Search Results

Search found 25324 results on 1013 pages for 'folder security'.

Page 158/1013 | < Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >

• Microsoft Ergonomic Keyboards With Card Readers?

  - by Steve

  When I started working at my current job I developed tendinitis in my wrists. Luckily that cleared up when I started using a Microsoft ergonomic keyboard. The problem is that where I work is moving to more security. We will need to stick a card into a slot to log into our PCs. They bought a bunch of new keyboards with these slots built in. All regular keyboards. Is there something like the Microsoft Ergonomic keyboard that comes with such a card slot? Thanks.

  Read the article

• Securing RDP access to Windows Server 2008 R2: is Network Level Authentication enough?

  - by jamesfm

  I am a dev with little admin expertise, administering a single dedicated web server remotely. A recent independent security audit of our site recommended that "RDP is not exposed to the Internet and that a robust management solution such as a VPN is considered for remote access. When used, RDP should be configured for Server Authentication to ensure that clients cannot be subjected to man-in-the-middle attacks." Having read around a bit, it seems like Network Level Authentication is a Good Thing so I have enabled the "Allow connections only from Remote Desktop with NLA" option on the server today. Is this acion enough to mitigate the risk of a Man-in-the-Middle attack? Or are there other essential steps I should be taking? If VPN is essential, how do I go about it?

  Read the article

• Why does mod_security require an ACCEPT HTTP header field?

  - by ripper234

  After some debugging, I found that the core ruleset of mod_security blocks requests that don't have the (optional!) ACCEPT header field. This is what I find in the logs: ModSecurity: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] ModSecurity: Access denied with code 400 (phase 2). Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/apache2/conf.d/modsecurity/optional_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"] [hostname "example.com"] [uri "/"] [unique_id "T4F5@H8AAQEAAFU6aPEAAAAL"] Why is this header required? I understand that "most" clients send these, but why is their absence considered a security threat?

  Read the article

• Finding how a hacked server was hacked

  - by sixtyfootersdude

  I was just browsing through the site and found this question: My server's been hacked EMERGENCY. Basically the question says: My server has been hacked. What should I do? The best answer is excellent but it raised some questions in my mind. One of the steps suggested is to: Examine the 'attacked' systems to understand how the attacks succeeded in compromising your security. Make every effort to find out where the attacks "came from", so that you understand what problems you have and need to address to make your system safe in the future. I have done no system admin work so I have no idea how I would start doing this. What would be the first step? I know that you could look in the server log files but as an attacker the first thing that I would do would be errasing the log files. How would you "understand" how the attacks succeeded?

  Read the article

• .htaccess redirect - Is it secure?

  - by thecrandallster

  This works; I'm not having trouble, but I want to be certain that this is bulletproof. I came up with a neat little .htaccess redirect, but I am not sure if it is secure; do you know? <IfModule mod_rewrite.c     RewriteEngine On     RewriteRule ^goto/([a-z]+)/?$ /$1/ [R] </IfModule I think as long as the server is configured correctly and the files handle authentication autonomously, then it shouldn't be a security issue. Also, being that the rewrite rule only works with characters a-z and one slash I doubt they could jump around directories by injecting stuff into the URL I think...

  Read the article

• McAfee VirusScan Enterprise or avast! Free?

  - by Pieter

  I currently have McAfee VirusScan Enterprise on my computer. This was preinstalled on my PC. (My university did a bulk laptop purchase so I got a sweet deal on my laptop. McAfee was one of the extras that were included.) Apparently, it's getting bad ratings from sites such as Virus Bulletin and AV-Test. Am I better off with avast's free antivirus? Is it worth considering avast! Internet Security? I currently have a three-year license for VirusScan Enterprise. I keep my software up to date using Secunia PSI and I don't click on any suspicious links.

  Read the article

• I just got a linode VPS a week ago and I've been flagged for SSH scanning...

  - by meder

  I got a 32-bit Debian VPS from http://linode.com and I really haven't done any sort of advanced configuration for securing it ( port 22; password enabled ). It seems somehow there is ssh scanning going on from my IP, I'm being flagged as this is against the TOS. I've been SSHing only from my home Comcast ISP which I run Linux on. Is this a common thing when getting a new vps? Are there any standard security configuration tips? I'm quite confused as to how my machine has been accused of this ssh scanning.

  Read the article

• How can I flush my ssh keys on power management activity?

  - by Sam Halicke

  Hi all, Using ssh-agent and private keys per the usual. Everything's working as normal. My question regards best practices on flushing keys from ssh-add on activity like sleep, suspend, hibernate, etc. I thought about writing a simple wrapper around those commands, but then wondered if are they even called? Or does the kernel initiate this activity directly? Are the PM utilities strictly userland? I would like this additional layer of security beyond locking my screen, etc. and was wondering if anyone else had solved this elegantly or has best practices to recommend. Thanks.

  Read the article

• how to separate a network for traffic

  - by Student_CVO

  At the moment our all computers in one big LAN, it is the intention to separate the admin and edu (it's in a school) especially for traffic and less for security. How do this best? I have a drawing, but can't post it (a can send it in a mail) Firewall?, VLAN?, IPCop (no two green zones)?, pfsense? ... Should there be two scopes on the dhcp server (WIN 2008 R2), one for admin and one for edu or is one scope enough? I would like your advice, I am a student in training with this task as a project. Thanks

  Read the article

• Enable file download via redirect in IE7

  - by Christian W

  Our application enables our customers to download files to their computer. The way I have implemented it is using asp.net with a dropdown. When the user clicks the dropdown they get the choice of "PDF","Powerpoint", and a couple of other choices depending on circumstances. Then, in postback depending on the choice the user made, it will return a file (changing the content-header and such and then bitbanging a file to the user). This works perfectly in all browsers, but IE7 complains that this is a security risk and blocks the download. Is there any way for the users to authorize downloads from our webapplication?

  Read the article

• Wordpress Automatic Updating/Installing Plugins Permissions

  - by karmic

  I am using the latest Wordpress and I have always had issues with the automatic updater. For the files in the wordpress directory, i set them to permission 770, and add the webserver user 'www-data' as the group owner. I use lighttpd. However, the automatic updating plugins or installing plugins does not work. It works if I chmod 777 the files or if I set the actual owner to the web server as well. What are the best permission settings for security while still allowing the updating feature to work properly in wordress? Also, by 'not work' i mean, it will go to the screen that asks me for FTP credentials when I try to update.

  Read the article

• Concerns about a Dedicated (Windows Server 2008) + DDoS

  - by TheKillerDev

  I am have today a dedicated server with these specs: Intel Core i5 750, 2x120GB (ssd + raid), Windows Server 2008 Web, 200Mbps Network, 24 Gb DD3 And I would like to know what are the best thing I can do to prevent a DDoS Attack, since I know this will be a real threat by the importance of the files that will be archived in it. Today I have apache listening port 80 and RDC listening port 3389. But the security is beeing made only by Windows Firewall. So, any thoughts on what would be good to prevent from DDoS attacks?

  Read the article

• How to analyse logs after the site was hacked

  - by Vasiliy Toporov

  One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

  Read the article

• How can I use fetchmail (or another email grabber) with OSX keychain for authentication?

  - by bias

  Every fetchmail tutorial I've read says putting your email account password clear-text in a config file is safe. However, I prefer security through layers (since, if my terminal is up and someone suspecting such email foolery slides over and simply types "grep -i pass ~/.*" then, oops, all my base are belong to them!). Now, with msmtp (as opposed to sendmail) I can authenticate using the OSX keychain. Is there an email 'grabber' that lets me use Keychains (specifically the OSX keychain) or at least, that lets me MD5 the password? This is a duplicate of my unanswered question on serverfault. I've put it on superuser because I'm doing this on a personal computer (viz. with OSX) so it's more of a superuser question.

  Read the article

• How can I set up VLANs in a way that won't put me at risk for VLAN hopping?

  - by hobodave

  We're planning to migrate our production network from a VLAN-less configuration to a tagged VLAN (802.1q) configuration. This diagram summarizes the planned configuration: One significant detail is that a large portion of these hosts will actually be VMs on a single bare-metal machine. In fact, the only physical machines will be DB01, DB02, the firewalls and the switches. All other machines will be virtualized on a single host. One concern that has been is that this approach is complicated (overcomplicated implied), and that the VLANs are only providing an illusion of security, because "VLAN hopping is easy". Is this a valid concern, given that multiple VLANs will be used for a single physical switch port due to virtualization? How would I setup my VLANs appropriately to prevent this risk? Also, I've heard that VMWare ESX has something called "virtual switches". Is this unique to the VMWare hypervisor? If not, is it available with KVM (my planned hypervisor of choice)?. How does that come into play?

  Read the article

• Securing a persistent reverse SSH connection for management

  - by bVector

  I am deploying demo Ubuntu 10.04 LTS servers in environments I do not control and would like to have an easy and secure way to administer these machines without having to have the destination firewall forward port 22 for SSH access. I've found a few guides to do this with reverse port (e.g. howtoforge reverse ssh tunneling guide) but I'm concerned with security of the stored ssh credentials required for the tunnel to be opened automatically. If the machine is compromised (primary concern is physical access to the machine is out of my control) how can I stop someone from using the stored credentials to poke around in the reverse ssh tunnel target machine? Is it possible to secure this setup, or would you suggest an alternate method?

  Read the article

• Jenkins projects not visible even though user has all privleges

  - by Frank Rosario

  We want to lock down Jenkins and specific jobs to certain personnel. I have my account with all global privileges granted with project based matrix security. A coworker has a similar account and has been granted all the same privileges. When I log in with my account, I can see all of the projects we have setup. When my coworker whom has the exact same privileges logs in, none of the projects are visible. I've double and triple checked the permissions matrix to make sure we have the same global privileges; we do. Some of the projects have project specific privileges setup as well, but again; I've confirmed that both of us have the same access to these projects as well. So why can I see all the projects and my coworker is unable to see any of the projects?

  Read the article

• Inexpensive degaussers or HDD shredders?

  - by Nicholas Knight

  I do a lot of work for a small cash-strapped business that has a lot of active hard drives, most are consumer-grade SATA of about five years of age, and predictably they are dying at an increasing rate, and a lot of the time they can't even be detected, let alone complete a zero-out cycle. Right now those drives are just being stored, but that can't continue forever. We've got a couple bad LTO tapes it'd be nice to deal with, too. There are very real security and legal issues that make dropping them off with someone who claims they'll be properly destroyed a gamble. I've looked around at degaussers and HDD shredders, and the ones that don't look like they come from some guy in his basement all seem to be $3000+, which is hard to swallow right now. Is there anything out there in the $500-1500 range that you would recommend? (Speed isn't a big issue, if it takes several minutes or even hours per drive, that's completely OK, we've only got 10 or so thus far.)

  Read the article

• How do I rescue files from the encrypted home folder via live USB stick?

  - by Alexia

  I know, this has been asked and answered all over the internet already. However, I start feeling stupid, since the informations there are not helping me. Just this morning, I wanted to install the newest update to 13.10. After the download, when it came to the actual installing, the install program froze and didn't do anything for hours. At that time, I was still logged in. The computer was working and everything was accessable to me. However, I made the mistake and didn't immediately make safety copies of everything. Instead, I just rebooted. Long story short: My computer even fails to reset to a previous version via Grub. But I am able to boot from a USB stick and, after starting Nautilus, I see my home folder on the HD. I would now like to copy its contents onto an external harddisk. Problem 1: I have no rights to access the folder like that. Problem 2: It is encrypted. Problem 3: I don't know how to give myself the rights to access the folder nor do I know how to encrypt it. I assume that it might help that I still know these things: - my old login name - my old login phrase - a 32 characters long string of hexadecimal numbers that I copied to my list of passwords as "Ubuntu Encryption Code". I copied it digitally right after installing Ubuntu the first time and encrypting the home folder, so there won't be any typos. I am sure of that. The solutions that I saw so far, tell me that I need the "encryption phrase". But when I follow the instructions and use this phrase that I have in my list, I only get messages of denial. Can anyone help me through this special problem, please?

  Read the article

• General High-Level Assessment

  - by tcarper

  Guys and Gals, I've been tasked with a doozy of an assignment. The objective is something akin to "laying of hands" on several database servers which work in concert to provide data to various Web, Client-Server and Tablet-Sync'd distributed Client-Server programs. More specifically, I've been asked to come up with a "Maintenance Plan" which includes recommendations for future work to improve these machines' performance/reliability/security/etc. Might there be some good articles on teh interwebs ya'll could point me towards which would give me some good basis to start? Articles describing "These are the top 4 overarching categories and this is how you should proceed when drilling down on each of them" sort-of-thing would be fabulous. The Databases are all SQL 2005, however the compatibility level is 80 and they were originally created with ERwin based on SQL 6.5. The OSs are all Windows Server 2003. Thanks all! Tim

  Read the article

• How useful is mounting /tmp noexec?

  - by Novelocrat

  Many people (including the Securing Debian Manual) recommend mounting /tmp with the noexec,nodev,nosuid set of options. This is generally presented as one element of a 'defense-in-depth' strategy, by preventing the escalation of an attack that lets someone write a file, or an attack by a user with a legitimate account but no other writable space. Over time, however, I've encountered arguments (most prominently by Debian/Ubuntu Developer Colin Watson) that noexec is a useless measure, for a couple potential reasons: The user can run /lib/ld-linux.so <binary> in an attempt to get the same effect. The user can still run system-provided interpreters on scripts that can't be run directly Given these arguments, the potential need for more configuration (e.g. debconf likes an executable temporary directory), and the potential loss of convenience, is this a worthwhile security measure? What other holes do you know of that enable circumvention?

  Read the article

• What permissions do I need to move a folder?

  - by isme

  In the root of my drive there exists a folder called SourceControl that contains all the working copies of all my programming projects. I would like to move the folder to my user directory (\Users\Me), but something about the permissions on the folder forbids me. I don't remember how I created the folder. When I execute the move command: MOVE \SourceControl \Users\Me I receive the following error: Access is denied. I have resolved a similar problem in the past using the Takeown utility to assign ownership of the file to me, so I tried this command next: TAKEOWN /F \SourceControl It returns the following error: ERROR: The current logged on user does not have ownership privileges on the file (or folder) "C:\SourceControl". I've just learned about the Icacls utility, which can inspect and modify file permissions. I used this command to inspect the permissions on the folder: ICACLS \SourceControl It produced this list: \SourceControl BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(OI)(CI)(RX) NT AUTHORITY\Authenticated Users:(I)(M) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M) I think this means that normal user accounts, like mine, have permission only to read and execute (RX) here, while administrator accounts have full control (F). I used Icacls to confer full control of the directory to my user account with this command: ICACLS \SourceControl /grant:r Me:F The command produces this output: processed file: \SourceControl Successfully processed 1 files; Failed processing 0 files Now inspection of the permissions produces this output: \SourceControl Domain\Me:(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(OI)(CI)(RX) NT AUTHORITY\Authenticated Users:(I)(M) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M) But after this the move command still fails with the same error. Is it possible to move this folder without invoking administrator rights? If not, how should I do it as administrator?

  Read the article

• How do I securely share / allow access to a drive?

  - by sleske

  To simplify backing up a laptop (Windows Vista), I'm planning on sharing its C: drive (with password protection) and using that to back it up from another computer. What are the security implications of this? If I share C: with a reasonable password, how big is the risk of compromise if the system is e.g. inadvertently used on a public WLAN or similar? Background: I'm planning to use [Areca Backup][1] to back up two systems (Windows XP and Vista). My current plan is to install Areca on the XP box, and share the Vista system's C: as a shared folder, so the XP system can read it. Then I can set up the drive as a network drive and have Areca read it like a local drive. Of course, if you can think of a more elegant way of doing this, I'm open to suggestions.

  Read the article

• Apache trailing slash added to files problem

  - by Francisc

  Hello! I am having a problem with Apache. What it does is this: Take /index.php file containing an code with src set to relative path myimg.jpg, both in the root of my server. So, www.mysite.com would show the image as would www.mysite.com/index.php. However, if I access www.mysite.com/index.php/ (with a trailing slash) it does the odd thing of executing index.php code as it would be inside an index.php folder (e.g. /index.php/index.php), thus not showing the image anymore. This is a simple example that's easy to solve with absolte addressing etc, the problem I am getting from this a security one that's not so easily fixed. So, how can I get Apache to give a 403 or 404 when files are accessed "as folders"? Thank you.

  Read the article

• What rights does an employer have to the employee's computer?

  - by Terrence Brannon

  What access rights should an employee grant an employer for a work computer? For instance, let's assume that the business people come to the IT lab late at night for discussions with the CIO and they use my computer for reading email and general web surfing. In a sense, this means that they are taking full or partial responsibility for any security issues that crop up that get traced back to the employee's machine. Perhaps the proper way to provide a computer to an employee is to give him full and exclusive use of it while employed. Only supervised access (such as hardware/software maintenance) should be acceptable.

  Read the article

< Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >