Search Results

Search found 13454 results on 539 pages for 'ws security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 90/539 | < Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97  | Next Page >

  • Outlook Security Alert following Exchange 2007 upgrade to SP2

    - by desiny
    Following an update to Exchange 2007 sp2 (yes I know very belated) I have an issues when logging onto Outlook. I see the below message... I also had a simlar issues with web access and as I am at home with IIS, this was easily solved. However I did notice that the server contains a number of keys for autodiscover.mycompamy.com, exchange.mycompamy.com etc and it seems that the SP2 upgraded didnt know how to deal with this. As I have a wildcard ssl, I think it would be prudent to remove all other certificates, however in order to stop the nag when opening outlook - what can I do?

    Read the article

  • Protocol Security With PPTP

    - by why
    I find these words in pptp client source : Summary by Peter Mueller PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead. (Posted on [1]2005-08-10 to the [2]mailing list) But as far as i know, there are many people use PPTP as a VPN, because there is no need to install client on windows, what do you think about pptp ?

    Read the article

  • Security of BitLocker with no PIN from WinPE?

    - by Scott Bussinger
    Say you have a computer with the system drive encrypted by BitLocker and you're not using a PIN so the computer will boot up unattended. What happens if an attacker boots the system up into the Windows Preinstallation Environment? Will they have access to the encrypted drive? Does it change if you have a TPM vs. using only a USB startup key? What I'm trying to determine is whether the TPM / USB startup key is usable without booting from the original operating system. In other words, if you're using a USB startup key and the machine is rebooted normally then the data would still be protected unless an attacker was able to log in. But what if the hacker just boots the server into a Windows Preinstallation Environment with the USB startup key plugged in? Would they then have access to the data? Or would that require the recovery key? Ideally the recovery key would be required when booted like this, but I haven't seen this documented anywhere.

    Read the article

  • DNS security (hijacking?)

    - by Jongsma
    I am hosting my website on Linode and am also using their DNS/naming servers. (ns1.linode.com etc.) It occurred to me that I never have had to authenticate that the domain is mine when I added it to the domain to the DNS manager, or at any other point. I now wonder whether it would be possible for other Linode users to 'hijack' my domain by simply adding the same domain zone and pointing it to their own server. I wouldn't know how Linode could determine which are the real/authentic records. How can I be sure this doesn't happen?

    Read the article

  • Security of a free public VPN service

    - by Mark Belli
    I just started using VPNBOOK, which is a (very efficent) free VPN solution. I have a question: VPNBOOK user and pass used to connect to their vpn network are publicily available on their homepage; everybody uses them to connect to the vpn. Can a user intercept my wifi traffic and: Understand that my connections are directed to VPNBOOK servers. If point 1 is successful, then they could use VPNBOOK public user and pass to decrypt my traffic? I hope I am missing something, otherwise it would be a very big weakness and I would revert to a paid service (with a private account)

    Read the article

  • Can't Allow Specific Port in Windows Firewall Advanced Security - Windows 2008

    - by Jody
    In the Outbound Rules, I set up a rule to allow outbound connection from port 26. But, it doesn't work. However, if I allow "all port" for this rule, this will work, but then all ports will be allowed too. What is the reason? Is there any conflicting rule? I need to fix this as soon as possible. -Edit to add : I'm trying to allow email access to mail server outside (port 26). The thing is, even if I telnet using port 26, it will not work, unless I allow "all ports". Specific port will not do.

    Read the article

  • Network Security Device/Software

    - by Campo
    We currently run Symantec Antivirus Corporate 10.2. The software is really easy to manage on a network but the actual virus detection isn't bad but the malware detection is crap. We recently were infected with a email bot that got us put on some block lists. This has been resolved. I cannot have that happen again. I would like to find a program as easy to manage as symantec that I can install on all the user's workstations as well as the servers. We run a windows 2003 domain. We have a couple 2008 test servers in the environment. Most of the workstations are xp though I am using windows 7 and symantect is not compatible with this OS... So we need a solution that would cover all those operating systems. If it could be installed on macs too that would be a bonus though not necessary at all. This software must detect: Viruses AND Malware I am looking for something that combines the features in anti-malware programs like malwarebytes or spybot with an antivirus program like symantec or AVG. Alternatively if there is a piece of hardware that is a firewall, router, and packet inspection for virus/spam that would be the most ideal solution. I then could supplement with a piece of software that could pickup what the hardware misses. Thank you for your suggestions.

    Read the article

  • ConfigServer Security and Firewall -- after setup, how much daily management required?

    - by Hope4You
    I'm looking at using ConfigServer Security and Firewall (CSF; iptables-based). After I configure it properly, how much daily ongoing management is required of me to keep my server secure? Am I going to be flooded with "alert" emails that I need to check? Or does the firewall automatically take care of most security threats for me? Note: I understand that there's more to server security than just a software firewall, but this question is specifically for CSF security management.

    Read the article

  • Remove applications from Security -> Privacy -> Contacts list

    - by noloader
    I have a few applications that want access to my contacts. I don't really use contacts, and I don't want applications entitled to the information. I've unchecked the appropriate box, but I'd like to remove the application from the list: I've got a couple of applications under Location Services, too (including one Wifi stumbler application that's no longer installed). What plist do I modify to remove the applications from the list?

    Read the article

  • Security Issue with Active Directory

    - by Will McCloskey
    The retard who was on the built-in Administrator login somehow (and this is what I'm guessing being as he is not here and I was not present when this occurred - Supposedly it was an "ACCIDENT") Denied the built-in Administrator account and every other account except for his personal one access to our domain - ie "Example.net" not just active directory or anything. I've been trying for literally 2 hours to find some sort of way to take control of the domain through the built-in Admin account with no success; I can't even open Active Directory. I'm not aloud to open DSA.MSC and there's no way for me to take ownership. Any ideas?

    Read the article

  • Security: Managing network shares remotely on Ubuntu?

    - by Industrial
    Hi everyone, I am about to setup a home network server running Ubuntu Server and I'm currently a bit worried about how to handle network shares and permissions in a good way. After working a bit lately with Netgears ReadyNAS's units, I have become really spoiled with how easy it was to set up network shares and giving a specific user different levels of network access to a specific share (forbidden access, read, read/write). How would I accomplish the same with my Ubuntu server through SSH? Thanks a lot

    Read the article

  • Windows 7 security and Avast antivirus turned off by themself

    - by Simon Verbeke
    I was just browsing around when at once I got messages that UAC, windows defender, Avast, etc. got turned off, without me doing anything. Then my PC turned by itself. I'm now running virus scans and I checked my eventlogs, but found nothing yet. Windows Update also failed to install a new definition after I rebooted. Any idea what this could've been? EDIT: Forgot to mention that everything was turned on again after rebooting. I have since the reboot got nothing abnormal.

    Read the article

  • Bypass insane corporate security system

    - by user1665154
    I'm searching for a posibility to bypass the "Firewall" for 3-4 days. I've tried everything I know, so I ask here for a answer. We have no admin rights and the OS is Windows Vista There is an HTTP Proxy with NTML Authentication (only way to access the internet) It requires a username and password We use smart cards, in fact I have only a user number and a pin. Port 80 and 443 are open - I have an SSH server at home which is listening on port 443 The problem is that I need this proxy to connect to anything. Internet access only works in IE, Chrome, Firefox when I set the proxy settings to "use system proxy settings", "proxy-autoconfig (proxy.pac)" or when I enter the proxy inside the proxy.pac file. However I can't understand where they take the username and password which the Proxy requires. What I've tried was using cntlm to connect to the proxy with authentication (altought I have no PW and username) and PuTTY to create the SSH tunnel over port 443 whit the SOCKS Proxy which I've created with cntml. I've never found some SSH client which includes a "use system proxy settings" function.

    Read the article

  • Fastest security check of file tree on NFS

    - by fungs
    I am currently experiencing very bad performance using the following on an NFS network folder: time find . | while read f; do test -L "$f" && f=$(readlink -m $f); grp="$(stat -c %G $f)"; perm="$(stat -c %A $f)"; done Question 1) Within the loop permissions are checked using the variables grp and perm. Is there a way to lower the amount of disc I/O for these kind of checks over the network (e.g. read all meta data at once using find)? Question 2) It seems like the NFS isn't tuned very well, the same operation on a similar network link via SSHFS take only one third of the time. All parameters are auto-negotiated. Any suggestions?

    Read the article

  • Security against IP spoofing [on hold]

    - by user1369975
    I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try to bring the services down and access the fake services. These ports adopt a blocking process of a connection request and record the IP and port of the client. These are logged and aren't granted access on service on port 80. But what to do if the client spoofs his IP? How can I modify my system?

