[0] (key: NSFont)

    Read the article

  • Secure Server Distro

    - by Drama
    Hello, I have a root-server (i7/24GB/1TB) running Ubuntu 10.04 LTS as my OS. After some security audits (OpenVAS, Retina etc) I see that Ubuntu isn't the most secure system for a semi-corporate environment. Its updated from many sources, ofc from the Ubuntu security repo too. But nevertheless I could exploit my OpenSSL install with an exploit from August/September. There are some critical updates needed which Ubuntu does not provide. I was using Debian and Ubuntu for almost 5 years but now I doubt. What distro is secure and up to date from your point of view? How can I make the server more secure? Outsourcing of every software-module to a VM? I am not new to server-hardening, my packages are up to date I read Ubuntu Security Notices and I have no unneeded services installed on my server. Thanks.

    Read the article

  • Suggestions for splitting server roles amongst Hyper-V virtual servers / RAID6 or RAID10? / AppAssure

    - by Anon
    We have 2 Hyper-V hosts at present running 1 virtual server that was converted from a physical box running all roles. My plan is to split the roles over various virtual machines, upgrading to the latest software versions as I go, and use the backup server as a standby in case the main server fails. AppAssure backup software has a feature called Virtual Standby, so the VHD's can be ready to be fired up on the backup server if necessary. Off-site backups will be done via external USB drive for now. I'm just seeking some input/suggestions into how I'm planning to split the roles out amongst various virtual servers. Also, I'm curious how to setup the storage on the servers. We do not have any NAS's, SAN'S or any budget for this. What would the best RAID level be to use? I'm thinking either RAID6 (which is currently used) however I'm concerned about the write speeds, or RAID10 but again I'm worried that I can only lose 1 drive (from the same mirror) as opposed to any 2 with RAID6. I realise I have a hot swap for this, but what if a further drive fails during a rebuild? Is the write penalty of RAID6 worth the extra reliability over RAID10? Or will it be too slow with all the roles I am planning, therefore RAID10 is my only real option? The reason for the needed redundancy is I am the only technician and I'm not always on-site. Options I've considered: 1) 5 drives in RAID6 set, 200gb for host OS, rest for VM storage. 1 drive for hot swap - this is how it is currently setup 2) 4 drives in RAID10 set, 200gb for host OS, rest for VM storage. 2 drives for hot swap 3) 4 drives in RAID10 set for VM storage, 2 drives in RAID1 set for host OS. No drives for hot swap - While this is probably the best option with the amount of drives I have, I don't like the idea of having no hot swap 4) 3 drives in RAID6 set for VM storage, 2 drives in RAID1 set for host OS. 1 drive for hot swap All options give us enough storage capacity for our files, etc. We don't have any budget for extra drives or extra hot swap HD chassis for the servers. We have about 70 clients and about 150 users. MAIN SERVER Intel Xeon 5520 @ 2.27 GHz (2 processors) 16GB RAM 6 x 1TB Seagate Barracuda ES.2 Enterprise SATA drives Intel SRCSATAWB RAID controller Virtual machine workload using Hyper-V on Windows Server 2008 R2: DC01 - Active Directory Domain Controller / DNS server / Global catalog - 1GB RAM DC02 - Active Directory Domain Controller / DNS server / Global catalog - 1GB RAM Member Server - DHCP server, File server, Print server - 1GB RAM SCCM Member Server - 4GB RAM Third Party Software Member Server - A/V server, Ticketing software, etc - 4GB RAM Exchange 2007 - 4GB RAM - however we are probably migrating to a hosted solution, therefore freeing up resources BACKUP SERVER Intel Xeon E5410 @ 2.33GHz (2 processors) 16GB RAM 6 x 2TB WD RE4 SATA drives Intel SRCSASRB RAID controller Virtual machine workload using Hyper-V on Windows Server 2008 R2: AppAssure backup software - 8GB RAM

    Read the article

  • debian LTS : how to keep packages up-to-date with last security fixes using apt

    - by Quentin
    What's the best way to keep packages up-to-date (ie with the last security fixes) without worried about major version update ? For instance, apache2 for squeezeis is 2.2.16 (https://packages.debian.org/source/squeeze/apache2) However, last apache2 version for the 2.2.x branch is 2.2.27 Test repository can't be used since they use the 2.4.x versions and I'd like to stick on the 2.2.x (to avoid migration issues) How would you handle this situation and how can I update to 2.2.27 ?

    Read the article

  • HTTP, HTTPS and FTP is not working but SMTP and IMAP are working.

    - by nWorx
    Yesterday on a computer of a friend a strange thing happened. after booting the ports fo http, https and ftp are closed but e-mail is still working. in the control panel the windows firewall seems active even if he tries to deactivate it. I have a suspision that it is the faul of norton internet security 2010, we have tried to uninstall it, but the uninstallation did not work. when using the removal tool from symantec it just goes to 23% and then it crashes. the process ccSvcHst.exe is still running. How can I safely remove the rest of Norton Internet Security? Edit: Norton Internet Security 2010 is sucesfully removed, but still no connectivity...

    Read the article

  • AD reset user passwords for a security group

    - by Nathan C
    I'm not quite sure if this is possible or not, but I need to force a certain security group's users to have their passwords expire so they'll be forced to change them on next login. The reason for this is because I applied a FGPP (password policy) to this particular group in order to enforce strong passwords. Well, many users have really weak passwords and they won't be changed unless they're forced. Is there a way to do this without forcing everyone to a single password?

    Read the article

  • How does MDT resolve settings specified in multiple machine roles?

    - by niteice
    I have a number of machines in MDT that belong to multiple roles. Nothing fancy there. However, in role A (which applies to most machines) the MachineObjectOU is specified, and in role B (which only applies to certain machines) a different MachineObjectOU is specified because those machines need to appear somewhere different in the directory. How do I guarantee that MDT will read settings from role B? Is it the order of roles in the list in the machine properties window?

    Read the article

  • Amazon EC2 open ports for security groups present in other accounts

    - by rahul
    Hi, Assume, I am having 2 ec2 accounts (say A and B), both have different list of security groups. Now I want to open a particular port (say 80) for an instance running in account A, to account B. ie, I want to only allow account B instances, to access account A's 80 port. Could any one update me, is there a way to do this.?? Additionally, may I access account A's instance from account B's instance by using its private ip address/host name ?? Thanks in Advance,

    Read the article

  • Logins with only HTTP - are they as insecure as I'm thinking?

    - by JoeCool1986
    Recently I was thinking about how websites like gmail and amazon use HTTPS during the login process when accessing your account. This makes sense, obviously, since you're typing in your account username and password and you would want that to be secure. However, on Facebook, among countless other websites, their logins are done with simple HTTP. Doesn't that mean that my login name and password are completely unencrypted? Which, even worse, means that all those people who login to their facebooks (or similar sites) at a wifi hotspot in public are susceptible to anyone getting their credentials using a simple packet sniffer (or something similar)? Is it really that easy? Or am I misunderstanding internet security? I'm a software engineer working on some web related stuff, and although at the current time I'm not too involved with the security aspect of our software, I knew I should probably know the answer to this question, since it's extremely fundamental to website security. Thanks!

    Read the article

  • How to effectively secure a dedicated server for intranet use?

    - by Mark
    I need to secure a dedicated server for intranet use, the server is managed so will have software based security, but what other security should be considered for enterprise level security? The intranet is a host for an ECM (Alfresco) managing and storing sensitive documents. As the information is sensitive we are trying to make it as secure as reasonably possible (requirement in UK law). We plan to encrypt the data on the database. It will be connected to via SSL encryption. Should we consider Hardware firewall, Private lan between the application server and database server?

    Read the article

  • Cross Domain access of self hosted WCF services?

    - by Macnique
    I have developed a WPF application which communicates with a set of self hosted WCF services which are under same domain and I use the following setup in the config files. <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> <message clientCredentialType="Windows" /> </security> I hosted the services on a server in different domain .I can achieve the communication by setting the security mode to "None" which is not ideal. Is there any other setting i can user for cross domain communication or i have to do with some trusted certificates ? I would be glad if some one can guide me because all the searches on google directed me to silverlight applications +Crossdomain.xml+WCF but i have't seen any combination of WPF on crossdomain environment.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >