Search Results

Search found 13810 results on 553 pages for 'security roles'.

Page 132/553 | < Previous Page | 128 129 130 131 132 133 134 135 136 137 138 139 | Next Page >

What kinds of protections against viruses does Linux provide out of the box for the average user?

- by ChocoDeveloper

I know others have asked this, but I have other questions related to this. In particular, I'm concerned about the damage that the virus can do the user itself (his files), not the OS in general nor other users of the same machine. This question came to my mind because of that ransomware virus that is encrypting machines all over the world, and then asking the user to send a payment in Bitcoin if he wants to recover his files. I have already received and opened the email that is supposed to contain the virus, so I guess I didn't do that bad because nothing happened. But would I have survived if I opened the attachment and it was aimed at Linux users? I guess not. One of the advantages is that files are not executable by default right after downloading them. Is that just a bad default in Windows and could be fixed with a proper configuration? As a Linux user, I thought my machine was pretty secure by default, and I was even told that I shouldn't bother installing an antivirus. But I have read some people saying that the most important (or only?) difference is that Linux is just less popular, so almost no one writes viruses for it. Is that right? What else can I do to be safe from this kind of ransomware virus? Not automatically executing random files from unknown sources seems to be more than enough, but is it? I can't think of many other things a user can do to protect his own files (not the OS, not other users), because he has full permissions on them.

Read the article
Do proxies really provide anonymity?

- by Somebody still uses you MS-DOS

Do web proxies really provide anonymity? I mean, without someone asking for logs in a web proxy server for who/when connected, is it impossible to know who was behind that IP address? I'm asking this because I heard somewhere that some technologies (like "flash") bypass personal IP information for requests or something like that. (I'm a noob in server configuration and concepts like DNS and proxies. Thanks!)

Read the article
Windows: disable remote access of local drive, even by domain admin

- by Matt

We have a network of Windows 7 PCs that are managed as part of a domain. What we want is for the domain admin to be unable to view the PC's local drive (C:) unless he is physically at the PC. In other words, no remote desktop and no ability to use UNC. In other words, the domain admin should not be allowed to put \\user_pc\c$ in Windows Explorer and see all the files on that computer, unless he is physically present at the PC itself. Edit: to clarify some of the questions/comments that have come up. Yes, I am an admin---but a complete Windows novice. And yes, for the sake of this and my similar questions, it is fair to assume that I am working for someone who is paranoid. I understand the arguments about this being a "social problem versus a technical problem", and "you should be able to trust your admins", etc. But this is the situation in which I find myself. I'm basically new to Windows system administration, but am tasked with creating an environment that is secure by the company owner's definition---and this definition is clearly very different from what most people expect. In short, I understand that this is an unusual request. But I'm hoping there is enough expertise in the ServerFault community to point me in the right direction.

Read the article
Solr startup script problem

- by Camran

I have installed solr and it works finally... I have now problems setting it up to start automatically with a start command. I have followed a tutorial and created a file called solr in the /etc/init.d/solr dir... Here is that file: #!/bin/sh -e # SOLR auto-start # # description: auto-starts solr engine # processname: solr-production # pidfile: /var/run/solr-production.pid NAME="solr" PIDFILE="/var/run/solr-production.pid" LOG_FILE="/var/log/solr-production.log" SOLR_DIR="/etc/jetty" JAVA_OPTIONS="-Xmx1024m -DSTOP.PORT=8079 -DSTOP.KEY=stopkey -jar start.jar" JAVA="/usr/bin/java" start() { echo -n "Starting $NAME... " if [ -f $PIDFILE ]; then echo "is already running!" else cd $SOLR_DIR $JAVA $JAVA_OPTIONS 2> $LOG_FILE & sleep 2 echo `ps -ef | grep -v grep | grep java | awk '{print $2}'` > $PIDFILE echo "(Done)" fi return 0 } stop() { echo -n "Stopping $NAME... " if [ -f $PIDFILE ]; then cd $SOLR_DIR $JAVA $JAVA_OPTIONS --stop sleep 2 rm $PIDFILE echo "(Done)" else echo "can not stop, it is not running!" fi return 0 } case "$1" in start) start ;; stop) stop ;; restart) stop sleep 5 start ;; *) echo "Usage: $0 (start | stop | restart)" exit 1 ;; esac Whenever I do solr -start I get this error: "Error occurred during initialization of VM Could not reserve enough space for object heap" I think this is because of the file above... Also here is where I have solr installed: var/www/solr and here is the start.jar file located: var/www/start.jar Help me out if you know whats causing this. Thanks BTW: OS is ubuntu 9.10

Read the article
Basic IIS7 permissions question

- by Tom Gullen

We have a website, with a file: www.example.com/apis/httpapi.asp This file is used by the site internally to make requests joining two systems on the website together (one is Classic ASP, the other ASP.net). However, we do not want the public to be able to access the file. In IIS7.5, is there a setting I can do to make this file internal only? I've tried rewriting the URL for it but this rewrite is also applied internally so the scripts stop working as they fetch the rewritten url. Thanks for any help!

Read the article
SMTP hacked by spammer using base64 encoding to authenticate

- by Throlkim

Over the past day we've detected someone from China using our server to send spam email. It's very likely that he's using a weak username/password to access our SMTP server, but the problem is that he appears to be using base64 encoding to prevent us from finding out which account he's using. Here's an example from the maillog: May 5 05:52:15 195396-app3 smtp_auth: SMTP connect from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] May 5 05:52:15 195396-app3 smtp_auth: smtp_auth: SMTP user info : logged in from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] Is there any way to detect which account it is that he's using?

Read the article
Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

- by Howiecamp

I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

Read the article
How to ACTUALLY install Java on Linux?

- by Camran

I have a Ubuntu Server. From the terminal, how should I install JDK? In this guide it says to use this command: sudo apt-get install sun-java6-bin sun-java6-jre sun-java6-jdk But on Suns website, it says JDK includes the JRE, so why the JRE in the line above? Anybody know how to actually install Java? Every guide and every forum shows different ways of doing it. BTW: It is a VPS (virtual private server) Thanks

Read the article
Wifi Snooping over phone

- by pulsarjune

I connect to the wifi acccess-point at work, but recently I suspect that data on my phone is being snooped-out from my phone connected to my office's Wifi network. [Phone Model: Sony Ericsson Xperia Neo V, Android v2.3; Wifi accespoint: Belkin G] How can i check my suspicion? Or What are the ways i could get over them? (obviously i want to stay connected to the wifi n/w) Any thoughts on these points?

Read the article
PostgreSQL encrypted backups

- by Nikhil Gupte

Is it possible to ensure that dumps taken from a PostgreSQL db are always encrypted? The data in the database is highly sensitive and we cannot afford un-authorized personnel, including Sys Admins who need to backup the db, to access the actual data.

Read the article
hosts.deny not working

- by Captain Planet

Currently I am watching the live auth.log and someone is continuously trying the brute force attack for 10 hours. Its my local server so no need to worry but I want to test. I have installed denyhosts. There is already an entry for that IP address in hosts.deny. But still he is trying the attacks from same IP. System is not blocking that. Firstly I don't know how did that IP address get entered in that file. I didn't enter it, is there any other system script which can do that. hosts.deny is sshd: 120.195.108.22 sshd: 95.130.12.64 hosts.allow ALL:ALL sshd: ALL Is there any iptable setting that can override the host.deny file

Read the article
hosts.allow and hosts.deny WHM Host Access Control - what if my IP changes?

- by beingalex

I want to use WHM/Cpanel's Host Access Control interface to change some settings in hosts.allow and hosts.deny. I want to block all access to our SSH exept from the IP we have from our office. Daemon Access List Action Comment sshd ALL EXCEPT x.x.x.x deny Deny access from all other IPs apart from ours But I am worried about what happens if our IP changes, which it does about twice a week. How would I get back in to edit the hosts.allow / hosts.deny files?

Read the article
Benefits of separating operating system files from user files onto different partitions

- by Paul

I am in the process of hardening a CentOS box, and came across an article that suggested mounting these filesystems onto different partitions: /usr /home /var and /var/tmp /tmp I was wondering what exactly this accomplishes, in terms of securing the box?

Read the article
How to decide where to purchase a wildcard SSL certificate?

- by user664833

Recently I needed to purchase a wildcard SSL certificate (because I need to secure a number of subdomains), and when I first searched for where to buy one I was overwhelmed with the number of choices, marketing claims, and price range. I created a list to help me see passed the marketing gimmicks that the greater majority of the Certificate Authorities (CAs) plaster all over their sites. In the end my personal conclusion is that pretty much the only things that matter are the price and the pleasantness of the CA's website. Question: Besides price and a nice website, is there anything worthy of my consideration in deciding where to purchase a wildcard SSL certificate?

Read the article
Kernel Log "TCP: Treason uncloaked!"

- by hurikhan77

On one linux server (Gentoo hardened), we are experiencing bursts of the following messages in dmesg from time to time: TCP: Treason uncloaked! Peer xx.xx.xxx.xxx:65039/80 shrinks window 4094157295:4094160199. Repaired. Is there anything we should take care of or is this normal? Update: Maybe related, we are using net.ipv4.tcp_congestion_control = cubic. Kernel version is 2.6.28 with Gentoo hardening patches.

Read the article
Firewall Deep Inspection Updates and Antivirus Subscription, worth it?

- by msemack

I realize that this is a subjective question, but I'm trying to get some experiences We have Juniper firewalls in our organization (SSG-320M, SSG-5, and some old NS-5GT). We have the option of a yearly subscription for: Deep Inspection Signature Updates Juniper-Kaspersky Antivirus I seem similar services available from other Firewall vendors. We have Symantec Endpoint Protection deployed to all workstations and servers, plus a dedicated appliance for e-mail spam/virus filtering. So, I'm not sure what these firewall-base services will bring to the table that I don't already have. I would appreciate some feedback from people using these firewall services (Juniper or otherwise). Are these services generally worth it? Do they really catch anything? Do they interfere with normal traffic (false positives)?

Read the article
What are some good methods to improve personal password management?

- by danilo

I want to improve my personal password management. I usually use secure passwords, but overuse them for too many different places. My questions: What methods do you use to create passwords, e.g. for different online sites/logins? What methods do you use to remember those passwords? Memory? Pen&Paper? Software storage? Is there some good way to store my passwords somewhere, so I can always have access to them when I need them (e.g. a webbased solution on my own server) but at the same way keep them away from unwanted access? Edit: Someone on another site mentioned http://passwordmaker.org/. Have you had any good or bad experiences with that software?

Read the article
/etc/hosts.deny ignored in Ubuntu 14.04

- by Matt

I have Apache2 running on Ubuntu 14.04LTS. To begin securing network access to the machine, I want to start by blocking everything, then make specific allow statements for specific subnets to browse to sites hosted in Apache. The Ubuntu Server is installed with no packages selected during install, the only packages added after install are: apt-get update; apt-get install apache2, php5 (with additional php5-modules), openssh-server, mysql-client Following are my /etc/hosts.deny & /etc/hosts.allow settings: /etc/hosts.deny ALL:ALL /etc/hosts.allow has no allow entries at all. I would expect all network protocols to be denied. The symptom is that I can still web browse to sites hosted on the Apache web server even though there is a deny all statement in /etc/hosts.deny The system was rebooted after the deny entry was added. Why would /etc/hosts.deny with ALL:ALL be ignored and allow http browsing to sites hosted on the apache web server?

Read the article
Steps to make sure network is not blacklisted...Again

- by msindle

I have an interesting issue. I have a client that just got blacklisted due to spam being sent out over the last 2 days. I have my firewall configured to only allow mail to go outbound on port 25 from our mail server (Exchange 2010) exclusively and I have verified that there are no open relay's on our transport rules. We are running Vipre Business and after running deep scans with updated definitions all computers come back clean. I ran a message tracking report on our Exchange server that shows all mail sent via the mail server over the last couple of weeks and didn't see anything malicious or out of the ordinary. I have also verified that there are no home devices or rouge computers on the network. For all practical purposes it appears that the network is clean, but we still wound up on 5 or 6 blacklists...Where should I start looking next? Is there a "best practices" guide that can help eradicate this issue? Thanks in advance! msindle

Read the article
Preparing laptops for theft

- by ccook

With a number of laptops out there the likelihood of one being stolen is high. What methods, preferably free, can be used to secure the data on the computers? The laptops do not have any special hardware on them, and generally keep their user data in a dropbox folder. One small step taken is to have the the dropbox folder encrypted by Windows 7. Any additional suggestions are greatly appreciated. The data in the dropbox folder is sensitive.

Read the article
Lastpass VS Sxipper. which one is better at their thing?

- by Fellknight

Well, i've been using sxipper for some time now, but recently came across lastpass. I can't tell which one is more secure or has a better functionality, sxipper however seems easier to use.

Read the article
Could local ISP capture my location whenever i launch a VPN to a VPN server?

- by Ozgun Sunal

I am extremely concerned that my ISP collects any information once I am connected to a VPN server. For instance, as far as I know, when I start a connection to a HotSpotShield VPN server, an IP address is assigned to me just before a successful connection. Besides, I'll be having an extra IP address at the beginning with the TAP Adapter. An encryption tunnel is set up between me and the VPN server. Whenever my request for a website reaches them (VPN server), they decrypt the data and later they encrypt the reply which returns from the web (targeted) server. This works like that. So, the ISP can not see what I am watching, displaying and writing because the connection is encrypted. But, the targeted websites see and record all actions. Still, they can not identify my real IP address. I'm really concerned about if the ISP can see "my location". OK, it has an IP address from another country as my real IP address, but how does my ISP detect the traffic going through them? Can they find out who I am? Won't they say "Hey, there is a traffic but who is and what he is doing right now?", because I get the Internet from them?

Read the article
Windows 8.1 and fingerprint readers

- by Sevenate

Is there any build in UI for that kind of hardware like it exist in Modern UI for WiFi, Bluetooth, Broadband mobile and other common settings or I'm forced to use separate software (besides the obvious drivers for hardware)? The thing is that I have build-in fingerprint reader in my laptop and I have installed all necessary official drivers for it (and it looks like they are working fine, btw). But I did not find any UI settings where I could change Sign-in option from password/picture password/pin to fingerprint.

Read the article
Multiple *NIX Accounts with Identical UID

- by Tim

I am curious whether there is a standard expected behavior and whether it is considered bad practice when creating more than one account on Linux/Unix that have the same UID. I've done some testing on RHEL5 with this and it behaved as I expected, but I don't know if I'm tempting fate using this trick. As an example, let's say I have two accounts with the same IDs: a1:$1$4zIl1:5000:5000::/home/a1:/bin/bash a2:$1$bmh92:5000:5000::/home/a2:/bin/bash What this means is: I can log in to each account using its own password. Files I create will have the same UID. Tools such as "ls -l" will list the UID as the first entry in the file (a1 in this case). I avoid any permissions or ownership problems between the two accounts because they are really the same user. I get login auditing for each account, so I have better granularity into tracking what is happening on the system. So my questions are: Is this ability designed or is it just the way it happens to work? Is this going to be consistent across *nix variants? Is this accepted practice? Are there unintended consequences to this practice? Note, the idea here is to use this for system accounts and not normal user accounts.

Read the article
Account to read AD, join machine to domain, delete computer accounts and move computers to OUs

- by Ben

I want to create an account that will perform the following: Join computers to a domain (not restricted to 10, like a normal user) Check for computer accounts in AD Delete computers from AD Move computers between OUs I don't want to allow it to do anything else, so don't want a domain admin account. Can anyone guide me in the right direction in terms of permissions? Not sure if I should be using delegation of control wizard? Cheers, Ben

Read the article

< Previous Page | 128 129 130 131 132 133 134 135 136 137 138 139 | Next Page >