Search Results

Search found 22238 results on 890 pages for 'db security'.

Page 172/890 | < Previous Page | 168 169 170 171 172 173 174 175 176 177 178 179  | Next Page >

  • Password protect a folder

    - by Lee Treveil
    What are the available options for password protecting a folder? I'm talking about requiring a password to actually access the folder, not just user access rights. Is the third-party software out there secure and stable? What are the recommendations?

    Read the article

  • Is there a filesystem firewall?

    - by Jenko
    Ever since firewalls appeared on the scene, it became hard for rogue programs to access the internet. But you and I know that running applications get unrestricted access to the filesystem. They can read your files and send them to poppa. (programs such as web browsers and IM clients, which are allowed thru the internet firewall) Any way to know which programs are accessing your files? or limit their access to a specific partition?

    Read the article

  • SFTP: How to keep data out of the DMZ

    - by ChronoFish
    We are investigating solutions to the following problem: We have external (Internet) users who need access to sensitive information. We could offer it to them via SFTP which would offer a secure transport method. However, we don't want to maintain the data on server as it would then reside in the DMZ. Is there an SFTP server that has "copy on access" such that if the box in the DMZ were to be compromised, no actual data resided on that box? I am envisioning an SFTP Proxy or SFTP passthrough. Does such a product exist currently?

    Read the article

  • New Secure Website with Apache Reverse Proxy

    - by jtnire
    I wish to set up a new website that will be accessed by users using HTTPS. I think it is good practise to put the "real" web server in a seperate subnet, and then install an Apache Reverse Proxy in a DMZ. My question is, where should I put the SSL cert(s)? Should I a) Use a self-signed cert on the "real" web server, and a proper cert on the reverse proxy? b) Use 2 real certs on both the "real" web server and the reverse proxy? c) Don't use any cert on the "real" web server, and use a proper cert on the reverse proxy? I'd like to use a) or c), if possible. I also don't want anyone's browser complaining of a self-signed cert. Thanks

    Read the article

  • Efficient way to secure tomcat database connections

    - by Greymeister
    Our customer has a problem with database information in plaintext within a server.xml or context.xml file on the Tomcat server. I've looked at several sites like OWASP and it seems like there's no obvious solution. I've also seen things like this wordpress blog which describe implementing a custom Tomcat extension to do this. There must exist some standard implementation(s) already without having to roll your own. Does anyone have experience with such a solution?

    Read the article

  • Change OpenSSH account password in Linux

    - by TK Kocheran
    I suppose that my main Linux user account password serves as my SSH password as well. Is there a way I can modify this? As it turns out, I'd like to have a REALLY secure SSH password for obvious reasons, but a less secure local password, as it makes typing in passwords a heck of a lot easier on a machine. Is there a way I can change my account password in SSH without changing my Linux user password?

    Read the article

  • Our company claims that the DLP system can even monitor the contents of HTTPS traffic, how is this possible?

    - by Ryan
    There is software installed on all client machines for DLP (Data Loss Prevention) and HIPAA compliance. Supposedly it can read HTTPS data clearly. I always thought that between the browser and the server, this was encrypted entirely. How can software sneak in and grab this data from the browser prior to it is encrypted or after it is decrypted? I am just curious as to how this could be possible. I would think that a browser wouldn't be considered very secure if this was possible.

    Read the article

  • How to setup server to accept pem(private RSA key) login w/o password like EC2?

    - by Chandler.Huang
    I am manage a group of VM and I need to setup all vm create a ssh tunnel to a specific host A. One way to do this is append public key of each VM to host's authorized_keys, but I guess I have to do the append each time i create a VM. So I am trying to config host A to accept pem or private key login without passowrd, just like EC2, client can use "ssh -i PEM" to login host A. But I have tried in vain for hours. I create a rsa public/private key and let VM use the private key to login, no matter what I do, host a still ask for password. Is there anything I missed ? Thanks.

    Read the article

  • CPANEL ModSec2 not working with SecFilterSelective

    - by jfreak53
    Ok, I have cPanel/WHM latest on a Dedi, here are my specs on apache: Server version: Apache/2.2.23 (Unix) Server built: Oct 13 2012 19:33:23 Cpanel::Easy::Apache v3.14.13 rev9999 I just ran a re-compile using easyapache as you can see by the date. When running it I made sure that ModSec was selected and it stated in big bold letters something to the effect of If you install Apache 2.2.x you get ModSec 2 So I believed it :) I recompiled, I then ran: grep -i release /home/cpeasyapache/src/modsecurity-apache_2.6.8/apache2/mod_security2.c Hmm, the file is there but grep doesn't output anything, if I run: grep -i release /home/cpeasyapache/src/modsecurity-apache_1.9.5/apache2/mod_security.c I of course get the ModSec 1 version output. But the thing is that ModSec2 is installed since the c file is there. So I continued and put the following in modsec2.user.conf: SecFilterScanOutput On SecFilterSelective OUTPUT "text" Now when I restart Apache I get this error: Syntax error on line 1087 of /usr/local/apache/conf/modsec2.user.conf: Invalid command 'SecFilterScanOutput', perhaps misspelled or defined by a module not included in the server configuration Now supposedly this is supposed to work, I even have it running in ModSec2 on a non-cpanel server setup manually. So I know ModSec2 supports it. Anyone have any ideas? I have asked this question over at cpanel forum and it got nowhere.