    Read the article

  • joomla and allow_url_fopen [closed]

    - by liz
    so i have been reading of the pros and cons of allowing: allow_url_fopen. but i am still confused. after a recent hacking incident (which i believe had nothing to do with allow_url_fopen) my host turned allow_url_fopen off. so the thing i dont get is, in joomla 2.5.x there is an updating feature.you can search for new versions and be notified if things are out of date. there is a big security hole if joomla or its extensions get out of date. But the catch it needs allow_url_fopen turned on. so why did joomla build a security risk into a feature to improve security??is it okay to turn allow_url_fopen on and have the updating feature? to clarify: my question is. i have Joomla installed. I have CURl installed. when i run the discover updates through NATIVE joomla i get a request for fopen. shouldn't i not need to enable a security risk? i am running version 2.5.8 of joomla.

    Read the article

  • Browser window popups - risks and special features

    - by Sandeepan Nath
    1. What exactly is the security risk with popups? The new browsers provide settings to block window popups (on blocking, sites with active popups display a message to user). What exactly is the security risk with popups? If allowing popups can execute something dangerous, then the main window can too. Is it not the case. I think I don't know about some special powers of window popups. 2. Any special features of popup windows? Take for example the HDFC bank netbanking site. The entire netbanking session happens in a new window popup and a user neither manually edit the URL or paste the URL in the main browser window. it does not work. Is a popup window needed for this feature? Does it improve security? (Asking because everything that is there in this site revolves around security - so they must have done that for a reason too). Why otherwise they would implement the entire netbanking on a popup window? 3. Is it possible to override browser's popup blocking settings Lastly, the HDFC site succcessfully displays popup window even when in the browser settings popups are blocked. So, how do they do it? Is that a browser hack? To see this - go to http://hdfcbank.com/ Under the "Login to your account" section select "HDFC Bank NetBanking" and click the "Login" button. You can verify that even if popups are blocked/popup blocker is enabled in the browser settings, this site is able to display popups. The answers to this question say that it is not possible to display popup windows if it has been blocked in browser settings. Solved Concluded with Pointy's solution and comments under that. Here is a fiddle demonstrating the same.

    Read the article

  • How should I secure my webapp written using Wicket, Spring, and JPA?

    - by Martin
    So, I have an web-based application that is using the Wicket 1.4 framework, and it uses Spring beans, the Java Persistence API (JPA), and the OpenSessionInView pattern. I'm hoping to find a security model that is declarative, but doesn't require gobs of XML configuration -- I'd prefer annotations. Here are the options so far: Spring Security (guide) - looks complete, but every guide I find that combines it with Wicket still calls it Acegi Security, which makes me think it must be old. Wicket-Auth-Roles (guide 1 and guide 2) - Most guides recommend mixing this with Spring Security, and I love the declarative style of @Authorize("ROLE1","ROLE2",etc). I'm concerned about having to extend AuthenticatedWebApplication, since I'm already extending org.apache.wicket.protocol.http.WebApplication, and Spring is already proxying that behind org.apache.wicket.spring.SpringWebApplicationFactory. SWARM / WASP (guide) - This looks the newest (though the main contributor passed away years ago), but I hate all of the JAAS-styled text files that declare permissions for principals. I also don't like the idea of making an Action class for every single thing a user might want to do. Secure models also aren't immediately obvious to me. Plus, there isn't an Authn example. Additionally, it looks like lots of folks recommend mixing the first and second options. I can't tell what the best practice is at all, though.

    Read the article

  • What prevents a user from adding controls to an ASP.NET page client side?

    - by Curtis White
    This goes back to my other question which I thought was sufficiently answers but upon reflect am not sure that it was (sorry). Backgrounder: I am generating a form dynamically. I am pulling from the database the controls. I must associate each control with a database ID which is not the user's session id. I do this currently by storing my ID in the ID for the web control with some other stuff to make it unique/clear what I am doing. On the post back, I iterate through all the controls on my web page checking for my special identifier, ie, MyGeneratedTextBox_ID_Unique. This process enables for 2 important steps, identifying the control was one I generated and also getting the ID for this input field. And, all of this works but I'm still concerned about the security of it. I do not see a security issue with showing the actual database ID's in this case, although agree it is not desirable. However, I am concerned of the following possibilities: If a user could add a nefarious control to my collection and use that for a SQL injection attack. More academic, but if a user could somehow store data for fields they do not have access too by changing the id's. I agree this is a "hack" of a way to do it. But my question is, is it a security risk and is there an 'easy' way to do it in a less hack way? I assume that only the controls that are created/instantiated on the page are added to the controls list.. thus all controls must be created server side and thus the security issue is address but just wanted to validate. Thanks again. PS: I could see adding a property for each control and encrypting the viewstate would be a little more secure.

    Read the article

  • Using VLANs/subnetting to separate management from services?

    - by YouAreTheHat
    Background: I recently purchased a server and a managed switch for my home in the hopes of getting more experience and some fun toys to play with. The devices and appliances I either have or plan to have cover a broad spectrum: router, DD-WRT AP, Dell switch, OpenLDAP server, FreeRADIUS server, OpenVPN gateway, home PCs, gaming consoles, etc. I intend to segment my network with VLANs and associated subnets (e.g., VID10 is populated by devices on 192.168.10.0/24). The idea is to secure the more sensitive appliances by forcing traffic through my router/FW. Setup: After thinking and planning for some time, I have tentatively decided on 4 VLANs: one for the WAN connection, one for servers, one for home/personal devices, and one for management. In theory, the home VLAN will have limited access to the servers, and the management VLAN will be totally isolated for security. Question: Since I want to restrict access to management interfaces, but some appliances have to be accessible to other devices, is it possible/wise to have only management (SSH, HTTP, RDP) available on one VLAN/IP and only services (LDAP, DHCP, RADIUS, VPN) available on other? Is this a thing that is done? Does it gain me the security I think it does, or hurt me in some way?

    Read the article

  • Windows 7: Windows Firewall: Logging/Notifying on Outgoing Request Attempts

    - by Maxim Z.
    I'm trying to configure Windows Firewall with Advanced Security to log and tell me when programs are trying to make outbound requests. I previously tried installing ZoneAlarm, which worked wonders for me with this in XP, but now, I'm unable to install ZA on Win7. My question is, is it possible to somehow monitor a log or get notifications when a program tries to do that if I set all outbound connections to auto-block, so that I can then create a specific rule for the program and block it.? Thanks! UPDATE: I've enabled all the logging options available through the Properties windows of the Windows Firewall with Advanced Security Console, but I am only seeing logs in the %systemroot%\system32\LogFiles\Firewall\pfirewall.log file, not in the Event Viewer, as the first answer suggested. However, the logs that I can see only tell me the request's or response's destination IP and whether the connection was allowed or blocked, but it doesn't tell me what executable it comes from. I want to find out the file path of the executable that each blocked request comes from. So far, I haven't been able to.

    Read the article

  • What to do before connecting Ubuntu Server to the internet for the first time?

    - by CodeMonkey
    I just finished installing Ubuntu Server 12.10 on an Asus Eee PC 1000H (to be used as a home server/sandbox) from USB. I installed this software during installation: OpenSSH server LAMP server Samba file server Virtual Machine host I won't use 2, 3 or 4 for a while though. Can/should I turn these off somehow? I have turned home directory encryption on. Security updates are installed automatically. I have chosen a strong password for the single user. I have never plugged in the internet cable so far. Before doing so I'd like to ask: What can/should I do/install to increase security before connecting to the internet? Firewall? Fail2ban? Users/Passwords? Encryption? Enable/Disable functionality? etc. I'm sorry if you get this question a lot. I've searched around quite a while, but it still feels like I might overlook something important.

    Read the article

  • Password Cracking Windows Accounts

    - by Kevin
    At work we have laptops with encrypted harddrives. Most developers here (on occasion I have been guilty of it too) leave their laptops in hibernate mode when they take them home at night. Obviously, Windows (i.e. there is a program running in the background which does it for windows) must have a method to unencrypt the data on the drive, or it wouldn't be able to access it. That being said, I always thought that leaving a windows machine on in hibernate mode in a non-secure place (not at work on a lock) is a security threat, because someone could take the machine, leave it running, hack the windows accounts and use it to encrypt the data and steal the information. When I got to thinking about how I would go about breaking into the windows system without restarting it, I couldn't figure out if it was possible. I know it is possible to write a program to crack windows passwords once you have access to the appropriate file(s). But is it possible to execute a program from a locked Windows system that would do this? I don't know of a way to do it, but I am not a Windows expert. If so, is there a way to prevent it? I don't want to expose security vulnerabilities about how to do it, so I would ask that someone wouldn't post the necessary steps in details, but if someone could say something like "Yes, it's possible the USB drive allows arbitrary execution," that would be great! EDIT: The idea being with the encryption is that you can't reboot the system, because once you do, the disk encryption on the system requires a login before being able to start windows. With the machine being in hibernate, the system owner has already bypassed the encryption for the attacker, leaving windows as the only line of defense to protect the data.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97  | Next Page >