Search Results

Search found 3414 results on 137 pages for 'privacy policy'.

Page 90/137 | < Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97 | Next Page >

Encrypt LAN and wifi traffic on small private network

- by Grimlockz

I need some advice about encrypt all traffic on a small private network running wi-fi and LAN traffic on 192.168.0.x network. The network would comprise of client laptops connecting to the wi-fi router (192.168.0.254) via ethernet connection or wireless. The main purpose of the server is for the client laptops to talk to two servers on different IP's (192.168.0.200 and 192.168.0.201) on ports 80 and 433. My main concern is having packet sniffers and what not getting access to the data. The only ways I see at the moment is to have VPN running on the network or use IPSec policy's to do this. Any other ways guys?

Read the article
How does one remove an encryption type from a kerberos principal?

- by 84104

I would like to remove all of the des keys from the principal below, but have no idea how to do so without someone inputting the password. kadmin: getprinc user Principal: [email protected] Expiration date: [never] Last password change: Thu May 26 08:52:51 PDT 2013 Password expiration date: [none] Maximum ticket life: 0 days 12:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Tue Jul 16 15:17:18 PDT 2013 (administrator/[email protected]) Last successful authentication: Wed Jul 24 14:40:53 PDT 2013 Last failed authentication: [never] Failed password attempts: 0 Number of keys: 8 Key: vno 3, aes256-cts-hmac-sha1-96, no salt Key: vno 3, arcfour-hmac, no salt Key: vno 3, des3-cbc-sha1, no salt Key: vno 3, des-cbc-crc, no salt Key: vno 3, des-cbc-md5, no salt Key: vno 3, des-cbc-md5, Version 5 - No Realm Key: vno 3, des-cbc-md5, Version 5 - Realm Only Key: vno 3, des-cbc-md5, AFS version 3 MKey: vno 2 Attributes: REQUIRES_PRE_AUTH Policy: [none] Also, the the kdc is using an OpenLDAP backend.

Read the article
Removed password from Windows 7, now I cannot login using Remote Desktop

- by Niels Brinch

I removed the password from the only account on my Windows 7 computer and now I get the following message when I try to log in. "Possible reasons are blank passwords not allowed". I did some research and found out what I should have done (disable the policy to allow blank passwords) but now I'm already logged out and cannot get back in. Does anyone have any suggestions? Update Thanks for all the answers. I actually think the reason I couldn't login with blank password was because I was logging in with Remote Desktop. I had no idea that made a difference, so didn't think it would be relevant to mention. When I went directly on the physical computer, it did not stop me from logging in without a password.

Read the article
Accept incoming L2TP connections on Windows 7

- by Greg

Windows 2003 can be configured as a VPN server that uses L2TP with a preshared key. Windows 7 can be configured to accept incoming VPN connections, presumably using PPTP. Is there a way to configure Windows 7 to accept incoming L2TP connections? The configuration settings for incoming connections is extremely sparse; I don't see any place to enter a preshared key or specify the protocol to use. Perhaps it is beyond the capabilities of Win 7, but I hold out hope that I'm overlooking some Group Policy settings or registry edits that allow it.

Read the article
RODC password replication and A/D sites and subnets

- by Gregory Thomson

I work at a school district with about 30 school sites. Windows 2008 A/D setup - all central at the district office. In A/D, all is under one site, and no subnets defined. One A/D forest and only one domain under that. We're now looking to start putting RODCs at the schools to put the authentication and DNS out there closer to them. I haven't worked with A/D sites and subnets, and only a little with RODC password replication. But just got an invite to a meeting to talk about this tomorrow... If we start breaking down the A/D pieces into sites/subnets, can we also use that as a way to help apply an RODC password replication policy in a way that matches so that only each school sites' users passwords are replicated/cached on their RODC?