    Read the article

  • Get the "source network address" in Event ID 529 audit entries on Windows XP

    - by Make it useful Keep it simple
    In windows server 2003 when an Event 529 (logon failure) occures with a logon type of 10 (remote logon), the source network IP address is recorded in the event log. On a windows XP machine, this (and some other details) are omitted. If a bot is trying a brute force over RDP (some of my XP machines are (and need to be) exposed with a public IP address), i cannot see the originating IP address so i don't know what to block (with a script i run every few minutes). The DC does not log this detail either when the logon attempt is to the client xp machine and the DC is only asked to authenticate the credentials. Any help getting this detail in the log would be appreciated.

    Read the article

  • Avoiding users to corrupt and use a script

    - by EverythingRightPlace
    Is it possible to deny the right to copy files? I have a script which should be executable by others. They are also allowed to read the file (though it would not be a problem to forbid reading). But I don't want the script to be changed and executed. It's not a problem to set those permissions, but one could easily copy, change and run the script. Can this even be avoided? /edit The OS is Red Hat Enterprise Linux Workstation release 6.2 (Santiago).

    Read the article

  • Which linux x86 hardware keystore?

    - by byeo
    I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

    Read the article

  • Windows Console .exe won't run if it's downloaded from the internet

    - by Jason Kester
    I have a nightly job on Windows Server 2003 that automatically updates itself by downloading its .exe from Amazon S3. I've noticed that when it performs the download and tries to run the newly downloaded .exe, it is immediately kicked back to the command line without actually running anything. I can verify this by sticking the new version of the code directly on the server and watching it execute successfully, then uploading it to the "update" server, running the bootstrapper then running the .exe and observing it fail to execute. I can only assume that this is due to Windows protecting me from running code from outside its trusted zone. How does a fella go about configuring it to allow code from this particular external location to execute? Thanks!

    Read the article

  • Explanation of nodev and nosuid in fstab

    - by Ivan Kovacevic
    I see those two options constantly suggested on the web when someone describes how to mount a tmpfs or ramfs. Often also with noexec but I'm specifically interested in nodev and nosuid. I basically hate just blindly repeating what somebody suggested, without real understanding. And since I only see copy/paste instructions on the net regarding this, I ask here. This is from documentation: nodev - Don't interpret block special devices on the filesystem. nosuid - Block the operation of suid, and sgid bits. But I would like a practical explanation what could happen if I leave those two out. Let's say that I have configured tmpfs or ramfs(without these two mentioned options set) that is accessible(read+write) by a specific (non-root)user on the system. What can that user do to harm the system? Excluding the case of consuming all available system memory in case of ramfs

    Read the article

  • linux intrusion detection software

    - by Sam Hammamy
    I have an Ubuntu VPS that I use for practice and deploying prototypes as I am a python developer. I recently started teaching my self sys admin tasks, like installing OpenLDAP. I happened to turn off the ufw firewall for just a minute, and when I ran an netstat command, I saw a foreign ip connected to ssh that I traced to china. I'd like to know a few things: 1) Is there any good network intrusion detection software, such that if any IP that's outside a specific range connects to the VPN, I can be notified? -- I am thinking about scripting this, but I'm pretty sure there's something useful out there and I believe in the wisdom of crowds. 2) How did this person gain access to my server? Is it because my firewall was down? Or is it because they browsed my LDAP directory and from there figured out a way to connect (there was a clear text password in the tree but it wasn't one used by the server's sshd)?

    Read the article

  • Client-side certificates

    - by walshms
    My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works. Now I'm required to generate x509 client-side certificates to issue for this subdomain. I'm following along this page: (http://www.vanemery.com/Linux/Apache/apache-SSL.html), starting with "Creating Client Certificates for Authentication". I've generated the p12 files and successfully imported them into Firefox. When I browse to the site now, I get an error in FireFox that says "The connection to the server was reset while the page was loading." I think my problem is coming from not signing the client-side correctly. When I sign the client-side certificate, I'm using the PEM file (RapidSSL_CA_bundle.pem) from RapidSSL (who we bought the certificate from) for the -CA argument. For the -CAkey argument, I'm using the private key of the server. Is this correct?

    Read the article

  • How to secure Apache for shared hosting environment? (chrooting, avoid symlinking...)

    - by Alessio Periloso
    I'm having problems dealing with Apache configuration: the problem is that I want to limit each user to his own docroot (so, a chroot() would be what I'm looking for), but: Mod_chroot works only globally and not for each virtualhost: i have the users in a path like the following one /home/vhosts/xxxxx/domains/domain.tld/public_html (xxxxx is the user), and can't solve the problem chrooting /home/vhosts, because the users would still be allowed to see each other. Using apache-mod-itk would slow down the websites too much, and I'm not sure if it would solve anything Without using any of the previous two, I think the only thing left is avoiding symlinking, not allowing the users to link to something that doesn't belong to them. So, I think I'm going to follow the third point but... how to efficiently avoid symlinking while still keeping mod_rewrite working?! The php has already been chrooted with php-fpm, so my only concern is about Apache itself.

    Read the article

  • Basic IPTables setup for OpenVPN/HTTP/HTTPS server

    - by Afronautica
    I'm trying to get a basic IPTables setup on my server which will allow HTTP/SSH access, as well as enable the use of the server as an OpenVPN tunnel. The following is my current rule setup - the problem is OpenVPN queries (port 1194) seemed to be getting dropped as a result of this ruleset. Pinging a website while logged into the VPN results in teh response: Request timeout for icmp_seq 1 92 bytes from 10.8.0.1: Destination Port Unreachable When I clear the IPTable rules pinging from the VPN works fine. Any ideas? iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -A INPUT -p tcp --dport 1194 -j ACCEPT iptables -A FORWARD -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT

    Read the article

  • How to disabled password authentication for specific users in SSHD

    - by Nick
    I have read several posts regarding restricting ALL users to Key authentication ONLY, however I want to force only a single user (svn) onto Key auth only, the rest can be key or password. I read How to disable password authentication for every users except several, however it seems the "match user" part of sshd_config is part of openssh-5.1. I am running CentOS 5.6 and only have OpenSSH 4.3. I have the following repos available at the moment. $ yum repolist Loaded plugins: fastestmirror repo id repo name status base CentOS-5 - Base enabled: 3,535 epel Extra Packages for Enterprise Linux 5 - x86_64 enabled: 6,510 extras CentOS-5 - Extras enabled: 299 ius IUS Community Packages for Enterprise Linux 5 - x86_64 enabled: 218 rpmforge RHEL 5 - RPMforge.net - dag enabled: 10,636 updates CentOS-5 - Updates enabled: 720 repolist: 21,918 I mainly use epel, rpmforge is used to the latest version (1.6) of subversion. Is there any way to achieve this with my current setup? I don't want to restrict the server to keys only because if I lose my key I lose my server ;-)

    Read the article

  • Our server hosting provider asked for our root password

    - by Andreas Larsson
    I work at a company that develops and hosts a small business critical system. We have an "Elastic cloud server" from a professional hosting provider. I recently got an email from them saying that they've had some problems with their backup solution and that they needed to install a new kernel. And they wanted us to send them the root password so they could do this work. I know that the email came from them. It's not [email protected] or anything like that. I called them and asked them about this, and they were like "yep, we need the password to do this". It just seems odd to send the root password over email like this. Do I have any reason to be concerned?

    Read the article

  • How to detect/list rogue computers connected to a WIFI network without access to the Wifi Router interface? [migrated]

    - by JJarava
    This is what I believe to be an interesting challenge :) A relative (that leaves a bit too far to go there in person) is complaining that their WIFI/Internet network performance has gone down abysmally lately. She'd like to know if some of the neighbors are using her wifi network to access the internet but she's not too technically savvy. I know that the best way to prevent issues would be to change the Router password, but it's a bit of a PITA having to re-configure all wifi devices... and if the uninvited guest broke the password once, they can do it again... Her wifi router/internet connection is provided by the telco, and remotely managed so she can log-on to their telco account's page and remotely change the router's Wifi password, but doesn't have access to the router status page/config/etc unless she opts out of the telco's remote support and mainteinance service... So, how could she check if there are guests in the wifi with this restrictions and in the most "point and click way"? In this case I'd probably use nmap to look for other devices in the network, but I'm not sure if that's the easiest way to do it. I'm not a wifi expert, so I don't know if there are any wifi-scanning utils that can tell us who's talking to the router... Lastly, she's a Windows user as I guess that'll influence the choice of tools available Any suggestions more than welcome Regards!

    Read the article

  • is there any valid reason for users to request phpinfo()

    - by The Journeyman geek
    I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

    Read the article

  • VPS, what to install next?

    - by Camran
    I have my VPS now, with ubuntu 9.10 OS. I wonder about SSH. What is it for, and how do I use it? Also, in which order should I install apps on my server? (ex: PuTTY, IPTABLES, LAMP etc...)? Thanks

    Read the article

  • How can I start any application with Guest permissions by default?

    - by Tom Wijsman
    Here are my two questions: How can I start any application with Guest permissions by default? How can I set certain applications not to launch with Guest permissions? For the first bullet, any non-Microsoft signed application I launch should run as the Guest account. For the second bullet, I'm imagining adding menu entries like this would be a nice approach: Set to run as Guest (= default selected entry) Set to run as User Set to run as Admin But how do I do this?

    Read the article

< Previous Page | 168 169 170 171 172 173 174 175 176 177 178 179  | Next Page >