Search Results

Search found 22238 results on 890 pages for 'db security'.

Page 161/890 | < Previous Page | 157 158 159 160 161 162 163 164 165 166 167 168  | Next Page >

  • Exchange 2003 default permissions for ANONYMOUS LOGON and Everyone

    - by Make it useful Keep it simple
    ANONYMOUS LOGON and Everyone have the following top level permissions in our Exchange 2003 Server: Read Execute Read permissions List contents Read properties List objects Create public folder Create named properties in the information store Are these the "default" settings? In particular, are the "Read" and "Execute" permissions a problem? We have a simple small business setup, Outlook clients connect to the server on the local network, OWA is used from outside the network for browser and smartphone access. Thanks

    Read the article

  • LDAP for privilege control?

    - by neoice
    I've been wondering for a while if LDAP can be used to control user privileges. For example, if I have UNIX and web logins, is there an easy way to grant a user access to just or just UNIX (or even both?) My current attempt at solving this very problem was to create 'login' and 'nologin' groups, but this doesn't seem fine-grained enough to meet the ideas I have in my head. I'm also still in the situation where all UNIX users are web users, which isn't a problem so much as an indicator of the limitations. Does anyone have any input on this? Has this problem already been solved?

    Read the article

  • Encrypt LAN and wifi traffic on small private network

    - by Grimlockz
    I need some advice about encrypt all traffic on a small private network running wi-fi and LAN traffic on 192.168.0.x network. The network would comprise of client laptops connecting to the wi-fi router (192.168.0.254) via ethernet connection or wireless. The main purpose of the server is for the client laptops to talk to two servers on different IP's (192.168.0.200 and 192.168.0.201) on ports 80 and 433. My main concern is having packet sniffers and what not getting access to the data. The only ways I see at the moment is to have VPN running on the network or use IPSec policy's to do this. Any other ways guys?

    Read the article

  • What permissions / ownership to set on PHP Sessions Folder when running FastCGI / PHP-FPM (as user "nobody")?

    - by Professor Frink
    I'm having trouble getting a number of scripts running because PHP-FPM can't write to my session folder: "2009/10/01 23:54:07 [error] 17830#0: *24 FastCGI sent in stderr: "PHP Warning: Unknown: open(/var/lib/php/session/sess_cskfq4godj4ka2a637i5lq41o5, O_RDWR) failed: Permission denied (13) in Unknown on line 0 PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading upstream" Obviously this is a permission issue; my session folder's owner/group is the webserver's user, NGINX. PHP-FPM runs as nobody though, and hence adding it to the nginx group is not so trivial. A temporary solution is to set the permissions of /var/lib/php/session to 777 - I have a feeling that's not the "best practice" though. What is the best practice when you need to assign a daemon write access to a folder, but it is running as nobody ?

    Read the article

  • hard drive forensics tool for linux

    - by Jack
    I am looking for an application I used in 2001. It was a curses application that displayed devices or files in hexadecimal format, and allowed searching through them and other functionality. I can't find anything remotely like this, does anyone have an idea?

    Read the article

  • Is there an apache module to slow down site scans?

    - by florin
    I am administering a few web servers. Each night, random hosts from the Internet are probing them for various vulnerabilities in php, phpadmin, horde, mysqladmin, etc. Is there a way (apache plugin?) to slow down the rate of attack? For SSH, I have a rate limiting rule on the firewall, which does not allow more than three connections per minute. But I don't want to rate limit all HTTP access, only the access that returns 404s. Is there such an apache module?

    Read the article

  • Why do we need Hash by key? [migrated]

    - by Royi Namir
    (i'm just trying to find what am I missing...) Assuming John have a clear text message , he can create a regular hash ( like md5 , or sha256) and then encrypt the message. John can now send Paul the message + its (clear text)hash and Paul can know if the message was altered. ( decrypt and then compare hashes). Even if an attacker can change the encrpyted data ( without decrypt) - - when paul will open the message - and recalc the hash - it wont generate the same hash as the one john sent him. so why do we need hash by key ?

