Search Results

Search found 29222 results on 1169 pages for 'network security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 64/1169 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • Derek Brink shares "Worst Practices in IT Security"

    - by Darin Pendergraft
    Derek Brink is Vice President and Research Fellow in IT Security for the Aberdeen Group.  He has established himself as an IT Security Expert having a long and impressive career with companies and organizations ranging from RSA, Sun, HP, the PKI Forum and the Central Intelligence Agency.  So shouldn't he be talking about "Best Practices in IT Security?" In his latest blog he talks about the thought processes that drive the wrong behavior, and very cleverly shows how that incorrect thinking exposes weaknesses in our IT environments. Check out his latest blog post titled: "The Screwtape CISO: Memo #1 (silos, stovepipes and point solutions)"

    Read the article

  • ADF Desktop Integration Security Explained

    - by juan.ruiz
    ADFdi provides a secure access to spreadsheets within MS-Excel. Developers as well as administrators could wonder how the security features work in this mixed layout -having MS-Excel accessing JavaEE business services? and also what do system administrators should expect when deploying an ADF solution that offers ADFdi capabilities? Shaun Logan from the ADFdi team published an excellent article back in January where you can find in a great detail the ADF desktop integration security features and implementation. You can find the article here: http://www.oracle.com/technology/products/jdev/11/collateral/security%20whitepaper%20for%20adfdi%20r1%20final.pdf Enjoy!

    Read the article

  • Network authentication + roaming home directory - which technology should I look into using?

    - by Brian
    I'm looking into software which provides a user with a single identity across multiple computers. That is, a user should have the same permissions on each computer, and the user should have access to all of his or her files (roaming home directory) on each computer. There seem to be many solutions for this general idea, but I'm trying to determine the best one for me. Here are some details along with requirements: The network of machines are Amazon EC2 instances running Ubuntu. We access the machines with SSH. Some machines on this LAN may have different uses, but I am only discussing machines for a certain use (running a multi-tenancy platform). The system will not necessarily have a constant amount of machines. We may have to permanently or temporarily alter the amount of machines running. This is the the reason why I'm looking into centralized authentication/storage. The implementation of this effect should be a secure one. We're unsure if users will have direct shell access, but their software will potentially be running (under restricted Linux user names, of course) on our systems, which is as good as direct shell access. Let's assume that their software could potentially be malicious for the sake of security. I have heard of several technologies/combinations to achieve my goal, but I'm unsure of the ramifications of each. An older ServerFault post recommended NFS & NIS, though the combination has security problems according to this old article by Symantec. The article suggests moving to NIS+, but, as it is old, this Wikipedia article has cited statements suggesting a trending away from NIS+ by Sun. The recommended replacement is another thing I have heard of... LDAP. It looks like LDAP can be used to save user information in a centralized location on a network. NFS would still need to be used to cover the 'roaming home folder' requirement, but I see references of them being used together. Since the Symantec article pointed out security problems in both NIS and NFS, is there software to replace NFS, or should I heed that article's suggestions for locking it down? I'm tending toward LDAP because another fundamental piece of our architecture, RabbitMQ, has a authentication/authorization plugin for LDAP. RabbitMQ will be accessible in a restricted manner to users on the system, so I would like to tie the security systems together if possible. Kerberos is another secure authentication protocol that I have heard of. I learned a bit about it some years ago in a cryptography class but don't remember much about it. I have seen suggestions online that it can be combined with LDAP in several ways. Is this necessary? What are the security risks of LDAP without Kerberos? I also remember Kerberos being used in another piece of software developed by Carnegie Mellon University... Andrew File System, or AFS. OpenAFS is available for use, though its setup seems a bit complicated. At my university, AFS provides both requirements... I can log in to any machine, and my "AFS folder" is always available (at least when I acquire an AFS token). Along with suggestions for which path I should look into, does anybody have any guides which were particularly helpful? As the bold text pointed out, LDAP looks to be the best choice, but I'm particularly interested in the implementation details (Keberos? NFS?) with respect to security.

    Read the article

  • ASP.NET WebAPI Security 2: Identity Architecture

    - by Your DisplayName here!
    Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for security. The first important takeaway is that WebAPI is hosting independent-  currently it ships with two host integration implementations – one for ASP.NET (aka web host) and WCF (aka self host). Pedro nicely shows the integration into the web host. Self hosting is not done yet so we will mainly focus on the web hosting case and I will point out security related differences when they exist. The interesting part for security (amongst other things of course) is the HttpControllerHandler (see Pedro’s diagram) – this is where the host specific representation of an HTTP request gets converted to the WebAPI abstraction (called HttpRequestMessage). The ConvertRequest method does the following: Create a new HttpRequestMessage. Copy URI, method and headers from the HttpContext. Copies HttpContext.User to the Properties<string, object> dictionary on the HttpRequestMessage. The key used for that can be found on HttpPropertyKeys.UserPrincipalKey (which resolves to “MS_UserPrincipal”). So the consequence is that WebAPI receives whatever IPrincipal has been set by the ASP.NET pipeline (in the web hosting case). Common questions are: Are there situations where is property does not get set? Not in ASP.NET – the DefaultAuthenticationModule in the HTTP pipeline makes sure HttpContext.User (and Thread.CurrentPrincipal – more on that later) are always set. Either to some authenticated user – or to an anonymous principal. This may be different in other hosting environments (again more on that later). Why so generic? Keep in mind that WebAPI is hosting independent and may run on a host that materializes identity completely different compared to ASP.NET (or .NET in general). This gives them a way to evolve the system in the future. How does WebAPI code retrieve the current client identity? HttpRequestMessage has an extension method called GetUserPrincipal() which returns the property as an IPrincipal. A quick look at self hosting shows that the moral equivalent of HttpControllerHandler.ConvertRequest() is HttpSelfHostServer.ProcessRequestContext(). Here the principal property gets only set when the host is configured for Windows authentication (inconsisteny). Do I like that? Well – yes and no. Here are my thoughts: I like that it is very straightforward to let WebAPI inherit the client identity context of the host. This might not always be what you want – think of an ASP.NET app that consists of UI and APIs – the UI might use Forms authentication, the APIs token based authentication. So it would be good if the two parts would live in a separate security world. It makes total sense to have this generic hand off point for identity between the host and WebAPI. It also makes total sense for WebAPI plumbing code (especially handlers) to use the WebAPI specific identity abstraction. But – c’mon we are running on .NET. And the way .NET represents identity is via IPrincipal/IIdentity. That’s what every .NET developer on this planet is used to. So I would like to see a User property of type IPrincipal on ApiController. I don’t like the fact that Thread.CurrentPrincipal is not populated. T.CP is a well established pattern as a one stop shop to retrieve client identity on .NET.  That makes a lot of sense – even if the name is misleading at best. There might be existing library code you want to call from WebAPI that makes use of T.CP (e.g. PrincipalPermission, or a simple .Name or .IsInRole()). Having the client identity as an ambient property is useful for code that does not have access to the current HTTP request (for calling GetUserPrincipal()). I don’t like the fact that that the client identity conversion from host to WebAPI is inconsistent. This makes writing security plumbing code harder. I think the logic should always be: If the host has a client identity representation, copy it. If not, set an anonymous principal on the request message. Btw – please don’t annoy me with the “but T.CP is static, and static is bad for testing” chant. T.CP is a getter/setter and, in fact I find it beneficial to be able to set different security contexts in unit tests before calling in some logic. And, in case you have wondered – T.CP is indeed thread static (and the name comes from a time where a logical operation was bound to a thread – which is not true anymore). But all thread creation APIs in .NET actually copy T.CP to the new thread they create. This is the case since .NET 2.0 and is certainly an improvement compared to how Win32 does things. So to sum it up: The host plumbing copies the host client identity to WebAPI (this is not perfect yet, but will surely be improved). or in other words: The current WebAPI bits don’t ship with any authentication plumbing, but solely use whatever authentication (and thus client identity) is set up by the host. WebAPI developers can retrieve the client identity from the HttpRequestMessage. Hopefully my proposed changes around T.CP and the User property on ApiController will be added. In the next post, I will detail how to add WebAPI specific authentication support, e.g. for Basic Authentication and tokens. This includes integrating the notion of claims based identity. After that we will look at the built-in authorization bits and how to improve them as well. Stay tuned.

    Read the article

  • Silverlight Security

    Here are some interesting links about Silverlight security (I learnt a lot from the first document): Silverlight security whitepaper: > http://download.microsoft.com/download/A/1/A/A1A80A28-907C-4C6A-8036-782E3792A408/Silverlight Security Overview.docx This reading gives you a lot of insight into features like Isolated Storage, Local Messaging, Cross-Site Scripting (XSS), Sandbox, Validate input, https, . Shawn Wildermuths session at MIX10: > Securing Microsoft Silverlight Applications ...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • I have UFW block messages from local network machines, how can I analyse if they are malicious?

    - by Trygve
    I'm getting a lot of messages in my UFW log, and I'm trying to figure out if these are malicious or just normal. A UDP broadcast is coming from a windows laptop x.x.x.191, and some from our synology disks x.x.x.{6,8,10,11}. I have not figured out which macine 114 is yet. I would appreciate some advice in how to read the log, and get the most I can out of these calls. Oct 18 17:03:34 <myusername> kernel: [ 4034.755221] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:11:32:06:e8:19:08:00 SRC=x.x.x.6 DST=x.x.x.169 LEN=364 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=47978 LEN=344 Oct 18 17:03:34 <myusername> kernel: [ 4034.755292] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:11:32:1b:e8:8f:08:00 SRC=x.x.x.10 DST=x.x.x.169 LEN=366 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=47978 LEN=346 Oct 18 17:03:34 <myusername> kernel: [ 4034.756444] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:c0:c1:c0:52:18:ea:08:00 SRC=x.x.x.8 DST=x.x.x.169 LEN=294 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=47978 LEN=274 Oct 18 17:03:34 <myusername> kernel: [ 4034.756613] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:c0:c1:c0:52:18:ea:08:00 SRC=x.x.x.8 DST=x.x.x.169 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=47978 LEN=286 Oct 18 17:03:34 <myusername> kernel: [ 4034.760416] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:11:32:1e:6a:33:08:00 SRC=x.x.x.11 DST=x.x.x.169 LEN=366 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=47978 LEN=346 Oct 18 17:03:36 <myusername> kernel: [ 4036.215134] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=x.x.x.169 LEN=424 TOS=0x00 PREC=0x00 TTL=128 ID=11155 PROTO=UDP SPT=1900 DPT=47978 LEN=404 Oct 18 17:04:23 <myusername> kernel: [ 4083.853710] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=652 TOS=0x00 PREC=0x00 TTL=1 ID=11247 PROTO=UDP SPT=58930 DPT=3702 LEN=632 Oct 18 17:04:24 <myusername> kernel: [ 4084.063153] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=652 TOS=0x00 PREC=0x00 TTL=1 ID=11299 PROTO=UDP SPT=58930 DPT=3702 LEN=632 Oct 18 17:07:02 <myusername> kernel: [ 4242.153947] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=680 TOS=0x00 PREC=0x00 TTL=1 ID=18702 PROTO=UDP SPT=58930 DPT=3702 LEN=660 Oct 18 17:07:02 <myusername> kernel: [ 4242.275788] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=680 TOS=0x00 PREC=0x00 TTL=1 ID=18703 PROTO=UDP SPT=58930 DPT=3702 LEN=660 Oct 18 17:12:29 <myusername> kernel: [ 4569.073815] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=680 TOS=0x00 PREC=0x00 TTL=1 ID=30102 PROTO=UDP SPT=58930 DPT=3702 LEN=660 Oct 18 17:12:29 <myusername> kernel: [ 4569.242740] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=680 TOS=0x00 PREC=0x00 TTL=1 ID=30103 PROTO=UDP SPT=58930 DPT=3702 LEN=660 Oct 18 17:17:02 <myusername> kernel: [ 4841.440729] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=680 TOS=0x00 PREC=0x00 TTL=1 ID=9195 PROTO=UDP SPT=58930 DPT=3702 LEN=660 Oct 18 17:17:02 <myusername> kernel: [ 4841.553211] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=239.255.255.250 LEN=680 TOS=0x00 PREC=0x00 TTL=1 ID=9196 PROTO=UDP SPT=58930 DPT=3702 LEN=660 Oct 18 17:19:10 <myusername> kernel: [ 4969.294709] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:25:36:26:02:86:08:00 SRC=x.x.x.114 DST=239.255.255.250 LEN=923 TOS=0x00 PREC=0x00 TTL=1 ID=27103 PROTO=UDP SPT=3702 DPT=3702 LEN=903 Oct 18 17:19:10 <myusername> kernel: [ 4969.314553] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:7f:ff:fa:00:25:36:26:02:86:08:00 SRC=x.x.x.114 DST=239.255.255.250 LEN=923 TOS=0x00 PREC=0x00 TTL=1 ID=27104 PROTO=UDP SPT=3702 DPT=3702 LEN=903 Oct 18 17:33:34 <myusername> kernel: [ 5832.431610] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:11:32:1b:e8:8f:08:00 SRC=x.x.x.10 DST=x.x.x.169 LEN=366 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=55281 LEN=346 Oct 18 17:33:34 <myusername> kernel: [ 5832.431659] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:11:32:06:e8:19:08:00 SRC=x.x.x.6 DST=x.x.x.169 LEN=364 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=55281 LEN=344 Oct 18 17:33:34 <myusername> kernel: [ 5832.431865] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:11:32:1e:6a:33:08:00 SRC=x.x.x.11 DST=x.x.x.169 LEN=366 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=55281 LEN=346 Oct 18 17:33:34 <myusername> kernel: [ 5832.433024] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:c0:c1:c0:52:18:ea:08:00 SRC=x.x.x.8 DST=x.x.x.169 LEN=294 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=55281 LEN=274 Oct 18 17:33:34 <myusername> kernel: [ 5832.433224] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:c0:c1:c0:52:18:ea:08:00 SRC=x.x.x.8 DST=x.x.x.169 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1900 DPT=55281 LEN=286 Oct 18 17:33:37 <myusername> kernel: [ 5834.914484] [UFW BLOCK] IN=eth0 OUT= MAC=f0:de:f1:71:c3:2e:00:22:19:de:80:a4:08:00 SRC=x.x.x.191 DST=x.x.x.169 LEN=424 TOS=0x00 PREC=0x00 TTL=128 ID=10075 PROTO=UDP SPT=1900 DPT=55281 LEN=404

    Read the article

  • Ldap invalid credentials not loading authentication failure url

    - by Murari
    Able to do the custom ldap authentication for external db authorities. But when i am trying to test wrong password the authentication failure url is not showing instead my browser prints the exception details.Below is my securitycontext.xml and exption given <http auto-config="false" access-decision-manager-ref="accessDecisionManager" access-denied-page="/accessDenied.jsp"> <!-- Restrict access to ALL other pages --> <intercept-url pattern="/index.jsp" filters="none" /> <!-- Don't set any role restrictions on login.jsp --> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/service/**" access="PRIV_Report User, PRIV_305" /> <logout logout-success-url="/index.jsp" /> <form-login authentication-failure-url="/index.jsp?error=1" default-target-url="/home.jsp" /> <anonymous/> </http> <b:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <b:property name="decisionVoters"> <b:list> <b:ref bean="roleVoter" /> <b:ref bean="authenticatedVoter" /> </b:list> </b:property> </b:bean> <b:bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"> <b:property name="rolePrefix" value="PRIV_" /> </b:bean> <b:bean id="authenticatedVoter" class="org.springframework.security.vote.AuthenticatedVoter"> </b:bean> <b:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <b:constructor-arg value="ldap://mydomain:389" /> </b:bean> <b:bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <b:constructor-arg ref="contextSource" /> </b:bean> <b:bean id="ldapAuthenticationProvider" class="com.zo.sas.gwt.security.login.server.SASLdapAuthenticationProvider"> <b:property name="authenticator" ref="ldapAuthenticator" /> <custom-authentication-provider /> </b:bean> <b:bean id="ldapAuthenticator" class="com.zo.sas.gwt.security.login.server.SASAuthenticator"> <b:property name="contextSource" ref="contextSource" /> <b:property name="userDnPatterns"> <b:value>uid={0},OU=People</b:value> </b:property> </b:bean> and my exception logs..... org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180) org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) com.zo.sas.gwt.security.login.server.SASAuthenticator.authenticate(SASAuthenticator.java:55) com.zo.sas.gwt.security.login.server.SASLdapAuthenticationProvider.authenticate(SASLdapAuthenticationProvider.java:45) org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188) org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46) org.springframework.security.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:82) org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:258) org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) org.springframework.security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89) org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:183) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:138) This is my index.jsp <html> <script type="text/javascript" language="javascript"> var dictionary = { loginErr: "${SPRING_SECURITY_LAST_EXCEPTION.message}", error: "${param.error}" }; </script> <head> </head> <body > <iframe src="javascript:''" id="__gwt_historyFrame" style="width:0;height:0;border:0"></iframe> <script type="text/javascript" language="javascript" src="com.zo.sas.gwt.sasworkflow.home.Home.nocache.js"></script> </body> </html>

    Read the article

  • System Account Logon Failures ever 30 seconds

    - by floyd
    We have two Windows 2008 R2 SP1 servers running in a SQL failover cluster. On one of them we are getting the following events in the security log every 30 seconds. The parts that are blank are actually blank. Has anyone seen similar issues, or assist in tracking down the cause of these events? No other event logs show anything relevant that I can tell. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/17/2012 10:02:04 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: SERVERNAME.domainname.local Description: An account failed to log on. Subject: Security ID: SYSTEM Account Name: SERVERNAME$ Account Domain: DOMAINNAME Logon ID: 0x3e7 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Account Domain: Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x238 Caller Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: SERVERNAME Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Schannel Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 Second event which follows every one of the above events Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/17/2012 10:02:04 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: SERVERNAME.domainname.local Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Account Domain: Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000006d Sub Status: 0x80090325 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Schannel Authentication Package: Microsoft Unified Security Protocol Provider Transited Services: - Package Name (NTLM only): - Key Length: 0 EDIT UPDATE: I have a bit more information to add. I installed Network Monitor on this machine and did a filter for Kerberos traffic and found the following which corresponds to the timestamps in the security audit log. A Kerberos AS_Request Cname: CN=SQLInstanceName Realm:domain.local Sname krbtgt/domain.local Reply from DC: KRB_ERROR: KDC_ERR_C_PRINCIPAL_UNKOWN I then checked the security audit logs of the DC which responded and found the following: A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: X509N:<S>CN=SQLInstanceName Supplied Realm Name: domain.local User ID: NULL SID Service Information: Service Name: krbtgt/domain.local Service ID: NULL SID Network Information: Client Address: ::ffff:10.240.42.101 Client Port: 58207 Additional Information: Ticket Options: 0x40810010 Result Code: 0x6 Ticket Encryption Type: 0xffffffff Pre-Authentication Type: - Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: So appears to be related to a certificate installed on the SQL machine, still dont have any clue why or whats wrong with said certificate. It's not expired etc.

    Read the article

  • Security considerations on Importing Bulk Data by Using BULK INSERT or OPENROWSET(BULK...)

    - by Ice
    I do not understand the following article profound. http://msdn.microsoft.com/en-us/library/ms175915(SQL.90).aspx "In contrast, if a SQL Server user logs on by using Windows Authentication, the user can read only those files that can be accessed by the user account, regardless of the security profile of the SQL Server process." What if i define a SQL-Agent Job to perform this bulk-Insert; Is it the OWNER of the Job who gives the security-context?

    Read the article

  • Simple, current how-to install mod-security on cPanel server?

    - by linux911
    Does anyone have or know of a simple, up to date how to for installing mod-security on cPanel and configuring it after install? Every how to on the web I've found is at least two years old and is based on a mod-security addon function in cPanel which doesn't exist anymore. There are a couple of free add ons to simplify selecting rule files (configserver's for example) but there's no documentation on which rules a cPanel system "should" be using and so on.

    Read the article

  • Why is Internet said to be an untrusted network?

    - by Ant's
    From Wikipedia In computer security, a DMZ (sometimes referred to as a perimeter networking) is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. Why does it say … larger untrusted network, usually the Internet. I often see that internet is said to be an untrusted network. Are there any reasons for it?

    Read the article

  • c# Network Programming - HTTPWebRequest Scraping

    - by masterguru
    Hi, I am building a web scraping application. It should scrape a complex web site with concurrent HttpWebRequests from a single host to a single target web server. The application should run on Windows server 2008. One single HttpWebRequest for data could take from 1 minute to 4 minutes to complete (because of long running db operations) I should have at least 100 parallel requests to the target web server, but i have noticed that when i use more then 2-3 long-running requests i have big performance issues (request timeouts/hanging). How many concurrent requests can i have in this scenario from a single host to a single target web server? can i use Thread Pools in the application to run parallel HttpWebRequests to the server? will i have any issues with the default outbound HTTP connection/requests limits? what about Request timeouts when i reach outbound connection limits? what would be the best setup for my scenario? Any help would be appreciated. Thanks

    Read the article

  • Are there some general Network programming best practices?

    - by uriDium
    I am implementing some networking stuff in our project. It has been decided that the communication is very important and we want to do it synchronously. So the client sends something the server acknowledges. Are there some general best practices for the interaction between the client and the server. For instance if there isn't an answer from the server should the client automatically retry? Should there be a timeout period before it retries? What happens if the acknowledgement fails? At what point do we break the connection and reconnect? Is there some material? I have done searches but nothing is really coming up. I am looking for best practices in general. I am implementing this in c# (probably with sockets) so if there is anything .Net specific then please let me know too.

    Read the article

  • Is Windows Server 2008R2 NAP solution for NAC (endpoint security) valuable enough to be worth the hassles?

    - by Warren P
    I'm learning about Windows Server 2008 R2's NAP features. I understand what network access control (NAC) is and what role NAP plays in that, but I would like to know what limitations and problems it has, that people wish they knew before they rolled it out. Secondly, I'd like to know if anyone has had success rolling it out in a mid-size (multi-city corporate network with around 15 servers, 200 desktops) environment with most (99%) Windows XP SP3 and newer Windows clients (Vista, and Win7). Did it work with your anti-virus? (I'm guessing NAP works well with the big name anti-virus products, but we're using Trend micro.). Let's assume that the servers are all Windows Server 2008 R2. Our VPNs are cisco stuff, and have their own NAC features. Has NAP actually benefitted your organization, and was it wise to roll it out, or is it yet another in the long list of things that Windows Server 2008 R2 does, but that if you do move your servers up to it, you're probably not going to want to use. In what particular ways might the built-in NAP solution be the best one, and in what particular ways might no solution at all (the status quo pre-NAP) or a third-party endpoint security or NAC solution be considered a better fit? I found an article where a panel of security experts in 2007 say NAC is maybe "not worth it". Are things better now in 2010 with Win Server 2008 R2?

    Read the article

  • Calculation of charged traffic in GPRS network

    - by TyBoer
    I am working with a distributed application communicating over GPRS. I use UDP packets to send business data and ICMP pings to verify connectivity. And now I have a problem with calculating a traffic for which I will be charged by the provider. I have to consider following factors: UDP payload: that is obvious. UDP overhead: UDP header + IP header = 8 + 20 bytes. ICMP echo request without data: IP header + ICMP payload = 28 bytes. ICMP echo reply: as in 3. Above means that for evey data packet I am charged for payload + 28 bytes and for every ping 56 bytes. Am I right or I am missing/misunderstanding something?

    Read the article

  • Social Network News Feed Database & Design

    - by pws5068
    I'm designing a News Feed system using PHP/MySQL similar to facebook's. I have asked a similar question before but now I've changed the design and I'm looking for feedback. Example Notifications: User_A commented on User_B's new album. "Hey man nice picture!" User_B added a new Photo to [his/her] profile. [show photo thumbnail] Initially, I implemented this using excessive columns for Obj1:Type1 | Obj2:Type2 | etc.. Now the design is set up using a couple special keywords, and actor/receiver relationships. My database is designed for efficiency - using a table of messages joined on a table containing userid,actionid,receiverid,receiverObjectTypeID, Here's a condensed version of what it will look like once joined: News_ID | User_ID | Message | Timestamp 2643 A %a commented on %o's new %r. SomeTimestamp 2644 B %a added a new %r to [his/her] profile. SomeTimestamp %a = the User_ID of the person doing the action %r = the receiving object %o = the owner of the receiving object (for example the owner of the album) (NULL if %r is a user) Questions: Is this a smart (efficient/scalable) way to move forward? How can I show messages like: "User_B added 4 new photos to his profile."?

    Read the article

  • Problem with a blocking network task

    - by user326967
    Hello everyone. I'm new in Java so please forgive any obscene errors that I may make :) I'm developing a program in Java that among other things it should also handle clients that will connect to a server. The server has 3 threads running, and I have created them in the following way : DaemonForUI du; DaemonForPort da; DaemonForCheck dc; da = new DaemonForPort(3); dc = new DaemonForCheck(5); du = new DaemonForUI(7); Thread t_port = new Thread(da); Thread t_check = new Thread(dc); Thread t_ui = new Thread(du); t_port.setName("v1.9--PORTd"); t_check.setName("v1.9-CHECKd"); t_ui.setName("v1.9----UId"); t_port.start(); t_check.start(); t_ui.start(); Each thread handles a different aspect of the complete program. The thread t_ui is responsible to accept asynchronous incoming connections from clients, process the sent data and send other data back to the client. When I remove all the commands from the previous piece of code that has to with the t_ui thread, everything runs ok which in my case means that the other threads are printing their debug messages. If I set the t_ui thread to run too, then the whole program blocks at the "accept" of the t_ui thread. After reading at online manuals I saw that the accepted connections should be non-blocking, therefore use something like that : public ServerSocketChannel ssc = null; ssc = ServerSocketChannel.open(); ssc.socket().bind(new InetSocketAddress(port)); ssc.configureBlocking(false); SocketChannel sc = ssc.accept(); if (sc == null) { ; } else { System.out.println("The server and client are connected!"); System.out.println("Incoming connection from: " + sc.socket().getRemoteSocketAddress()); in = new DataInputStream(new BufferedInputStream(sc.socket().getInputStream())); out = new DataOutputStream(new BufferedOutputStream(sc.socket().getOutputStream())); //other magic things take place after that point... The thread for t_ui is created as follows : class DaemonForUI implements Runnable{ private int cnt; private int rr; public ListenerForUI serverListener; public DaemonForUI(int rr){ cnt = 0; this.rr = rr; serverListener = new ListenerForUI(); } public static String getCurrentTime() { final String DATE_FORMAT_NOW = "yyyy-MM-dd HH:mm:ss"; Calendar cal = Calendar.getInstance(); SimpleDateFormat sdf = new SimpleDateFormat(DATE_FORMAT_NOW); return (sdf.format(cal.getTime())); } public void run() { while(true) { System.out.println(Thread.currentThread().getName() + "\t (" + cnt + ")\t (every " + rr + " sec) @ " + getCurrentTime()); try{ Thread.sleep(rr * 1000); cnt++; } catch (InterruptedException e){ e.printStackTrace(); } } } } Obviously, I'm doing something wrong at the creation of the socket or at the use of the thread. Do you know what is causing the problem? Every help would be greatly appreciated.

    Read the article

  • Neural Network: Handling unavailable inputs (missing or incomplete data)

    - by Mike
    Hopefully the last NN question you'll get from me this weekend, but here goes :) Is there a way to handle an input that you "don't always know"... so it doesn't affect the weightings somehow? Soo... if I ask someone if they are male or female and they would not like to answer, is there a way to disregard this input? Perhaps by placing it squarely in the centre? (assuming 1,0 inputs at 0.5?) Thanks

    Read the article

  • How to gain greater control of network packets on Android

    - by mauvehead
    I'm looking to design an application that will require some deep control over IP packets. Looking over the reference guide on the developers site at Android I see very limited control over packets from java.net:SocketOptions and java.net:DatagramPacket. Specifically I'm looking to control the individual bits within the packet to set TCP Flags, SYN/ACK/RST, and so forth. Based on the docs I am assuming I cannot do this within the Java API provided by Android and I'm guessing I'll have to do it some other way? Anyone have any insight on this?

    Read the article

  • C# Asynchronous Network IO and OutOfMemoryException

    - by The.Anti.9
    I'm working on a client/server application in C#, and I need to get Asynchronous sockets working so I can handle multiple connections at once. Technically it works the way it is now, but I get an OutOfMemoryException after about 3 minutes of running. MSDN says to use a WaitHandler to do WaitOne() after the socket.BeginAccept(), but it doesn't actually let me do that. When I try to do that in the code it says WaitHandler is an abstract class or interface, and I can't instantiate it. I thought maybe Id try a static reference, but it doesnt have teh WaitOne() method, just WaitAll() and WaitAny(). The main problem is that in the docs it doesn't give a full code snippet, so you can't actually see what their "wait handler" is coming from. its just a variable called allDone, which also has a Reset() method in the snippet, which a waithandler doesn't have. After digging around in their docs, I found some related thing about an AutoResetEvent in the Threading namespace. It has a WaitOne() and a Reset() method. So I tried that around the while(true) { ... socket.BeginAccept( ... ); ... }. Unfortunately this makes it only take one connection at a time. So I'm not really sure where to go. Here's my code: class ServerRunner { private Byte[] data = new Byte[2048]; private int size = 2048; private Socket server; static AutoResetEvent allDone = new AutoResetEvent(false); public ServerRunner() { server = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); IPEndPoint iep = new IPEndPoint(IPAddress.Any, 33333); server.Bind(iep); Console.WriteLine("Server initialized.."); } public void Run() { server.Listen(100); Console.WriteLine("Listening..."); while (true) { //allDone.Reset(); server.BeginAccept(new AsyncCallback(AcceptCon), server); //allDone.WaitOne(); } } void AcceptCon(IAsyncResult iar) { Socket oldserver = (Socket)iar.AsyncState; Socket client = oldserver.EndAccept(iar); Console.WriteLine(client.RemoteEndPoint.ToString() + " connected"); byte[] message = Encoding.ASCII.GetBytes("Welcome"); client.BeginSend(message, 0, message.Length, SocketFlags.None, new AsyncCallback(SendData), client); } void SendData(IAsyncResult iar) { Socket client = (Socket)iar.AsyncState; int sent = client.EndSend(iar); client.BeginReceive(data, 0, size, SocketFlags.None, new AsyncCallback(ReceiveData), client); } void ReceiveData(IAsyncResult iar) { Socket client = (Socket)iar.AsyncState; int recv = client.EndReceive(iar); if (recv == 0) { client.Close(); server.BeginAccept(new AsyncCallback(AcceptCon), server); return; } string receivedData = Encoding.ASCII.GetString(data, 0, recv); //process received data here byte[] message2 = Encoding.ASCII.GetBytes("reply"); client.BeginSend(message2, 0, message2.Length, SocketFlags.None, new AsyncCallback(SendData), client); } }

    Read the article

  • Neural Network Basics

    - by Stat Onetwothree
    I'm a computer science student and for this years project, I need to create and apply a Genetic Algorithm to something. I think Neural Networks would be a good thing to apply it to, but I'm having trouble understanding them. I fully understand the concepts but none of the websites out there really explain the following which is blocking my understanding: How the decision is made for how many nodes there are. What the nodes actually represent and do. What part the weights and bias actually play in classification. Could someone please shed some light on this for me? Also, I'd really appreciate it if you have any similar ideas for what I could apply a GA to. Thanks very much! :)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >