Search Results

Search found 120608 results on 4825 pages for 'code access security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 268/4825 | < Previous Page | 264 265 266 267 268 269 270 271 272 273 274 275  | Next Page >

  • Is there an apache module to slow down site scans?

    - by florin
    I am administering a few web servers. Each night, random hosts from the Internet are probing them for various vulnerabilities in php, phpadmin, horde, mysqladmin, etc. Is there a way (apache plugin?) to slow down the rate of attack? For SSH, I have a rate limiting rule on the firewall, which does not allow more than three connections per minute. But I don't want to rate limit all HTTP access, only the access that returns 404s. Is there such an apache module?

    Read the article

  • How to create a password-less service account in AD?

    - by Andrew White
    Is it possible to create domain accounts that can only be accessed via a domain administrator or similar access? The goal is to create domain users that have certain network access based on their task but these users are only meant for automated jobs. As such, they don't need passwords and a domain admin can always do a run-as to drop down to the correct user to run the job. No password means no chance of someone guessing it or it being written down or lost. This may belong on SuperUser ServerFault but I am going to try here first since it's on the fuzzy border to me. I am also open to constructive alternatives.

    Read the article

  • How to secure memcached?

    - by alfish
    In Debian, I have installed memcached (using this guide) to lower the otherwise unmanageable load on mysql database. The database is on a separate server, and memcached and Varnish are on the front server. Is it a potential security hole to leave memcached unprotected by a firewall? If so, how should I secure it? The situation is especially worrisome,as I've received (unproved) reports of cookie thefts on the server. Thanks

    Read the article

  • Easy way to access cookies in Chrome

    - by macek
    To view specific cookies in Chrome, currently I have to: Go to preferences Click Under the Hood tab Click Content Settings... button Click Cookies tab (if it's not already active) Click Show cookies and other site data... button If I want to narrow this down to a specific domain, I have to type it in, too. Compare this to Firefox: View Page Info Click Security tab Click View Cookies The domain for the page I'm currently on is already used as a filter, too. My question: Is there an easier way in Chrome? I've done some searching for an extension but have come up with nothing.

    Read the article

  • What are some good methods to improve personal password management?

    - by danilo
    I want to improve my personal password management. I usually use secure passwords, but overuse them for too many different places. My questions: What methods do you use to create passwords, e.g. for different online sites/logins? What methods do you use to remember those passwords? Memory? Pen&Paper? Software storage? Is there some good way to store my passwords somewhere, so I can always have access to them when I need them (e.g. a webbased solution on my own server) but at the same way keep them away from unwanted access? Edit: Someone on another site mentioned http://passwordmaker.org/. Have you had any good or bad experiences with that software?

    Read the article

  • how to find out which servers are accessing Oracle Internet Directory ?

    - by mad sammy
    Hi, We have a OID which is maintaining data about various users. This OID is being accessed by many weblogic servers. Weblogic servers are getting authenticated using this LDAP, but when a particular server authentication fails it causes authentication process failure for all servers, so we want to track that specific server which is causing this error. Is there any facility to know which servers are using the OID or i would like to know that does OID maintains any LOGs of its usage for security purpose.. Thanks.

    Read the article

  • Easy way to access cookies in Chrome

    - by macek
    To view specific cookies in Chrome, currently I have to: Go to preferences Click Under the Hood tab Click Content Settings... button Click Cookies tab (if it's not already active) Click Show cookies and other site data... button If I want to narrow this down to a specific domain, I have to type it in, too. Compare this to Firefox: View Page Info Click Security tab Click View Cookies The domain for the page I'm currently on is already used as a filter, too. My question: Is there an easier way in Chrome? I've done some searching for an extension but have come up with nothing. Any help is appreciated :)

    Read the article

  • Self-hosted browser-based remote desktop script?

    - by rlsaj
    I need a self-hosted browser based remote desktop script that will connect me from any PC to my work PC. I need to either host this script within my own dedicated hosting or on my work PC. The PC that I need to remote into is always the one PC (Win7) and the IP never changes, and I have access to the Router/Firewall within. I have tried many remote desktop services and applications - LogMeIn, Team Viewer, (Ultra/Tight) VNC, GoToMyPC and iTeleport Connect and even Windows Remote Desktop - and the web services (or ports) are blocked at whatever free wi-fi/hotel/coffee shop I am at. Note that I will need to be able to access this from any PC, so I won't be able to install any applications (or use any portable software) - hence my thinking that it will need to be browser based on a standard (not blocked) port. If I can set up a web based remote desktop application - really a homebrew LogMeIn - then I should solve my problem. What is the best option here?

    Read the article

  • Do I really need mod_security?

    - by Rob
    I'm doing a clean install of my server and I'm looking for some advice on whether or not I actually need the Apache mod_security module. I consider myself to be a bit security paranoid when it comes to my servers, but is it worth going through all the hassle to install and debug a new config of mod_security?

    Read the article

  • What is a quick way to report login/logout times on Windows 2003?

    - by blueberryfields
    I have about a dozen servers, and I am looking to quickly find out all of the login/logout times, for a subset of users, for all servers, during January. Is there a quick, easy way to get this information (faster and easier than manually combing through the security logs)? I would rather not replicate any work - are there any publicly posted tools or scripts that already implement a solution to this problem?

    Read the article

  • Running Modern UI/Metro Apps as Administrator in Windows 8

    - by Shail
    I noticed that on Windows 8's Start screen, I could right click a Windows legacy program (A program which runs on Windows XP, Vista and 7), and I could run it as Administrator. However, whenever I clicked on a Windows 8 Modern UI or a Metro app, I didn't have that option. So here are my questions:- Why can't I run the Modern UI apps as an Administrator? Does it make any difference as far as security is concerned?

    Read the article

  • Securing a persistent reverse SSH connection for management

    - by bVector
    I am deploying demo Ubuntu 10.04 LTS servers in environments I do not control and would like to have an easy and secure way to administer these machines without having to have the destination firewall forward port 22 for SSH access. I've found a few guides to do this with reverse port (e.g. howtoforge reverse ssh tunneling guide) but I'm concerned with security of the stored ssh credentials required for the tunnel to be opened automatically. If the machine is compromised (primary concern is physical access to the machine is out of my control) how can I stop someone from using the stored credentials to poke around in the reverse ssh tunnel target machine? Is it possible to secure this setup, or would you suggest an alternate method?

    Read the article

  • Server 2003 RAS Server Utilising High WAN Traffic

    - by Joe Sergeant
    We have Routing and Remote Access configured on Server 2003 (also our primary domain controller), allowing users to connect in remotely to access files, email, etc. With one user, the RAS Server is constantly sending data to that user's remote computer. From 9am this morning it has transferred almost 800MB. The user isn't transferring any files remotely, certainly not enough to total 800MB anyway. None of the other remote users have had this issue. We have ensured that the user in question has "Use default gateway on remote network" disabled for both IPv4 and IPv6 and we are fairly confident that Offline Files isn't trying to synchronise with the server remotely, too. My question is two-fold. Firstly, has anyone had a similar experience? Secondly, what would be the best software to discover exactly what data is being sent to the remote user?

    Read the article

  • Disable SSL / TLS compression in Apache 2.2.x

    - by DevGav
    Is there a way to disable SSL/TLS Compression in Apache 2.2.x when using mod_ssl? If not, what are people doing to mitigate the effects of CRIME/BEAST in older browsers? Related Links: https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 https://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor

    Read the article

  • Airport Express configuration

    - by Christina
    We are trying to set up remote access to a computer that houses a server fro a particular program we are running. The program says we need to configure the office router. In the firewall settings it says to open ports 5345-5351 (TCP only). Port Forwarding: You will also need to forward the same range of ports (5345-5351) to the computer running the Server. This typically requires that the computer running the Server be assigned a static IP on the local network. Having trouble figuring out which IP address we actually need to be using on the client side of this program in order to access the server computer. Can someone walk through this process?? We are working on Mac OSX 10.5. Thank you in advance!

    Read the article

  • mpasdlta files -- what are they?

    - by Tmdean
    I noticed a bunch of folders in the root of my hard drive named with a string of hex digits that contain files named with a GUID ending with "mpasdlta.vdm" and "mpavdlta.vdm". From some Googling, I've determined that these files are spyware and virus definition files used by Microsoft Security Essentials. Are these files safe to delete? (Why doesn't Microsoft follow their own guidelines and store application data in the folders intended for that purpose? grumble grumble)

    Read the article

  • How can I restrict a group to reading only two particular folders with Windows Server?

    - by Lord Torgamus
    I have a group of users on Windows Server 2003 who need to be able to read the contents of two directories but not be able to access anything else on the server (including read-only access). One of the directories is K:\projectFour\config — and the other is similarly formatted — so it would be okay for group members to be able to list the contents of K:\ and K:\projectFour\ but not actually read anything in those directories. I've found several resources via SF/Google, including how to restrict individual folders/drives and how to allow users to only run specific executables, but that information ultimately didn't solve my issue. Sorry if this is a really simple thing to do, I'm usually a developer and don't know the first thing about servers or group policies. Finally, I should mention that this isn't a fully concrete question, as it will be implemented eventually but I don't personally have a copy of Windows Server 2003 to test with right now.

    Read the article

  • Is it worth the effort to block failed login attempts

    - by dunxd
    Is it worthwhile running fail2ban, sshdfilter or similar tools, which blacklist IP addresses which attempt and fail to login? I've seen it argued that this is security theatre on a "properly secured" server. However, I feel that it probably makes script kiddies move on to the next server in their list. Let's say that my server is "properly secured" and I am not worried that a brute force attack will actually succeed - are these tools simply keeping my logfiles clean, or am I getting any worthwhile benefit in blocking brute force attack attempts?

    Read the article

  • AWStats log format for tomcat access logs which has X-Forwarded-For

    - by Nix
    What should be the AWStats log format for below tomcat access logs ? I tried these formats but the external IP addresses are not coming into AWStats reports. LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot %referer %other %other" LogFormat="%other %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot %host_proxy" tomcat valve settings: pattern="%h %l %{USER_ID}s %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;X-Forwarded-For=%{X-Forwarded-For}i&quot; &quot;JSESSIONID=%{JSESSIONID}c&quot; %D" Log entry: 127.0.0.1 - - [04/Nov/2013:13:39:55 +0000] "GET / HTTP/1.1" 200 12345 "https://www.google.com/url?some_url" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36" "X-Forwarded-For=real_ip, proxy_server_internal_ip" "JSESSIONID=-" 12345

    Read the article

  • Finding proof of server being compromised by Black Hole Toolkit exploit

    - by cosmicsafari
    I recently took over maintenance of a company server. (Just Host, C Panel, Linux server), theres a tonne of websites on it which i know nothing about. It had came to my attention that a client had attempted to access one of the websites hosted on this server and was met with a warning from windows defender. It had blocked access because it said the website had been compromised by the Black Hole Toolkit or something to that effect. Anyway I went in and updated various plugins and deleted some old suspect websites. I have since ran the website in question through a few online malware scanners and its comes up clean everytime. However im not convinced. Do any of you guys know extensive ways i can check that the server isn't still compromised. I have no way to install any malware scanners or anti virus programs on the server as it is horribly locked down by Just Host.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 264 265 266 267 268 269 270 271 272 273 274 275  | Next Page >