Search Results

Search found 68155 results on 2727 pages for 'data security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 308/2727 | < Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315  | Next Page >

  • Monitor someone on server

    - by edo
    Im in the unfortunate position of having to give someone who I do not fully trust privileged access to a webserver to finish work that they never completed. They will access the server remotely (ie I will not be able to see their screen). What can be done to a) proactively limit any potential damage and b) accurately log anything they do on the server for analysis afterwards, even if things seem ok? They will be updating a web application. Thanks in advance! --- More informtion: The server is a Ubuntu AWS server.

    Read the article

  • How to automatically copy a file uploaded by a user by FTP in Linux (CentOS)?

    - by Buttle Butkus
    Outside contractor says they need read/write/execute permissions on part of the filesystem so they can run a script. I'm ok with that, but I want to know what they're running, in case it turns out there is some nefarious code. I assume they are going to upload the file, run it, and then delete it to prevent me from finding out what they've done. How can I find out exactly what they've done? My question specifically asks for a way of automatically copying the file, which would be one way. But if you have another solution, that's fine. For example, if the file could be automatically copied to /home/root/uploaded_files/ that would be awesome.

    Read the article

  • How to change user for more rights on a SFTP client?

    - by Zenklys
    It is always suggested on first step to disable the remote root login for the SSH protocol. I have a low-right user able to connect via SSH and once connected, I simply su in order to gain more rights. Now when using a sFTP client, I use my low-right user and am thus able to do next to nothing. My question is : Is it possible to change user after login using 3rd party client, such as Transmit, Cyberduck, Filezilla ? PS : Mac clients would be great ;)

    Read the article

  • Is the guideline: don't open email attachments or execute downloads or run plug-ins (Flash, Java) from untrusted sites enough to avert infection?

    - by therobyouknow
    I'd like to know if the following is enough to avert malware as I feel that the press and other advisory resources aren't always precisely clear on all the methods as to how PCs get infected. To my mind, the key step to getting infected is a conscious choice by the user to run an executable attachment from an email or download, but also viewing content that requires a plug-in (Flash, Java or something else). This conscious step breaks down into the following possibilities: don't open email attachments: certainly agree with this. But lets try to be clear: email comes in 2 parts -the text and the attachment. Just reading the email should not be risky, right? But opening (i.e. running) email attachments IS risky (malware can be present in the attachment) don't execute downloads (e.g. from sites linked from in suspect emails or otherwise): again certainly agree with this (malware can be present in the executable). Usually the user has to voluntary click to download, or at least click to run the executable. Question: has there ever been a case where a user has visited a site and a download has completed on its own and run on its own? don't run content requiring plug-ins: certainly agree: malware can be present in the executable. I vaguely recall cases with Flash but know of the Java-based vulnerabilities much better. Now, is the above enough? Note that I'm much more cautious than this. What I'm concerned about is that the media is not always very clear about how the malware infection occurs. They talk of "booby-trapped sites", "browser attacks" - HOW exactly? I'd presume the other threat would be malevolent use of Javascript to make an executable run on the user's machine. Would I be right and are there details I can read up on about this. Generally I like Javascript as a developer, please note. An accepted answer would fill in any holes I've missed here so we have a complete general view of what the threats are (even though the actual specific details of new threats vary, but the general vectors are known).

    Read the article

  • Preventing back connect in Cpanel servers

    - by Fernando
    We run a Cpanel server and someone gained access to almost all accounts using the following steps: 1) Gained access to an user account due to weak password. Note: this user didn't had shell access. 2) With this user account, he accessed Cpanel and added a cron task. The cron task was a perl script that connected to his IP and he was able to send back shell commands. 3) Having a non jailed shell, he was able to change content of most websites in server specially for users who set their folders to 777 ( Unfortunately a common recommendation and sometimes a requirement for some PHP softwares ). Is there a way to prevent this? We started by disabling cron in Cpanel interface, but this is not enough. I see a lot of other options in which an user could run this perl script. We have a firewall running and blocking uncommon outgoing ports. But he used port 80 and, well, I can't block this port as a lot of processes use them to access things, even Cpanel itself.

    Read the article

  • Using Windows as a gateway to the internet

    - by James Wright
    My customer currently blocks outbound RDP and SSH, which means that none of their employees can get access to external Windows and Linux boxes (at the console level). However, a need has recently arisen to give access to an assortment of RDP and SSH endpoints scattered throughout the internet. The endpoint IP addresses are a moving target, and an access list exists to define what those IP addresses are. So now my customer wants to have a single Windows Server that they control as the sole outbound point for RDP/SSH to the internet. Consider it a jump box to the internet. If one of our admins have an access to this Windows box then they can log on, and from there bounce around to RDP/SSH endpoints on the internet. Is a standard Windows 2008 box going to work as a jump box? For example, I seem to recall that Win2k8 limits the number of users that can log on simultaneously, which means that the jump box may not be accessible if lots of users are on it. Advice as to how to make this work..?

    Read the article

  • Using a Group Managed Service Account (gMSA) for a scheduled task

    - by Trevor Sullivan
    Back in Windows Server 2008 R2, when stand-alone Managed Service Accounts (sMSA) were new, they could not be used to execute scheduled tasks. In Windows Server 2012 however, there is a new type of account called the Group Managed Service Account (gMSA). This type of account is supposedly capable of launching scheduled tasks in the task scheduler on clients & member servers inside of a Windows Server 2012 forest/domain functional level. So far, I have: Established a Windows Server 2012 forest/domain Created a Group Managed Service Account (gMSA) Installed the gMSA on a Windows Server 2012 member server And currently I'm having trouble with: Setting a scheduled task to use the gMSA When I attempt to use a gMSA on a scheduled task, I get the error message that says "The object cannot be found" (paraphrased) message. My question is: How do I configure a Scheduled Task to execute using a Group Managed Service Account (gMSA)?

    Read the article

  • Server load increases by lot of httpd request with same PID

    - by user3740955
    I can see that my server load increases to more than 200-300 range. Before 1 week the maximum load was around 20-25. In top and ps -ef i can see a lot of httpd threads and the PPID of most of the httpd request are of the same PID. When i verified this the parent process ID is of root. Please let me know how i can reduce the server load. I have searched a lot for this but not able to find out a proper solution for this. Please let me know. Please see below a part of the top output. apache 29698 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29700 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29701 2062 10 16:54 ? 00:00:02 /usr/sbin/httpd apache 29702 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29703 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29705 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29706 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29707 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29708 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29709 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29710 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29711 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29712 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd Server version: Apache/2.2.3

    Read the article

  • Store system passwords with easy and secure access

    - by CodeShining
    I'm having to handle several VPS/services and I always set passwords to be different and random. What kind of storage do you suggest to keep these passwords safe and let me access them easily? These passwords are used for services like databases, webserver user and so on that run customers' services, so it's really important to keep them in a safe place and strong. I'm actually storing them in a google drive spreadsheet file, describing user, password, role, service. Do you know of better solutions? I'd like to keep them on a remote service to make sure I don't have to make backup copies (in case my hdd would fail somehow). I do work on *nix platforms (so windows specific solutions are not a choice here).

    Read the article

  • ESX Firewall Command Troubles

    - by John
    Hi, I am working on creating some firewall rules to stop some of the SSH brute-force attacks that we have seen recently on our ESX server hosts. I have tried the following rules from the CLI to first block all SSH traffic and then allow the two ranges that I am interested in: esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH" esxcfg-firewall --ipruleAdd 11.130.0.0/16,22,tcp,ACCEPT,"Allow_PUBLIC_SSH" esxcfg-firewall --ipruleAdd 10.130.0.0/16,22,tcp,ACCEPT,"Allow_PRIVATE_SSH" However, these rules are not working as intended. I know that if you do not enter the block rule first, then the allow rule will not be processed. We are now having the issue where the first entered allow rule is being ignored such that the block rule works and the last entered allow rule works. I was curious if anyone had any ideas on how I could allow a few different ranges of IP's with the esxcfg-firewall --ipruleAdd command? I am at a loss and am having a hard time locating examples or further documentation about this. Thanks in advance for your help with this.

    Read the article

  • non-interactive ssh sudo... prompts for the password in plain text

    - by Iain
    I'm running some non-interactive ssh commands. The ssh authentication is taken care of fine through the ssh agent, but if I run a command that requires sudo then the password prompt in my terminal is plain text. For example: ssh remotemachine "sudo -u www mkdir -p /path/to/new/folder" will prompt me for the password in plain text. Does anyone know how I can get it to use the normal secure prompt or that I can pass the password via a switch? (as then I can set up a secure prompt on this side before I send the command) Any help is much appreciated.

    Read the article

  • Certificate Authentication

    - by Steve McCall
    I am currently working on deploying a website for staff to use remotely and would like to make sure it is secure. I was thinking would it be possible to set up some kind of certificate authentication where I would generate a certificate and install it on their laptop so they could access the website? I don't really want them to generate the certificates themselves though as that could easily go wrong. How easy / possible is this and how do I go about doing it?

    Read the article

  • iptables: separate clients from each other

    - by Florian Lagg
    Hello, is there a way to separate clients in a subnet so that they cannot reach each other? The infrastructure currently looks like this: 192.168.0.1/24 Gateway, a CentOS box with iptables. 192.168.0.10-20 Some clients which may reach each other 192.168.0.30 A single client which should not be able to reach the hosts 192.168.0.10-20 should be able to reach the gateway and the internet I don't know if it is possible, maybe you could give me your ideas how it could be done. I cannot influence the machine 192.168.0.30 because it is a virtual machine I want to rent to someone. Thanks.

    Read the article

  • My servers been hacked EMERGENCY

    - by Grant unwin
    I'm on my way into work at 9.30 pm on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere I'm not sure till j get there. Does anyone have any tips on how I can track this down quickly. Were in for a whole lot of litigation if I dont get the server back up asap. Any help appreciated.

    Read the article

  • Program for keeping encrypted files.

    - by Giorgi
    I am looking for a program which will encrypt files specified by me and allow me to view/edit/delete those files without creating a virtual disk. I do not want to have virtual disk as a domain administrator can access it so truecrypt is not the possibility. One possibility is to use winrar with password protected archive but winrar serves a different goal so it is not very user friendly for this purpose. If it's possible it would be nice if the program does not creates temp files while I open the files. Any suggestions?

    Read the article

  • Default document not working after installing SP1 on Windows 2008 R2 x64

    - by boredgeek
    We have a web site that should only be available for authorized users. So we deny anonymous access for the site. However we do allow anonymous access to the default page and the login page. When we installed SP1 the behavior of the server changed. Now if the user is trying to access the root of the site, say http://mysite.com, she is redirected to login page rather than the default page. Is there a hotfix to bring back the previous behavior?

    Read the article

  • Prevent Excel Chart Data Labels overlapping

    - by Nicholas
    I have an Excel dashboard with line charts containing data labels. Specifically, we are only using the data labels at the rightmost end of the lines, and the labels consist of the Series name and final value. By changing a dropdown, the dashboard is automatically updated to give 19 different dashboards. The problem is that we can't work out any way of preventing the labels overlapping. Everything else on the dashboard can be made to automatically update nicely, except for this. Can anybody think of a way to do this? E.g. plugin or macro.

    Read the article

  • Disabling certain JBoss ports

    - by Rich
    We are trying to configure JBoss 5.1.0 to be as lightweight and as secure as possible. One of the parts of this process is to identify and close any ports we do not need. Three ports that we have outstanding but don't believe we need are: 4457 - bisocket 4712 - JBossTS Recovery Manager 4713 - JBossTS Transaction Status Manager We don't think we need any of these features (but could be wrong). Bisocket seems to be a way for JMS clients behind a firewall to communicate with JBoss. We hardly use JMS now and when we do, it is very unlikely that we will need this firewall traversing ability. I am less sure about whether we need the two JBossTS ports - I am guessing these are used in a clustered environment - we aren't clustered. So my question is, how do we disable these ports (and associated processes where possible), or if we need these ports, why do we need to keep them open?

    Read the article

  • How many guesses per second are possible against an encrypted disk? [closed]

    - by HappyDeveloper
    I understand that guesses per second depends on the hardware and the encryption algorithm, so I don't expect an absolute number as answer. For example, with an average machine you can make a lot (thousands?) of guesses per second for a hash created with a single md5 round, because md5 is fast, making brute force and dictionary attacks a real danger for most passwords. But if instead you use bcrypt with enough rounds, you can slow the attack down to 1 guess per second, for example. 1) So how does disk encryption usually work? This is how I imagine it, tell me if it is close to reality: When I enter the passphrase, it is hashed with a slow algorithm to generate a key (always the same?). Because this is slow, brute force is not a good approach to break it. Then, with the generated key, the disk is unencrypted on the fly very fast, so there is not a significant performance lose. 2) How can I test this with my own machine? I want to calculate the guesses per second my machine can make. 3) How many guesses per second are possible against an encrypted disk with the fastest PC ever so far?

    Read the article

  • How to use OpenVPN through a restrictive firewall?

    - by R.L. Stine
    I'm currently in the situation of attempting to setup OpenVPN on a personal VPS, for connection primarily through an overly restrictive firewall. All of the setups mentioned below work when used through a reasonably-firewalled connection. I have tried: OpenVPN running on the standard port OpenVPN running on port 443 (I start OpenVPN manually from the command line on the VPS and see that the server reports the connection being closed almost immediately, I assume this is a result of DPI on the firewall) STunnel running on port 443 to access OpenVPN and evade DPI. This is the most successful and allows a connection and internet access through the VPN for ~10-20 seconds, before the connection is forcibly closed. Is there anything else I can attempt?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315  | Next Page >