Search Results

Search found 6535 results on 262 pages for '3d secure'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 73/262 | < Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >

  • How can I secure Postgres for remote access when not in a private network?

    - by orokusaki
    I have a database server on a VMWare VM (Ubuntu 12.04.1 LTS server), and it just occurred to me that the server is accessible via the web, since the same physical server contains a VM that hosts public websites. My iptables in the database are such that only SSH traffic, loopback traffic, and TCP on port 5432 are allowed. I will only allow host access to the Postgres server from the IP of the other VM on the same physical machine. Does this seem sufficient for security, assuming there aren't gaping holes in my general OS configuration, or is Postgres one of those services that should never be web facing, (assuming there are some of "those"). Will I need to use hostssl instead of host in my pg_hba.conf, even though the data will travel only on my own network, presumably?

    Read the article

  • Which video types are considered secure/trusted by Windows Vista Media Center?

    - by Page Brooks
    I've been working to set up a Windows Vista Media Center and I noticed that when I play certain DVDs, the video is scrambled. After watching this video, I think it is because Windows Vista considers Component Cables to be untrusted and therefore scrambles the video. The video says that VGA is a trusted video type, but I was curious of which other types are trusted? If I were to use a DVI to HDMI cable, would that be trusted? Edit: Scrambled as in: The video looks like a rainbow checkerboard. The audio plays as expected. I'm using component cables for the connection to my TV.

    Read the article

  • How to grant secure access to an untrusted developer to an exisiting virtual host?

    - by Margaret Thorpe
    Our security policy does not permit ftpd on our servers. Our trusted developers use ftps to access our webservers and they have full access to the server. How do we grant limited access to a single untrusted developer for an existing virtual host. Ive configured rssh to only allow sftp to our untrusted developer, but we dont want him browsing around our other sites. I've investigated chroot, but it seems overly complex and more for restricting access to their home folders. I want to limit access to /srv/www/vhostx/ and below. Whats the best solution?

    Read the article

  • Can I rely on S3 to keep my data secure?

    - by Jamie Hale
    I want to back up sensitive personal data to S3 via an rsync-style interface. I'm currently using s3cmd - a great tool - but it doesn't yet support encrypted syncs. This means that while my data is encrypted (via SSL) during transfer, it's stored on their end unencrypted. I want to know if this is a big deal. The S3 FAQ says "Amazon S3 uses proven cryptographic methods to authenticate users... If you would like extra security, there is no restriction on encrypting your data before storing it in Amazon S3." Why would I like extra security? Is there some way my buckets could be opened to prying eyes without my knowing? Or are they just trying to save you when you accidentally change your ACLs and make your buckets world-readable?

    Read the article

  • Apache and fastcgi - How to secure an Apache server with fastcgi enabled?

    - by skyeagle
    I am running a headless server on Ubuntu 10.x. I am running Apache 2.2. I am writing a fastcgi application for deployment on the server. I remember reading a while back (I could be wrong) that running CGI (and by implication fastcgi) on a server, can provide 'backdoors' for potential attackers - or at the very least, could compromise the server if certain security measurements are not taken. My questions are: what are the security 'gotcha's that I have to be aware of if I am enabling mod_fastcgi on my Apache server? I want to run the fastcgi as a specific user (with restricted access) how do I do this?

    Read the article

  • Understanding how texCUBE works and writing cubemaps properly into a cube rendertarget

    - by cubrman
    My goal is to create accurate reflections, sampled from a dynamic cubemap, for specific 3d objects (mostly lights) in XNA 4.0. To sample the cubemap I compute the 3d reflection vector in a classic way: half3 ReflectionVec = reflect(-directionToCamera, Normal.rgb); I then use the vector to get the actual reflected color: half3 ReflectionCol = texCUBElod(ReflectionSampler, float4(ReflectionVec, 0)); The cubemap I am sampling from is a RenderTarget with 6 flat faces. So my question is, given the 3d world position of an arbitrary 3d object, how can I make sure that I get accurate reflections of this object, when I re-render the cubemap. Should I build the ViewProjection matrix in a specific way? Or is there any other approach?

    Read the article

  • How to make sure Windows PC is reasonably secure?

    - by Coder
    I'm not much of a network and network security expert, but I need to add an existing Windows PC to a network with always on connection. The problem is, I have no idea if the PC is really clean, and, actually, no knowledge to check it. I scanned the PC with Process Explorer to verify if all running processes are signed, ran an AVG scan, but this is where my knowledge ends. IIRC, there can be bad code attached to svchost or something, bad drivers, and so on, but I have no idea how to check all those things. Reformatting the PC is unfeasible as of now. Are there any suggestions on what I could do?

    Read the article

  • How do I start "Ubuntu classic desktop" (no effects) from the command line

    - by Andrew Stern
    I am able to run sessions over an ssh connection but I rather use the "Ubuntu classic desktop (no effects)" version on Ubuntu 11.04 instead of the new Unity since I don't have 3d support on the laptop I'm using to display the graphical User Interface. How can I startup the older gnome-session without the 3d effects? I tried gnome-session but it seems to be the option with the 3d effects and I want a more stripped down session over my ssh session.

    Read the article

  • Do I need a VPN to secure communication over a T1 line?

    - by Seth
    I have a dedicated T1 line that runs between my office and my data center. Both ends have public IP addresses. On both ends, we have a T1 routers which connect to SonicWall firewalls. The SonicWalls do a site-to-site VPN and handle the network translation, so the computers on the office network (10.0.100.x) can access the servers in the rack (10.0.103.x). So the question: can I just add a static route to the SonicWalls so each network can access each other with out the VPN? Are there security problems (such as, someone else adding the appropriate static route and being able to access either the office or the datacenter)? Is there another / better way to do it? The reason I'm looking at this is because the T1 is already a pretty small pipe, and having the VPN overhead makes connectivity really slow.

    Read the article

  • How secure is a bluetooth keyboard against password sniffing?

    - by jhs
    In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system? Edit: Final Summary All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

    Read the article

  • How to set up Drupal Plugin Manager on MAMP in a secure way?

    - by Andrei
    Hi, I use MAMP PRO as global webserver. First of all, is it a good idea? Secondly, my objective is to run a Drupal website with as easy management as possible. Now I want to use Plugin Manager module to install additional modules and themes for my website. It wants to use ftp for that, and I know that if I open access to FTP port then IT-department guys will come to me and ask to shut it down. So I wonder if there is a way to allow Plugin Manager to install modules, having the port 21 closed somehow?

    Read the article

  • Secure, efficient, version-preserving, filename-hiding backup implemented in this way?

    - by barrycarter
    I tried writing a "perfect" backup program (below), but ran into problems (also below). Is there an efficient/working version of this?: Assumptions: you're backing up from 'local', which you own and has limited disk space to 'remote', which has infinite disk space and belongs to someone else, so you need encryption. Network bandwidth is finite. 'local' keeps a db of backed-up files w/ this data for each file: filename, including full path file's last modified time (mtime) sha1sum of file's unencrypted contents sha1sum of file's encrypted contents Given a list of files to backup (some perhaps already backed up), the program runs 'find' and gets the full path/mtime for each file (this is fairly efficient; conversely, computing the sha1sum of each file would NOT be efficient) The program discards files whose filename and mtime are in 'local' db. The program now computes the sha1sum of the (unencrypted contents of each remaining file. If the sha1sum matches one in 'local' db, we create a special entry in 'local' db that points this file/mtime to the file/mtime of the existing entry. Effectively, we're saying "we have a backup of this file's contents, but under another filename, so no need to back it up again". For each remaining file, we encrypt the file, take the sha1sum of the encrypted file's contents, rsync the file to its sha1sum. Example: if the file's encrypted sha1sum was da39a3ee5e6b4b0d3255bfef95601890afd80709, we'd rsync it to /some/path/da/39/a3/da39a3ee5e6b4b0d3255bfef95601890afd80709 on 'remote'. Once the step above succeeds, we add the file to the 'local' db. Note that we efficiently avoid computing sha1sums and encrypting unless absolutely necessary. Note: I don't specify encryption method: this would be user's choice. The problems: We must encrypt and backup 'local' db regularly. However, 'local' db grows quickly and rsync'ing encrypted files is inefficient, since a small change in 'local' db means a big change in the encrypted version of 'local' db. We create a file on 'remote' for each file on 'local', which is ugly and excessive. We query 'local' db frequently. Even w/ indexes, these queries are slow, since we're often making one query for each file. Would be nice to speed this up by batching queries or something. Probably other problems that I've now forgotten.

    Read the article

  • What is the most secure way to allow a user read access to a log file?

    - by gAMBOOKa
    My application requires read access to /var/log/messages, which belongs to user and group root. What is the minimal exposure level required on /var/log/messages so my application can read it? Presently, my plan is to change the group ownership of /var/log/messages to a new group, and add root and my application user to it, but this would also give the application write privileges to /var/log/messages. OS: Centos 5.5

    Read the article

  • What is the best way to secure MySQL data on a laptop *without* whole-disk-encryption?

    - by GJ
    I need to have the mysql data on my laptop stored in an encrypted state so that in case of the laptop being lost/stolen it will extremely difficult to recover the data without the password. I don't wish to use whole disk encryption, due to the performance impact it will have on other disk-intensive programs' usage. What could be the ideal solution for me balancing security and performance? Thanks!

    Read the article

  • Is it secure to store the cert/key on a private AMI?

    - by Phillip Oldham
    Are there any major security implications to bundling a private AMI which contains the private key/certificate & environment variables? For resiliency I'm creating an EC2 image which should be able to boot and configure itself without any intervention. After boot it will attempt to: Attach & mount specific EBS volume(s) Associate a specific Elastic IP Start issuing backups of the EBS volume(s) to S3 However, to do this it will need the private key/pem files and will need certain environment variables to be available on start-up. Since this is a private AMI I'm wondering if it will be "safe" to store these variables/files directly in the image so that I don't need to specify any user-data information and can therefore start a new instance remotely (from my iPhone, if needed) should the instance be terminated for any reason.

    Read the article

  • Running a webserver behind a firewall, is it secure?

    - by i.am.intern
    Currently we have a Linux-based firewall which NAT-ing our public IP address to give internet access to our staff's PCs and a Windows Server 2003 for internal filesharing. I want to host Redmine/SVN (a bugtracker) internally behind this firewall using a Linux server. This webserver will be accessed by our clients externally so they can post bug reports. This means that I have to open port 80 & 22 at the firewall to give access to the webserver and me to SSH it from home. However, let's say I'm using password-based SSH for the webserver and somebody cracked it. Does that mean the cracker could ping and access other servers and PCs in the network?

    Read the article

  • How to set up Drupal Plugin Manager on MAMP in a secure way?

    - by Andrei
    Hi, I use MAMP PRO as global webserver. First of all, is it a good idea? Secondly, my objective is to run a Drupal website with as easy management as possible. Now I want to use Plugin Manager module to install additional modules and themes for my website. It wants to use ftp for that, and I know that if I open access to FTP port then IT-department guys will come to me and ask to shut it down. So I wonder if there is a way to allow Plugin Manager to install modules, having the port 21 closed somehow?

    Read the article

  • SFTP, SCP, Secure Webdav: which is the most suitable ?

    - by Xavier Maillard
    Hi, currently, I am hosting a webdav share setup in order to store files I need anywhere I am. It is available via HTTPS. Things are that I do not need all the HTTP machinery -i.e. my nginx http server is only there for this webdav folder. I am not sure I made the best choice. My requirements on the client side are: secured transfers mountable as a network drive at work with 'near realtime sync' usable for any OS I could use (including my mobile (android)) At first, I chose webdav since it would pass through my work proxy (which refuses all that is not on HTTP/S (port 80 or 443)). Today, I am not satisfied with the setup and even if nginx memory footprint is pretty small, its webdav support is not really "clean" and full. What would you recommend between SFTP, SCP and the current webdav solution ? I think SFTP is the closest solution but I still have to find out how to pass through my proxy ;) SCP seems quite limited as I read about it (only file transfers if I read right). Cheers

    Read the article

  • How can one keep secure regular backups of his desktop on a remote server through aDSL? [on hold]

    - by Antonis Christofides
    I'm a system administrator and I use rsnapshot to backup some servers, duplicity for some others. Both work fine, each one with advantages and disadvantages. Despite that, I am at a loss on how to backup my own private files. I'd use duplicity to automatically backup my files to a remote server; but the problem is that once in a while I must do a full backup. My emails and important files are 9G, and I expect this to increase. Uploading through aDSL at 1Mbit would be 20 hours. Too much. rsnapshot doesn't require periodic full backups (only the first time), but it must be running on the remote server and have a means to connect to my computer; if the server is compromised (or simply if the NSA decides to use it), my own machine is also compromised. Not good. The only solution I've come up with is use encfs, use unison to synchronize the files to a remote server, and use duplicity or rsnapshot on the remote server to backup these files. In that case, the question is whether I can sync the files on many computers; is it possible for encfs to be used with the same key on many computers? I also think that if I append one character to the unencrypted file, its encrypted encfs counterpart might change a lot, so that incrementals with duplicity would be less efficient—but not a big deal. Maybe also, when I need to restore a file, finding the correct file to restore could be a pain, because of filename encryption. I wonder whether there is any other possibility that I've overlooked. Maybe I'm asking too much for my personal use, and I should settle with an external disk?

    Read the article

  • Is WinRT really as secure as it's made out to be?

    - by IDWMaster
    Prior to releasing Windows 8, Microsoft claimed that all WinRT apps are cleanly removed from your computer after uninstalling them, and that WinRT apps should not interfere with other running applications, because they are ran in a "sandboxed" environment. Microsoft has also claimed numerous times on Channel9 that Windows 8 apps are not ran in a VM. So my question is; are these claims accurate? If the application is not running inside of a VM, how is it possible to protect the system against malicious code at runtime, assuming the attacker was able to bypass the screening process of the Windows Store system? Microsoft allows "native code" in WinRT apps, so wouldn't it be possible (using hand-coded assembly or some odd pointer manipulation trick to call functions outside of the sandboxed environment and interfere with the rest of the system, if it's really "native code" and not some VM?

    Read the article

  • How to secure Apache for shared hosting environment? (chrooting, avoid symlinking...)

    - by Alessio Periloso
    I'm having problems dealing with Apache configuration: the problem is that I want to limit each user to his own docroot (so, a chroot() would be what I'm looking for), but: Mod_chroot works only globally and not for each virtualhost: i have the users in a path like the following one /home/vhosts/xxxxx/domains/domain.tld/public_html (xxxxx is the user), and can't solve the problem chrooting /home/vhosts, because the users would still be allowed to see each other. Using apache-mod-itk would slow down the websites too much, and I'm not sure if it would solve anything Without using any of the previous two, I think the only thing left is avoiding symlinking, not allowing the users to link to something that doesn't belong to them. So, I think I'm going to follow the third point but... how to efficiently avoid symlinking while still keeping mod_rewrite working?! The php has already been chrooted with php-fpm, so my only concern is about Apache itself.

    Read the article

  • Apache and fastcgi - How to secure an Apache server with fastcgi enabled?

    - by skyeagle
    I am running a headless server on Ubuntu 10.x. I am running Apache 2.2. I am writing a fastcgi application for deployment on the server. I remember reading a while back (I could be wrong) that running CGI (and by implication fastcgi) on a server, can provide 'backdoors' for potential attackers - or at the very least, could compromise the server if certain security measurements are not taken. My questions are: what are the security 'gotcha's that I have to be aware of if I am enabling mod_fastcgi on my Apache server? I want to run the fastcgi as a specific user (with restricted access) how do I do this?

    Read the article

  • How secure is using "Normal password" for SMTP with connection type = STARTTLS?

    - by harshath.jr
    I'm using an email client for the first time - for the most part I've always used gmail via the web interface. Now I'm setting up thunderbird to connect to an email server of my own (on my own server, own domain name, etc). The server machine (and the email server on it) was preconfigured for me. Now i figured out away by which I'm able to send and receive email, but I noticed that in the outgoing and incoming servers section, the connection type was STARTTLS (and not SSL/TLS), and the Authentication Type was "Normal Password". Does this mean that the password will be sent across in plain text? I'm very paranoid about security - its the only way that it works for me. Can someone please post links that explain how SMTP (my outbound server) and IMAP (my inbound server) servers work, and what connection type means what? Thanks! PS: If this question does not belong here, please redirect me.

    Read the article

  • Is auto-logon on laptop with encrypted hard drive secure?

    - by Tobias Diez
    I have the complete hdd of my laptop encrypted (with the Windows built-in Bitlocker) and thus have to login two times upon booting (Bitlocker and user account). Since I'm the only person using the computer (and knowing the Bitlocker password), I was thinking about automatically login into the user account to make the boot process smoother and quicker. In which cases/scenarios is this a bad idea and the additional login gives a true additionally layer of security?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >