Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

Page 98/163 | < Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105 | Next Page >

AFP / Apple Filling Protocol aka Netatalk access over Internet

- by PJJ

I got a simple cloud server and thought it would be nice to have mac native afp Volumes accesss. Installed Netatalk and this seems to work pretty nice. No sensitive data or something but I don't like to wake up someday and have my www docs rm-rfed by some kid h4x0r. Q1: Is afp encrypted? Q2: How can I make it (semi)secure? Q3: Does VPN makes sense for this? Q4: What would you do to get afp working over net? Opening any service meant for Lan only is a basic flaw, i know - but me be ignorant about it. According to Apple Dev only the authentication is encrypted or am I mssing something?

Read the article
Protecting Windows SMTP service against the spam

- by MainMa

Hi, I'm trying to use a Windows SMTP service on Windows Server 2008, but I can't understand how to secure it. Basically, if I open firewall for local network IPs only for %windir%\system32\inetsrv\inetinfo.exe and keep Connection and Relay settings of SMTP Virtual Server to "All except the list below" (with an empty list), a few minutes later I see spam appearing in Queue directory. (Why? Isn't firewall intended to block this?) Now, if I set Connection or Relay to "Only the list below", specifying the range of local IPs, I can't use the SMTP server nevermore (a "Unable to read data from the transport connection: net_io_connectionclosed." exception is thrown). So what is the way to get rid of spam from internet but let send mails from local network?

Read the article
how to connect public web server to internal LAN

- by DefSol

I have a VPS which is my public web server for all my clients. It's running server 2008 and I would like to have it connect via secure connection to my internal LAN. I would like this to be a route so access is bi-derectional. Have read about Server & Domain isolation, but am concerned this may prevent public views to the webs sites on the server. I currently have a PPTP tunnel, but I'm wanting better security (IPSec or SSL etc) and it's not given my bi derectional access. (In fact my backups aren't copying accross but this could be an acl issue) The goal is to provide easy/automated backups of data & sql db's to my internal LAN, as well as a means to provision new sites & db's from a workflow occuring internally. Internal lan is windows based with ISA 2006 at the perimeter. Thanks

Read the article
Windows service running under network credentials doesn't autostart

- by David Alpert

I have a Subversion Server running as a resident service on a Windows XP Pro machine. That service needs to access a secure network fileshare, so I used the Services-Properties-Log On tab to tell the service to run as a user who has access to the target fileshare. That works out fine until the machine restarts, when the service fails to autostart. I am able to start it manually by logging in, going back to that Services-Properties-Log On tab and reconfiming the explicit credentials. Do I have to manually start this service under alternate credentials every time the machine reboots? Is there something else I can do to make sure that my Subversion server service autostarts with proper access to authenticate against this network share?

Read the article
SSH tunnel & Rsync thru two proxy/firewalls

- by cajwine

Screnario: [internal_server_1]AA------AB[firewall_1]AC----+ 10.2.0.3-^ ^-10.2.0.2 | internet 10.3.0.3-v v-10.3.0.2 | [internal_server_2]BA------BB[firewall_2]BC----+ Ports AC,BC has valid internet addresses. All systems run linux and have root acces to all. Need securely rsync internal_server_1:/some/path into internal_server_2:/another/path My idea is make ssh secure tunnel between two firewalls, e.g. from firewall_1 firewall1# ssh -N -p 22 -c 3des user2@firewall_2.example.com -L xxx/10.3.0.3/xxxx and after will run rsync from internal_server_1 somewhat like: intenal1# rsync -az /some/path [email protected]:/another/path I don't know how to make a correct ssh tunnel for rsync (what ports need tunnel) and to where i will make the rsync? (remote comp address in case of ssh tunnel) Any idea or pointer to helpfull internet resource for this case? thanx.

Read the article
Protecting PHP packages on server

- by Jack

Hi, I am a php developer and have recently decided to make one of my Magento extensions commercial. I have downloaded and configured MageParts CEM Server and that is all working perfectly in regard to licencing and delivery of module packages. The only issue is that the directory that the packages are stored in could be accessed by anyone. I tried this in a .htaccess file, but now it is not working. <Files services.wsdl> allow from all </Files> deny from all Clients are receiving a 403 Forbidden response. Have I done something wrong in the .htaccess file or would there be a better way to secure the directory? Any help would be greatly appreciated.

Read the article
Jail Linux user to directory for FTP login

- by Greg

I'm planning on using vsftpd to act as a secure ftp server, but I am having difficulty controlling the linux users that will be used as ftp logins. The users are required to be "jailed" into a specific directory (and subdirectories) and have full read/write access. Requirements: - User account "admin_ftp" should be jailed to /var/www directory. - Other accounts will be added as needed, for each site... e.g: - User account "picturegallery_ftp" should be jailed to /var/www/picturegallery.com directory. I have tried the following, but to no avail: # Group to store all ftp accounts in. groupadd ftp_accounts # Group for single user, with the same name as the username. groupadd admin_ftp useradd -g admin_ftp -G ftp_accounts admin_ftp chgrp -R ftp_accounts /var/www chmod -R g+w /var/www When I log into FTP using account admin_ftp, I am given the error message: 500 OOPS: cannot change directory:/home/admin_ftp But didn't I specify the home directory? Extra internets for a guide how to do this specifically for vsftpd :)

Read the article
sSMTP Configuration Question

- by SevenCentral

I've installed sSMTP on Ubuntu 10.04 via: sudo apt-get install ssmtp My configuration file is: # # Config file for sSMTP sendmail # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. [email protected] # The place where the mail goes. The actual machine name is required no # MX records are consulted. Commonly mailhosts are named mail.domain.com mailhub=smtp.gmail.com:587 # Where will the mail seem to come from? #rewriteDomain= # The full hostname hostname=somedomain.com # Are users allowed to set their own From: address? # YES - Allow the user to specify their own From: address # NO - Use the system generated From: address #FromLineOverride=YES [email protected] authpass=**** usestarttls=yes Am I transmitting my credentials in clear text? Is calling ssmtp a secure operation? Thanks.

Read the article
Create and use intermediate certificate authority on Windows Server 2012?

- by Sid

Background: Server OS is Windows Server 2012. GUI is installed as we come upto speed with powershell. Setup is staging, not production (yet). We have our (internal, domain limited) Root CA installed. I would like to take the Root CA offline to secure storage but before that I'd like to setup an intermediate CA which can take over actual live, online (int-RA-net) functionality Can someone guide me covering: creating the intermediate CA certificate request installing the intermediate CA certificate on domain controller (certification authority role already installed with Root CA online right now) use the intermediate CA to generate a certificate (any use certificate, just for demonstration purposes) Obviously this certification chain would be invalid on computers outside our domain (self trusted root - our root certificate is NOT from common 3rd parties). This last point is NOT a problem.

Read the article
How to route traffic through a specific SOCKS proxy on a per-app basis?

- by GJ.

I'm running a certain desktop app (actually via AIR if it makes any difference) which doesn't have any built-in proxy configuration settings. I need to get all traffic just from this app directed through a secure SOCKS proxy. This implies I can't use the global network preferences, as these would affect many other apps. Is there any way to force all network communication through a given SOCKS proxy on a per-app basis? It would also be helpful to know if there's a way to perform such routing globally, based on specific IP addresses (as this could allow for some reasonable workaround).

Read the article
Installing httpssl module on a running NGINX server

- by Rob

Hi, New to NGINX, we inherited a project that runs Django/FCGI/NGINX on a hosted RHEL box. A requirement has come in that the site now needs to have ssl enabled. Client was pretty sure the person who had built the site had made it so they could use ssl. I backed up the conf file, added the server block for the ssl instance and tried to reload. Reload failed because it didn't recognize the ssl in this line: ssl on; Not an NGINX expert, but the David Caruso in me tells me that the server (sunglasses on) is not secure. I know that you need to configure NGINX at install with this module. If this didn't happen, how hard/risky is it to reconfigure a running nginx box with this module given that we didn't configure it in the first place.

Read the article
What are some good methods to improve personal password management?

- by danilo

I want to improve my personal password management. I usually use secure passwords, but overuse them for too many different places. My questions: What methods do you use to create passwords, e.g. for different online sites/logins? What methods do you use to remember those passwords? Memory? Pen&Paper? Software storage? Is there some good way to store my passwords somewhere, so I can always have access to them when I need them (e.g. a webbased solution on my own server) but at the same way keep them away from unwanted access? Edit: Someone on another site mentioned http://passwordmaker.org/. Have you had any good or bad experiences with that software?

Read the article
Allow users to view Word documents only and not be able to edit, copy or save them.

- by Alexander

Hello In a traditional Windows Server 2003 environment with AD, we have shared a folder for our policy documents (MS Word). These documents get edited/updated now and then by the administrator(principal of college). Users only have read-only access to the folder, but they can still save-as and then change the content. Sharepoint is a possible solution but not easy to implement. We also thought of using a CMS on Linux and installing Joomla to let users only view the docs with a document management system... but is it possible to automatically retrieve the policy folder on the network and convert or put it in a format that users can only view and not copy? We also thought of saving the docs to secure pdf format but the principal wants an automated system. Basically she just wants to work in Word and the policies must be available to staff members on the network. Any ideas? Much appreciated.

Read the article
squid transparent proxy on all ports

- by Yves Richard

I have setup squid as a transparent proxy by redirecting port 80 to the native squid port 3128. I know there are issues with getting secure ports like ssl and imaps to go though the proxy but can I redirect all other ports through the proxy as well. I am trying to get a better idea of bandwidth usage. I have setup iptables to log usage and i am getting most traffic going into the related/established rule. I am trying to determine the origins of this traffic by sending traffic to squid for more detailed logging.

Read the article
Dovecot and StartSSL problems with issuer

- by knoim

I am using dovecot (1) and trying to get my StartSSL certificate running. ssl_key_file points to my private key I tried pointing ssl_cert_file to my public key, with and without using the class1 certificate from http://www.startssl.com/certs/sub.class1.server.ca.pem as ssl_ca_file aswell as combing them with cat publickey sub.class1.server.ca.pem chained My mail client keeps telling me the certificate has no issuer, but doing openssl x509 on my public certificate tells me it is C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA My option for the CSR were: openssl req -new -newkey rsa:4096 -nodes Dovecot's log doesn't mention any problems. EDIT: Doesn't seem to be a problem with dovecot. I am having the same problem with postfix. openssl verify gives me the same error.

Read the article
Book recommendation for learning server management and Apache

- by japancheese

Hello, I'm currently managing a site that I feel could be optimized and utilized to be much faster, however, I'm having difficulty finding reliable information to do it. I find the Apache documentation to be a hard read, and too technical about things I don't have a strong grasp on. I'm just looking for a good beginner/intermediate book about server administration to learn as much as possible about Apache, as well as how to create a nice secure, robust server that doesn't crash at the first hint of unusual traffic surges. Thanks to anyone who can point me in the right direction.

Read the article
How to decide where to purchase a wildcard SSL certificate?

- by user664833

Recently I needed to purchase a wildcard SSL certificate (because I need to secure a number of subdomains), and when I first searched for where to buy one I was overwhelmed with the number of choices, marketing claims, and price range. I created a list to help me see passed the marketing gimmicks that the greater majority of the Certificate Authorities (CAs) plaster all over their sites. In the end my personal conclusion is that pretty much the only things that matter are the price and the pleasantness of the CA's website. Question: Besides price and a nice website, is there anything worthy of my consideration in deciding where to purchase a wildcard SSL certificate?

Read the article
Why am I getting a new session ID on every page fetch in my Perl WWW::Mechanize script?

- by Phill Pafford

So I'm scraping a site that I have access to via HTTPS, I can login and start the process but each time I hit a new page (URL) the cookie Session Id changes. How do I keep the logged in Cookie Session Id? #!/usr/bin/perl -w use strict; use warnings; use WWW::Mechanize; use HTTP::Cookies; use LWP::Debug qw(+); use HTTP::Request; use LWP::UserAgent; use HTTP::Request::Common; my $un = 'username'; my $pw = 'password'; my $url = 'https://subdomain.url.com/index.do'; my $agent = WWW::Mechanize->new(cookie_jar => {}, autocheck => 0); $agent->{onerror}=\&WWW::Mechanize::_warn; $agent->agent('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100407 Ubuntu/9.10 (karmic) Firefox/3.6.3'); $agent->get($url); $agent->form_name('form'); $agent->field(username => $un); $agent->field(password => $pw); $agent->click("Log In"); print "After Login Cookie: "; print $agent->cookie_jar->as_string(); print "\n\n"; my $searchURL='https://subdomain.url.com/search.do'; $agent->get($searchURL); print "After Search Cookie: "; print $agent->cookie_jar->as_string(); print "\n"; The output: After Login Cookie: Set-Cookie3: JSESSIONID=367C6D; path="/thepath"; domain=subdomina.url.com; path_spec; secure; discard; version=0 After Search Cookie: Set-Cookie3: JSESSIONID=855402; path="/thepath"; domain=subdomain.com.com; path_spec; secure; discard; version=0 Also I think the site requires a CERT (Well in the browser it does), would this be the correct way to add it? $ENV{HTTPS_CERT_FILE} = 'SUBDOMAIN.URL.COM'; ## Insert this after the use HTTP::Request... Also for the CERT In using the first option in this list, is this correct? X.509 Certificate (PEM) X.509 Certificate with chain (PEM) X.509 Certificate (DER) X.509 Certificate (PKCS#7) X.509 Certificate with chain (PKCS#7)

Read the article
Which is better for multi-use auth, MySQL, PostgreSQL, or LDAP?

- by Fearless

I want to set up an Oracle Linux 6 server that gives users secure IMAP email (with dovecot), Jabber IM, FTP (with vsftpd), and calDav. However, I want each user logon to be able to authenticate all services (e.g. Joe Smith signs up once for a username and password that he can use for email, ftp, and his calendar). My question is, which database service will be best suited for that application? Also, is there a way to link the database with the preexisting server shell logins (e.g. so I can read the root account's LogCheck emails on a different device)?

Read the article
Multiple email accounts from the same server in Emacs Gnus

- by docgnome

I'm trying to set up Gnus to use both my gmail accounts but I can only ever get one at a time to show up in the list of folders. (setq gnus-select-method '(nnimap "[email protected]" (nnimap-address "secure.emailsrvr.com") (nnimap-server-port 993) (nnimap-stream ssl))) (setq gnus-secondary-select-methods '((nnimap "[email protected]" (nnimap-address "imap.gmail.com") (nnimap-server-port 993) (nnimap-stream ssl)) (nnimap "[email protected]" (nnimap-address "imap.gmail.com") (nnimap-server-port 993) (nnimap-stream ssl)))) That is the relevant portions of my .gnus file. It prompts me for three username passwords on startup. After I enter all three, I can access my work account and the gmail account that I enter the creds for second. This is really annoying! Any ideas?

Read the article
I seek a PDF paginator

- by Cameron Laird

More precisely, I need software that will allow me to consume existing PDF instances, decorate them with page numbers, or page-number-like writing, then write them back to the filesystem. I'll happily pay for an application, or program it myself. I almost certainly require the software run under Linux (Ubuntu, more specifically). iText comes close. iText certainly can read existing PDF instances. While iText is, for this purpose, only a library, and requires me to program a tiny amount to specify where on the page the numbers should appear, I'm happy to do that. I hesitate with iText only because the latest iText license is a headache at certain government agencies (in practice, I'd probably request and pay for a special license), and because, over the last few years, I've observed cases where iText doesn't appear to keep up with the standard, that is, it has more troubles than I expect reading PDFs observed "in the wild". Similarly, every other possibility I know has at least one difficulty: ReportLab would likely require a disproportionate licensing fee for the small value it provides in this situation, and so on. This application requires no particular sophistication with Unicode, fonts, ... I recognize there are plenty of executables and libraries that do some or all of what I require. I welcome any tips on software that is reliable, generally current with PDF practice, flexible/programmable/configurable/..., and "automatable". In the absence of any new insight, I'll likely go with a specific open-source library I don't want to mention now for which I've already contracted enhancements, or perhaps revisit iText.

Read the article
BIOS root kit? Or, how do I fresh install a clean BIOS?

- by Leopold_Bloom

So I was installing questionable operating system onto my EEE pc and it required me to downgrade the BIOS which I really am not an expert at. I used a patch and it appeared to work. Now, I'm paranoid about the downgrade because, honestly, I have no idea where the code came from or what could be in it. My question, then, is it possible to "start over" completely fresh with my BIOS? As in wipe out the possibly malicious BIOS and go back to the manufacturer-provided one? Has anyone done something similar to this? I just want to install Ubuntu Netbook Remix to the EEE pc 1000 but I want to make sure the BIOS are secure. Any advice would help tremendously, or am I just being uber paranoid? BIOS are definitely not my strength.

Read the article
sonicwall nsa 240

- by Adam

Hi We are looking into putting a hardware firewall into a data center to protect our rack of servers. We are using the servers for terminal services and we have 2 x 1GB connections to the Internet. We have about 50 servers supporting about 250 users which will grow very soon to 500 users. We plan to purchase 2 hardware firewalls to provide HA. Do you think the Sonicwall NSA 240 with Total Secure is a good match for this in terms of performance and protection (from spyware, virus etc?) or is there a better purchase? (Maybe a Watchguard X5 or X8?)

Read the article
Intermediate SSL Certificates on Azure Websites

- by amhed

I have successfully configured an Extended-Validation Certificate on an Azure Website following this article: http://www.windowsazure.com/en-us/documentation/articles/web-sites-configure-ssl-certificate/ The main (non-technical) stakeholder of the web application went through great lengths to validate that our site is secure. He went to this site to check the validity of our SSL: http://www.whynopadlock.com/ The site throw the following error: `SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details: ERROR: no certificate subject alternative name matches`` The certificate is installed using IP Based SSL instead of SNI. This is done this way because some site visitors still use Internet Explorer 8 on Windows XP, which has no support for SNI and throws a security warning. Is my certificate correclty installed? I received three .CRT files from my SSL provider: PrimaryIntermediate.crt SecondaryIntermediate.crt EndCertificate.crt This is how I exported our certificate as a .PFX file to Azure: openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt

Read the article
veriSign SSL Cert for subdomain

- by Asghar

I have purchase SSL for secure Site from Verisign. I have configured it and its working properly on https://www.example.com . I have subdomain app.example.com . i need to work SSL on this domain also. I have 2 Questions. 1- Will same SSL will work for the subdomain too? [My SSL is not wildcard SSL] 2- If it will not work. then how can i change the same SSL that it should only work on app.example.com. i mean is there any way to change purchased SSL for subdomain. and How can i do this. https://www.example.com and http://app.example.com point to the same IP address xxx.xxx.xxx.xxx

Read the article

< Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105 | Next Page >