Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 140/523 | < Previous Page | 136 137 138 139 140 141 142 143 144 145 146 147  | Next Page >

• Hosting solution for sensitive client data

  - by Mark

  Hello, We are developing a web application that will deal with highly sensitive (financial) data of clients (audience is medium to large sized businesses). Clients will be under scrutiny from regulators & auditors and, as such, we will be too. More importantly to give clients a level of comfort our application and related hosting arrangement should instill a lot of confidence with them. We are looking into using a cloud based service like Linode, Amazon EC2, etc. To allow for maximum flexibility We are keen on putting everything on virtual servers and avoiding having to buy our own hardware. Does a cloud based service make sense for our particular scenario? If not what type of hosting should we consider? If so what should we look out for? Thanks!

  Read the article

• How to forbid postfix to send to external domains [closed]

  - by elhoim

  I have a local postfix server, and i want it to only relay emails to the only local domain (localdomain.be): myhostname = localdomain.be mydomain = localdomain.be alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $myhostname mydestination = $myhostname relay_domains = $mydomain default_transport = smtp relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/24 mailbox_size_limit = 64000000 message_size_limit = 1000000 recipient_delimiter = + inet_interfaces = all inet_protocols = all smtp_host_lookup = native This configuration works fine to allow relay mail locally and on external destination domains, but i would like it to be an impossibility to send to other domains (ie: gmail.com). relay_domains is supposed to ensure that but it does not seem to really filter since i can still send to my gmail address.

  Read the article

• What is the correct way to use Chef-server's 'validation key'?

  - by Socio

  It seems to me that the recommended way of adding clients to a chef server - or my understanding of it - is flawed. from the docs: When the chef-client runs, it checks if it has a client key. If the client key does not exist, it then attempts to "borrow" the validation client's identity to register itself with the server. In order to do that, the validation client's private key needs to be copied to the host and placed in /etc/chef/validation.pem. So the "validation key" is basically the superuser credential, allowing anyone who possesses it full access to the chef server? Am I reading this right? Surely the correct model would be for clients to generate their own keypair, and submit the public key to the chef server. Clients should never need access to this superuser "validation key". How can I do it in this, more secure, manner?

  Read the article

• What does the NTFS encryption protect against?

  - by Ray

  I have encrypted a folder from the (PropertiesAdvancedEncrypt contents to secure data). However when I change my user profile to another one which is also an administrator the folder seems to be accessible as if nothing happened. What exactly does this encryption protect against. I'm looking to encrypt folders that no other user, or another OS or even if the HDD were to be removed and plugged to another device will be accessible. My OS is Windows 7 Ultimate. Any suggestions?

  Read the article

• I found two usb sticks on the ground. Now what ?

  - by Stefano Borini

  As from subject. I want to see what's inside. I am seriously interested in finding the owner if possible and returning them, but I am worried it could be an attempt at social engineering. I own a macbook intel with OSX 10.6. It is a very important install. What would you do in my situation if you want to see the content without risks ? Any proposal welcome. Edit: I decided not to plug them in, and I brought them to the hotel reception. They will forward it to the police.

  Read the article

• How I can view and block specific applications temporarily from accessing Internet?

  - by Curious Apprentice

  I don't want to block any application permanently from accessing internet. I just want to block some specific applications for a particular time period to gain speed in running some other. I know about one such great tool - that is "Comodo firewall". It can smoothly block and accurately display apps accessing internet. The only problem of installing this is, Windows recommends only one firewall apps and as Im running Windows 7 x64 Ultimate there will be complications if I install this one. I need a tool which can accurately display which apps are accessing internet (through which port) and how much data they are receiving or sending. I also need some arrangement within the app so that I can easily temporarily block that app from accessing internet.

  Read the article

• Avast not taking any action when opening a virus.

  - by ULTRA_POROV

  I just did a test with the EICAR test virus. I downloaded the file eicar.com Avast was on. If i scan the file it finds it. However if i open it no action is taken. Just nothing. nothing happens i can open it as many times as i want. This is very worrying. The new avast is starting to be a pain. I miss the old one.

  Read the article

• What prevents an attack on Postfix through its named pipes?

  - by Met?Ed

  What prevents an attack on Postfix through its named pipes by writing bogus data to them? I see on my system that they permit write access to other. I wonder if that opens Postfix to DoS or some other form of attack. prw--w--w- 1 postfix postdrop 0 Nov 28 21:13 /var/spool/postfix/public/pickup prw--w--w- 1 postfix postdrop 0 Nov 28 21:13 /var/spool/postfix/public/qmgr I reviewed the pickup(8) man page, and searched here and elsewhere, but failed to turn up any answers.

  Read the article

• How to wipe free disk space in Linux?

  - by Alex B

  When a file is deleted, its contents may still be left in the filesystem, unless explicitly overwritten with something else. "wipe" can securely erase files, but does not seem to allow erasing free disk space not used by any files. What should I use to achieve this?

  Read the article

• OpeVPN log connecting client IPs

  - by TossUser

  I looking for the best solution to log all connecting client's ip to either a text file or a database who logs into my VPN server. Under the IP I mean the public WAN IP on the internet where they are connecting from. A hack could definitely be to make the openvpn server log to a separate logfile and run logtail periodically to extract the necessary information. So the database I want to build would look like: Client_Name | Client_IP | Connection_date roadwarr1 | 72.84.99.11 | 03/04/14 - 22:44:00 Sat Please don't recommend me to use the commercial Openvpn Access Server. That's not a real solution here. If the disconnection date could be determined that would be even better so I could see how long a client was connected and from where! Thank you

  Read the article

• Cloud storage services offering one-time download links? [closed]

  - by TARehman

  Is anyone aware of consumer-targeted cloud storage services that allow users to generate a one-time download link for hosted files? Case in point: I have an encrypted container with some documents I need to send to a vendor. I would prefer to give them a one-time download link, so that I know when they have accessed the file, and then inform them of the passphrase by phone. I have heard that MediaFire offers 1-time links, but that they are buried in tons of advertising. At the moment, I'm not sure that I consider MediaFire fully legitimate; I'm more interested in solutions with Google Drive, Box.net, DropBox, etc.

  Read the article

• Mac on My Router?

  - by Yar

  There is a computer that is not mine that is accessible on my network. I can even access its filesystem via AFP. What I want to know is how the computer could get on my network. My network is secured like this: Does that mean that they've used password cracking tools? The pass is not easy to guess but not hard to figure out via brute-force hacking, I guess. If I am being hacked, should I switch to WPA?

  Read the article

• How to specify Multiple Secure Webpages with .htaccess RewriteCond

  - by Patrick Ndille

  I have 3 pages that I want to make secure on my website using .htaccess -login.php -checkout.php -account.php I know how to make just one work page at a time using .htaccess RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} /login.php RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] I and trying to figure out how to include the other 2 specific pages to make them also secure and used the expression below but it didn't work RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} /login.php RewriteCond %{REQUEST_URI} /checkout.php RewriteCond %{REQUEST_URI} /account.php RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] Can someone help me the right expression that will work with multiple pages? The second part of the code is that, if https is already on and a user move to a page that Is not any of the pages i specified about, I want that it should get back to http. how should I write the statement for it to redirect back to http if its not any of the pages above? I have my statement like this but its not working RewriteCond %{HTTPS} on RewriteRule !(checkout|login|account|payment)\.php http://%{HTTP_HOST}%{REQUEST_URI} [L,R] Any thoughts?

  Read the article

• a safer no password sudo?

  - by Stacia

  Ok, here's my problem - Please don't yell at me for being insecure! :) This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

  Read the article

• Secure IIS/MS-SQL.

  - by user30850

  I have Windows Server 2008, with IIS 7.5 and SQL Server 2008. I want to install DotNetNuke which is an ASP.NET application. What are the necessary precautions to not to get pwn3d.

  Read the article

• Which ports to open for Microsoft SQL Server?

  - by dnolan

  Having searched the internet a few times on the best way to open up SQL Server connectivity through windows firewall i've yet to find a best way of doing it. Does anyone have a guaranteed way of finding which ports SQL is running on so you can open them in windows firewall?

  Read the article

• How can I ensure an ex-administrator of Exchange doesn't still have email access somewhere?

  - by Tony T

  I work for a company in which an ex-employee had administrative access to Microsoft Exchange 2007, and I understand that at some points this person had email which was sent to other employees also forwarded on to him. Upon taking over the administration of the server, of course all of his known accounts were closed, and any of those forwarding rules were removed. However, I would like to ensure that we didn't miss anything. What would be the best way to ensure that: (1) There isn't still some sort-of email being forwarded on to him somewhere? (2) That he doesn't have some sort-of other access to an inbox or another employee's email? I am less concerned about access to the box itself as I am that there is an existing email rule somewhere that is still getting run, or that there is a distribution list that we missed, etc.

  Read the article

• Why does IE store dialog-box-passwords persistently but Firefox doesn't and how do you delete them?

  - by Lynx

  If you authenticate on a site using the popup dialog style of login in IE, even if you have the highest level of privacy set in IE, the passwords persist from one session to the next. This does not seem to be true in Firefox. Is there a way to delete those passwords in IE?

  Read the article

• Best cloud based IT Systems management services out there?

  - by Ryk

  Our startup organisation is growing fast in 2 different office locations. That brings new challenges and headaches. Our entire company is cloud based, and I am looking for a good product to manage our remote systems. Currently we do not have on-site AD servers, we are using the Windows Azure AD services, so cannot rely on group policies at this stage. I would like to be able to achieve the following: (they are all laptops) Remote Desktop Support Patch management Lock down software on machines (restrict them) Monitor and manage systems Other benefits would be good, but if I can achieve the ones listed above, it will go a long way. We have a combination of Windows 7 pro & Windows 8 & 8.1 machines. I am currently using Windows Intune, but it is really limited. Really just a glorified patch enforcer. Thank you in advance to your help.

  Read the article

• need help setting up a VPN for remote computer connection

  - by Chowdan

  I am on a low budget right now. I am currently in the process of starting a computer company. I am in need of a VPN network so I can run Dameware tools for working on customers/partners computers remotely. I will be working with Windows and some Apple and linux machines. I have desktop with an AMD Phenom II 965BE(currently running stable at 3.8Ghz) processor with 8 GB of ram and a radeon hd 6870(i know graphics aren't too useful) and about 1.5TB of HDD space. I am attempting to create a network out of my office based all on one machine that would also be secure for me to remotely connect to my partners computers so when they have issues I would be able to connect and do the diagnosing and repairs remotely. What types of servers besides a VPN server would i need to create this? I have access to all Microsoft products so I can run Windows Server 2012, Windows Server 2008 R2, or any other Microsoft Software. thanks for the help all

  Read the article

• putty 0.61 : why do I see "Access Denied" message after I enter my login id?

  - by anjanbacchu

  I use putty to login to my RHEL 5.3 server. I'm prompted to enter my login as "login as " and I enter my login Id. as soon as I press ENTER, I see a "Access Denied" message following which I'm prompted with password. I successfully enter password and I'm through -- no problems. I tried the same with putty 0.60(as opposed to above putty 0.61) but in this version, I don't get any "access denied" error. What should I make of this ? Is putty 0.61 version buggy ? P.S : If I login using ssh.exe(from cygwin), then I'm fine -- I don't get any "access denied" errors. Thank you,

  Read the article

• How do I prevent my swf files being hotlinked, downloaded etc.

  - by undefined

  I have swf files that are embedded in a PHP page using SWFObject. These swf files are in the same directory as my PHP files. for example www.myurl.com/index.php embeds www.myurl.com/flashfile.swf, index.php and flashfile.swf are in the same directory. However I want to prevent people from being able to type in www.myurl.com/flashfile.swf and viewing the swf. I want the browser to deny access to this file unless it has been embedded by the PHP file. Should I move my swfs to another folder and protect this folder somehow - is this with the .htaccess file? I am running Apache on a linux machine. While my main concern is for swf files I would like to protect graphics used on the site too. all help appreciated thanks

  Read the article

• Can a laptop be compromised through WiFi if the machine never connects to a hotspot?

  - by MousePad

  For instance, you're laptop's wifi card is on, but you've deliberately not connected to any hot spots. Is there anyway it can be hacked while sitting there, and not connected?

  Read the article

• How can I avoid logging file not founds commonly caused by vulnerability scanners?

  - by agweber

  My apache logs are pretty much full of 'admin.php' not found or unable to stat and similar statements for wp-login.php, default.php, and so on that are often sought after by vulnerability scanners. Can I configure apache to avoid logging these statements for certain files? I don't want to filter out all file not founds as I'd like to fix bad links that I may have put out over the years that no longer correspond to the same files. I can use a tool like fail2ban or denyhosts, but from previous experiences it comes from so many places that those errors are still going to pile up, and the reducing those error messages are what this question is asking about.

  Read the article

• Netgear routers don't allow you to disable wireless admin??

  - by MousePad

  I just bought a new router, the NetGear WGR614. Nowhere in the settings can you disable the ability to administrate the router from a wireless connection, which opens it up to brute force attacks from outside the building. Furthermore, it doesn't require a direct connection to the router to admin either, you can admin it while you're connected to the Internet. This means it opens itself to the possibility of an attack from within the network. This is unbelievable to me. What am I missing? Can this be possible?

  Read the article

< Previous Page | 136 137 138 139 140 141 142 143 144 145 146 147  | Next Page >