    Read the article

  • Possible DNS Injection and/or SSL hijack?

    - by Anthony
    So if I go to my site without indicating the protocol, I'm taken to: http://example.org/test.php But if I go directly to: https://example.org/test.php I get a 404 back. If I go to just: https://example.org I get a totally different site (a page about martial arts). I went to the site via https not very long ago (maybe a week?) and it was fine. This is a shared server, as I understand it, and I do not have shell access, so I'm limited to the site's CPanel to do any further investigations. But when I go to: example.org:2083 I'm taken to https://example.org:2083, which, if someone has taken over the SSL port, could mean they have taken over the 2083 part as well (at least in my paranoid mind). I'm made more nervous by the fact that the cpanel login page at the above address looks very new (better, really) compared to the last time I went to it over the weekend. It's possible that wires got crossed somewhere after a system update, but I don't want to put in my name username and password in case it's a phishing attempt. Is there any way to know for sure without shell access to know for sure if someone has taken over? If I look up the IP address for the host name, the IP address matches what I have on a phpinfo page I can get to over http. If I go to the IP address directly on port 2083, I get the same login mentioned above (new and and suspiciously nice). But the SSL cert shows as good when I go this route. So if that's the case (I know the IP is right, the cert checks out, and there isn't any DNS involved), is that enough to feel safe at that point of entry? Finally, if I can safely log in via the IP, does anyone have any advice on where to check first on CPanel for why the SSL port is forwarding to a site on karate? Thanks.

    Read the article

  • Windows 7 admin denied access to taskmgr, system32 dir

    - by DotNet Zebra
    I have a Windows 7 (32-bit) box with 2 users, both admins (my wife and I are both developers). My admin account was created during Windows setup, hers was created later. Both accounts are in the same groups, yet we have VERY different permissions. In the beta and RC, both accounts worked identically (RC to RTM was a fresh install on this box, not an upgrade). I have a C:\bin folder with the sysinternals utilities and a bunch of other stuff. Running anything in there or in system32 just works on my account, on hers I get access denied errors (cannot access file or path). If I right click and try Run As Administrator, I still get the same thing!!!

    Read the article

  • Using SSLv3 - Enabling Strong Ciphers Server 2008

    - by Igor K
    I've disabled SSLv2 and SSLv3 is on. However I cannot connect to a remote server which fails with The client and server cannot communicate, because they do not possess a common algorithm Ran an SSL check (http://www.serversniff.net/sslcheck.php) on the remote server and ours, and noticed none of the ciphers they accept we have on our server. How can this be configured? (Windows Web Server 2008) Remote Server Accepted SSL ciphers: DHE-RSA-AES256-SHA AES256-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA AES128-SHA Our server by default accepts: DES-CBC3-SHA RC4-SHA RC4-MD5

    Read the article

  • How to protect an OS X Server from an unauthorized physical connection?

    - by GJ
    Hi I have an OS X 10.6 server, which I administer via SSH and VNC (via SSH tunnel). I can't leave it at the login window since then VNC connections are refused. Therefore I currently leave it logged with my user account. Since it doesn't have a monitor attached, it doesn't go into screen saver mode, which means it doesn't require a password to retake control. This means it is very easy for anyone connecting a keyboard/mouse and monitor to take control of the system. The screen saver password protection, which I can't get to activate, unlike the system's login window, is perfectly compatible with VNC connections. How could I prevent such direct access to the server without connecting a monitor and without blocking my ability to connect with VNC? Thanks!

    Read the article

  • Do proxies really provide anonymity?

    - by Somebody still uses you MS-DOS
    Do web proxies really provide anonymity? I mean, without someone asking for logs in a web proxy server for who/when connected, is it impossible to know who was behind that IP address? I'm asking this because I heard somewhere that some technologies (like "flash") bypass personal IP information for requests or something like that. (I'm a noob in server configuration and concepts like DNS and proxies. Thanks!)

    Read the article

  • How to stop registration attempts on Asterisk

    - by Travesty3
    The main question: My Asterisk logs are littered with messages like these: [2012-05-29 15:53:49] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:50] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:55] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:55] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:53:57] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device <sip:[email protected]>;tag=cb23fe53 [2012-05-29 15:53:57] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device <sip:[email protected]>;tag=cb23fe53 [2012-05-29 15:54:02] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 15:54:03] NOTICE[5578] chan_sip.c: Registration from '<sip:[email protected]>' failed for '37.75.210.177' - No matching peer found [2012-05-29 21:20:36] NOTICE[5578] chan_sip.c: Registration from '"55435217"<sip:[email protected]>' failed for '65.218.221.180' - No matching peer found [2012-05-29 21:20:36] NOTICE[5578] chan_sip.c: Registration from '"1731687005"<sip:[email protected]>' failed for '65.218.221.180' - No matching peer found [2012-05-30 01:18:58] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=dEBcOzUysX [2012-05-30 01:18:58] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=9zUari4Mve [2012-05-30 01:19:00] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=sOYgI1ItQn [2012-05-30 01:19:02] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=2EGLTzZSEi [2012-05-30 01:19:04] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=j0JfZoPcur [2012-05-30 01:19:06] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=Ra0DFDKggt [2012-05-30 01:19:08] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=rR7q7aTHEz [2012-05-30 01:19:10] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=VHUMtOpIvU [2012-05-30 01:19:12] NOTICE[5578] chan_sip.c: Sending fake auth rejection for device "unknown" <sip:[email protected]>;tag=JxZUzBnPMW I use Asterisk for an automated phone system. The only thing it does is receives incoming calls and executes a Perl script. No outgoing calls, no incoming calls to an actual phone, no phones registered with Asterisk. It seems like there should be an easy way to block all unauthorized registration attempts, but I have struggled with this for a long time. It seems like there should be a more effective way to prevent these attempts from even getting far enough to reach my Asterisk logs. Some setting I could turn on/off that doesn't allow registration attempts at all or something. Is there any way to do this? Also, am I correct in assuming that the "Registration from ..." messages are likely people attempting to get access to my Asterisk server (probably to make calls on my account)? And what's the difference between those messages and the "Sending fake auth rejection ..." messages? Further detail: I know that the "Registration from ..." lines are intruders attempting to get access to my Asterisk server. With Fail2Ban set up, these IPs are banned after 5 attempts (for some reason, one got 6 attempts, but w/e). But I have no idea what the "Sending fake auth rejection ..." messages mean or how to stop these potential intrusion attempts. As far as I can tell, they have never been successful (haven't seen any weird charges on my bills or anything). Here's what I have done: Set up hardware firewall rules as shown below. Here, xx.xx.xx.xx is the IP address of the server, yy.yy.yy.yy is the IP address of our facility, and aa.aa.aa.aa, bb.bb.bb.bb, and cc.cc.cc.cc are the IP addresses that our VoIP provider uses. Theoretically, ports 10000-20000 should only be accessible by those three IPs.+-------+-----------------------------+----------+-----------+--------+-----------------------------+------------------+ | Order | Source Ip | Protocol | Direction | Action | Destination Ip | Destination Port | +-------+-----------------------------+----------+-----------+--------+-----------------------------+------------------+ | 1 | cc.cc.cc.cc/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 10000-20000 | | 2 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 80 | | 3 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 2749 | | 4 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 443 | | 5 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 53 | | 6 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1981 | | 7 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1991 | | 8 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 2001 | | 9 | yy.yy.yy.yy/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 137-138 | | 10 | yy.yy.yy.yy/255.255.255.255 | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 139 | | 11 | yy.yy.yy.yy/255.255.255.255 | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 445 | | 14 | aa.aa.aa.aa/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 10000-20000 | | 17 | bb.bb.bb.bb/255.255.255.255 | udp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 10000-20000 | | 18 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1971 | | 19 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 2739 | | 20 | any | tcp | inbound | permit | xx.xx.xx.xx/255.255.255.255 | 1023-1050 | | 21 | any | all | inbound | deny | any on server | 1-65535 | +-------+-----------------------------+----------+-----------+--------+-----------------------------+------------------+ Set up Fail2Ban. This is sort of working, but it's reactive instead of proactive, and doesn't seem to be blocking everything (like the "Sending fake auth rejection ..." messages). Set up rules in sip.conf to deny all except for my VoIP provider. Here is my sip.conf with almost all commented lines removed (to save space). Notice at the bottom is my attempt to deny all except for my VoIP provider:[general] context=default allowguest=no allowoverlap=no bindport=5060 bindaddr=0.0.0.0 srvlookup=yes disallow=all allow=g726 allow=ulaw allow=alaw allow=g726aal2 allow=adpcm allow=slin allow=lpc10 allow=speex allow=g726 insecure=invite alwaysauthreject=yes ;registertimeout=20 registerattempts=0 register = user:pass:[email protected]:5060/700 [mysipprovider] type=peer username=user fromuser=user secret=pass host=sip.mysipprovider.com fromdomain=sip.mysipprovider.com nat=no ;canreinvite=yes qualify=yes context=inbound-mysipprovider disallow=all allow=ulaw allow=alaw allow=gsm insecure=port,invite deny=0.0.0.0/0.0.0.0 permit=aa.aa.aa.aa/255.255.255.255 permit=bb.bb.bb.bb/255.255.255.255 permit=cc.cc.cc.cc/255.255.255.255

    Read the article

  • Cannot access an application folder in Program files

    - by GiddyUpHorsey
    I recently installed Windows 7 Professional 64bit on a new machine. I installed an application using a ClickOnce installer. The application runs fine, but I cannot access the application folder it created in c:\Program files (x86). It bombs with access denied. I try to view the properties on the folder and it takes about 1 minute to display (other folders take 1 second). It says I cannot view any information because I'm not the owner. It doesn't say who the current owner is (instead - Unable to display current owner.) but says I can take ownership. When I try it fails again with Access Denied, even though I have administrative permissions. Why can't I access this folder nor take ownership?

    Read the article

  • Start multiple instances of Firefox

    - by Vi
    How can I have multiple independent instances of Mozilla Firefox 3.5 on the same X server, but started from different user accounts (consequently, different profiles)? Limited success was only with Xephyr :1, DISPLAY=:1 /usr/local/bin/firefox, but Xephyr has no Cygwin/X's "rootless" mode so it's not comfortable (see other question). The idea is to have one Firefox instance for various "Serious Business" things and the other for regular browsing with dozens of add-ons securely isolated.

    Read the article

  • Lock System when certain hardware is removed

    - by er4z0r
    Hi all, I am working at a company where you are suppused to lock your screen whenever you leave your desk alone for a few minutes. Now I wondered if there is a nifty little tool that would lock my screen once a certain device is removed from the system. The ideal thing would of course be to have a short-range transmitter that causes the screen to be locked once it goes out of range. But for now I would also stick with removing a pen-drive from my laptop. I am pretty sure this is feasible. I just wan't to know if there are any preexistent projects.

    Read the article

  • How to create a password-less service account in AD?

    - by Andrew White
    Is it possible to create domain accounts that can only be accessed via a domain administrator or similar access? The goal is to create domain users that have certain network access based on their task but these users are only meant for automated jobs. As such, they don't need passwords and a domain admin can always do a run-as to drop down to the correct user to run the job. No password means no chance of someone guessing it or it being written down or lost. This may belong on SuperUser ServerFault but I am going to try here first since it's on the fuzzy border to me. I am also open to constructive alternatives.

    Read the article

  • SELinux adding new allowed samba type to access httpd_sys_content_t?

    - by Josh
    allow samba_share_t httpd_sys_content_t {read execute getattr setattr write}; allow smbd_t httpd_sys_content_t {read execute getattr setattr write}; I am taking a stab in the dark with resources I've looked at, at various places that the above policies are what I want. I basically want to allow Samba to write to my web docs without giving it free access to the operating system. I read a post by a NSA rep saying the best way was defining a new type and allowing both samba and httpd access. Setting the content to public content (public_content_rw_t) does not work without making use of some unrestrictive booleans. To state this in short, how do I allow samba to access a new type?

    Read the article

  • Isolate user from the rest of the system..?

    - by Shiki
    There is a non-techsavvy user, who doesn't want to learn, and can only use Windows XP or 7. The problem is, that the computer is shared which she would like to use, and the computer stores sensitive, important data. Since she clicks on everything, it's quite a russian roulette. How could I isolate her account from the rest of the system? Like having a profile on the computer (it runs Windows 7 now) which would have the files and other stuff sandboxed? I was thinking of having a dual boot system, but that could compromise the files too, or the boot sector (talking about Windows). Linux is not a way, hence ... see the first line. Is there such a software that can set up a sandboxed environment?

    Read the article

  • What is the difference between /sbin/nologin and /bin/false?

    - by Michael Hampton
    I have often heard it recommended that a user account should be disabled by setting its shell to /bin/false. But, on my existing Linux systems, I see that a great number of existing accounts (all of them service accounts) have a shell of /sbin/nologin instead. I see from the man page that /sbin/nologin prints a message to the user saying the account is disabled, and then exits. Presumably /bin/false would not print anything. I also see that /sbin/nologin is listed in /etc/shells, while /bin/false is not. The man page says that FTP will disable access for users with a shell not listed in /etc/shells and implies that other programs may do the same. Does that mean that somebody could FTP in with an account that has /sbin/nologin as its shell? What is the difference here? Which one of these should I use to disable a user account, and in what circumstances? What other effects does a listing in /etc/shells have?

    Read the article

  • Does WD Drive Lock encrypt the data?

    - by ssg
    I wonder if WD Drive Lock ineed encrypts the data on a Western Digital My Book Essential device or just puts a firmware-level password on the device. If it's just a password the data surely could be retrieved by a third party. I could not find anything on about that on user manuals. I found a blog saying "data is secured with AES256" bla bla but that doesn't say anything about if the password could be compromised or not. Because I don't see any delays when I add/remove the password. On the other hand when I enable BitLocker, it takes hours before it encrypts everything with my password.

    Read the article

  • How do I remove the ServerSignature added by mod_fcgid?

    - by matthew
    I'm running Mod_Security and I'm using the SecServerSignature to customize the Server header that Apache returns. This part works fine, however I'm also running mod_fcgid which appends "mod_fcgid/2.3.5" to the header. Is there any way I can turn this off? Setting ServerSignature off doesn't do anything. I was able to get it to go away by changing the ServerTokens but that removed the customization I had added.

    Read the article

  • WEP/WPA/WPA2 and wifi sniffing

    - by jcea
    Hi, I know that WEP traffic can be "sniffed" by any user of the WIFI. I know that WPA/WPA2 traffic is encrypted using a different link key for each user, so they can't sniff traffic... unless they capture the initial handshake. If you are using a PSK (preshared key) schema, then you recover the link key trivially from this initial handshake. If you don't know the PSK, you can capture the handshake and try to crack the PSK by bruteforce offline. Is my understanding correct so far?. I know that WPA2 has AES mode and can use "secure" tokens like X.509 certificates and such, and it is said to be secure against sniffing because capturing the handshake doesn't help you. So, is WPA2+AES secure (so far) against sniffing, and how it actually works?. That is, how is the (random) link key negociated?. When using X.509 certificates or a (private and personal) passphrase. Do WPA/WPA2 have other sniffer-secure modes beside WPA2+AES? How is broadcast traffic managed to be received by all the WIFI users, if each has a different link key?. Thanks in advance! :).

    Read the article

< Previous Page | 157 158 159 160 161 162 163 164 165 166 167 168  | Next Page >