Read the article
Configuring SASL support in libmemcached

- by John Keyes

I'm trying to build libmemcached with SASL support on OS X Mountain Lion. I have built memcached (1.4.15) with SASL support: $ memcached -S -vv Initialized SASL. slab class 1: chunk size 96 perslab 10922 ... slab class 42: chunk size 1048576 perslab 1 <17 server listening (binary) <18 server listening (binary) <19 send buffer was 9216, now 3728270 <20 send buffer was 9216, now 3728270 <19 server listening (udp) <20 server listening (udp) ... I am trying to build libmemcached with SASL support too. I have tried the following: $ ./configure --prefix=/usr/local \ --with-memcached-sasl=/usr/local/bin/memcached ... $ ./configure --prefix=/usr/local \ --with-memcached-sasl="/usr/local/bin/memcached -S" ... But the resulting configuration summary is the same for both: Configuration summary for libmemcached version 1.0.11 * Installation prefix: /usr/local * System type: apple-darwin12.2.0 * Host CPU: x86_64 * C Compiler: i686-apple-darwin11-llvm-gcc-4.2 (GCC) 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.11.00) * C Flags: -O2 -Werror -Wall -Wextra -std=c99 -Wbad-function-cast -Wmissing-prototypes -Wnested-externs -Woverride-init * C++ Compiler: i686-apple-darwin11-llvm-g++-4.2 (GCC) 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.11.00) * C++ Flags: -O2 -Werror -Wall -Wextra -Wpragmas -D_FORTIFY_SOURCE=2 -Waddress -Wchar-subscripts -Wcomment -Wctor-dtor-privacy -Wfloat-equal -Wformat=2 -Wmissing-field-initializers -Wmissing-noreturn -Wnon-virtual-dtor -Wnormalized=id -Woverloaded-virtual -Wpointer-arith -Wredundant-decls -Wshadow -Wshorten-64-to-32 -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused-variable -Wwrite-strings -fwrapv -ggdb * CPP Flags: -I/usr/local/include * Assertions enabled: no * Debug enabled: no * Warnings as failure: no * SASL support: Am I doing something incorrectly? Thanks.

Read the article
Brand new Lenovo u410 heats up around touchpad

- by Ali

My Lenovo u410 started heating around the right palm rest minutes after I unpacked it! I am devastated, because I bought this for programming, and it's impossible to type on this for extended periods with the surface getting so hot. I haven't run any serious programs on it yet, so the processor has been pretty much idle. I've been Googling this problem, and found only one person who had this issue too. Is this is a defect in the product? Why aren't many others getting this problem? I bought it via newegg.com and as per their policy you can't return a product once you've opened it. Specs: Core i5, 6 GB RAM, 750 GB harddisk. Running Windows 8.

Read the article
Why am I getting permission denied installing Powershell 2.0 on Windows XP (and certain other update

- by spoulson

I'm working on a corporate desktop (still) running Windows XP SP2. I recently received a new PC and am reinstalling all my tools. Something is different about this one in that it won't let me install Powershell 2.0. When I do, I get a popup: You do not have permission to update Windows XP. Please contact your system administrator. This also occurs for other installs, like Service Pack 3 and Windows Installer 4.5. I'm aware this PC is under group policy restrictions, but I haven't narrowed down what restriction is preventing this install so that I can have the appropriate support team resolve it. What setting could be responsible for this?

Read the article
Windows Server 2012 - SSL Cypher Suite Order Not Long Enough

- by Sam

I want to re-order the cypher suites on our new Windows Server 2012 box to help mitigate the BEAST vulnerability for our clients. I went to Local Group Policy => Computer Configuration => Administrative Templates => Network => SSL Configuration Settings, opened SSL Cypher Suite Order, enabled it, and copied the values from the SSL Cypher Suites textbox. I pasted them into notepad, re-ordered them, then copied+pasted them back into the SSL Cypher Suites textbox. However, the box isn't long enough to hold them all, despite the fact that the length didn't change. I would have to drop the last 3 cyphers (SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA) in order for it to fit. Should I just drop them? Other ideas?

Read the article
How to grant secure access to an untrusted developer to an exisiting virtual host?

- by Margaret Thorpe

Our security policy does not permit ftpd on our servers. Our trusted developers use ftps to access our webservers and they have full access to the server. How do we grant limited access to a single untrusted developer for an existing virtual host. Ive configured rssh to only allow sftp to our untrusted developer, but we dont want him browsing around our other sites. I've investigated chroot, but it seems overly complex and more for restricting access to their home folders. I want to limit access to /srv/www/vhostx/ and below. Whats the best solution?

Read the article
Cannot connect to a VPN server - authentication failed with error code 691

- by stacker

When trying to connect to a VPN server, I get the 691 error code on the client, which say: Error Description: 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server. Now, I validated that the username and password are correct, and tried to login with domain name and without. I also installed a certification to use with the IKEv2 security type. I also validated that the VPN server support security method. But I cannot login. In the server log I get this log: Network Policy Server denied access to a user. The user DomainName\UserName connected from IP address but failed an authentication attempt due to the following reason: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server. Any idea of what can I do? Thanks in advance!

Read the article
Redhat 6 gui installation VS kickstart gives me different packages?

- by jonaz

If i do the graphical install and select basic server + aide and screen i get a system with 535 installed packages. If i look at the /root/anaconda-ks.cfg file in that freshly installed system i see: %packages @base @console-internet @core @debugging @directory-client @hardware-monitoring @java-platform @large-systems @network-file-system-client @performance @perl-runtime @security-tools @server-platform @server-policy @system-admin-tools pax python-dmidecode oddjob sgpio certmonger pam_krb5 krb5-workstation nscd pam_ldap nss-pam-ldapd perl-DBD-SQLite aide screen If i then install a NEW system using a kickstart only containing those packages i get 620 installed packages. So basicly my question is why does the system install almost 100 more packages when using kickstart compared to the GUI installation when the exact same packagegroups are selected?

Read the article
How to Load Balance 2 Internet Connections on a Windows 7 machine?

- by Jimmy Chandra

It's sort of related to this particular question, but that one is on Mac. I am looking for similar solution on Windows 7. I have 2 network connections: (Connection A) Wireless terminal connecting to ISP A (3G / EVDO internet provider) (Connection B) Broadband wired connection connecting to ISP B (Cable internet provider) Both has access to the internet. When I try connecting to a website and checking the networking tab on my Task Manager, I only see the network traffic being routed to only Connection A. Is there a way to make the computer to utilize both network (in a sense using all the bandwidth available from both the Cable ISP and the 3G / EVDO ISP) at the same time? If so, what do I need to do to set this up ... on Windows 7? Here is a bit more info on my network connections (ipconfig /all): PPP adapter Wireless Terminal: IPv4: aa.bb.ccc.ddd(preferred) Subnet mask: 255.255.255.255 Default Gateway: 0.0.0.0 DNS: aa.ee.f.ggg aa.ee.f.hhh Primary Wins: jjj.ii.k.l Secondary Wins: jjj.ii.k.m Ethernet adapter LAN: IPv4: 192.168.1.100 (connected to a router by wired that itself connect to a cable modem) subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 (the wireless router) DHCP: 192.168.1.1 (the wireless router) DNS: xxx.yy.zz.ww rr.sss.t.uuu For my own privacy, I don't believe the actual number matters, the patterns are representative of the ip numbering scheme...

Read the article
What email providers have extremely high reliability and robust SLAs?

- by Benjamin Manns

My dad is a professor who does part-time law practice. He had been using his university email address for professional correspondence, when he found out that the university had permanently lost 16 business-related emails in their spam filter (with no apology, notification, or compensation). What I am looking for now is an email provider (preferably with Exchange, but not required) with very high reliability and a SLA that is basically an insurance policy. I have looked at Google Apps's SLA, but this will not suit. I am looking for a provider who will take $X per month in registration fees, and will: Alert me when there is any downtime. Promptly fix the issue Pay me a fee ($Y) whenever there is downtime. I want a significant, contractual reason for them to be diligent in their service. Free service for me is not enough.

Read the article
Unable to log iptables

- by ActuatedCrayon

I'm having trouble getting iptables to log to any file. My iptables looks like: Chain INPUT (policy ACCEPT 1366 packets, 433582 bytes) pkts bytes target prot opt in out source destination 869 60656 LOG icmp -- venet0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 Syslogd is the only log helper running. The default syslog.conf didn't work, so I tried adding "kern.=debug -/var/log/iptables.log". But the file already has "kern.* -/var/log/kern.log". There are recent syslog entries, so it's not a permissions thing. I'm running Ubuntu 12.04.1 with 2.6.32-042stab061.2

Read the article
SharePoint - force user to accept AUP when first logging in etc

- by Chris W

We're looking to move a bespoke intranet across to SharePoint. One query that has come up is whether we can do the following easily: When user logs in for the first time they should be forced read and accept an Acceptable Use Policy for the site. Agree a separate agreement that relates to their data being shared with other parties. (Optional) upload their profile photo. They can skip this step if they don't have one but they should be prompted to do it each time they login subsequently. The above is all nice and easy in a bespoke app but I can't see how to do this with SharePoint. Can we build a custom workflow that is tied to the user logging in? So far I can only find how to attach workflows to libraries and lists.

Read the article
Scheduled task based on Microsoft patch release cycle

- by floyd

I have a simple powershell script which unapproves all patches based on computer group name in WSUS which works great. All of our servers patch on a specific Day/Week/Time starting on Week0-Wednesday which would be the Wednesday after Microsoft Patch Tuesday (2nd Tuesday of every month) all the way to Week3-Sunday. This obviously causes problems as sometimes not all patches get applied in one reboot cycle, and then will install patches the following week during their group policy scheduled patching day/time which is what I'm trying to prevent. My question is I'm trying to schedule my script to run based on this schedule and I am finding it next to impossible using Windows Task Scheduler. For instance if I wanted something to always run on the 4th Monday after Microsoft Patch Tuesday, I cant always use the task scheduler option "4th Monday of the Month" Has anyone run into a similar situation, or know of any task scheduling tools which give you more flexibility than Windows Task Scheduler?

Read the article
cannot run CMD script from Vista windows explorer

- by jamesvista

I am running Vista Home Premium. I tried to write a script to do some simple automation.... it does not work! even the most simple script like: @echo ON dir . does not get executed and only an empty CMD shell pops open when started from explorer. From the cmd windows there is no problem. This is really weird and I have never seen this before (but wrote many CMD scripts before) ftype cmdfile and batfile are unchanged from "%1" %* virusscan done - no problems Is there a policy setting that might have changed? Any ideas?

Read the article
What does the arxiv.org anti-bot "search and destroy" actually do?

- by Brian Campbell

The lanl.arxiv.org math and scientific preprint service (formerly known as xxx.lanl.gov) has a strict policy against bots that ignore its robots.txt, Robots Beware. On that page, the have a link labelled with "Click here to initiate automated 'seek-and-destroy' against your site", which is forbidden by their robots.txt but presumably badly behaved robots will follow it, and reap the consequences. The question, what are the actual consequences? I have never had the guts to actually click on that link to see what it does. What can they be doing that is both effective and legal?

Read the article
Use of backreferences in fail2ban filters possible?

- by Izzy

From time to time, I see collections of suspect "File not found" errors in my Apache logs, basically using the pattern File does not exist: /var/www/file, referer: http://my.server.com/file In human terms: The file was not found, though it referenced here itself. A clear hacking attempt, as that's hardly possible (and the REQUEST_URIs often enough suggest the same). In my eyes a clear case for fail2ban – if I could get backreferences to work here: failregex = ^%(_apache_error_client)s File does not exist: /var/www(.+), referer: http://.+\1$ (Justin Case: above examples assume the DIRECTORY_ROOT of that webserver being /var/www) I googled for hours, searched the fail2ban wiki up and down – but nowhere I could find a statement concerning backreferences in its filters. Are they not supported, or did I do it the wrong way? Any hints how to make it work (except from "dirty hacks" like first sending the request to another fake url using mod-rewrite, and then catching on that (if anyone is interested, I can elaborate on that approach in an answer), or doing something similar using mod-security)? as an entire log line was requested: [Fri Nov 08 14:57:28 2013] [error] [client 50.67.234.213] File does not exist: /var/www/text/files.htm++++++++++++++++++++++++++Result:+using+proxy+27.34.142.47:9090;+no+post+sending+forms+are+found;, referer: http://www.myserver.com/text/files.htm++++++++++++++++++++++++++Result:+using+proxy+27.34.142.47:9090;+no+post+sending+forms+are+found; (sorry, logs were just switched, so this long candidate was the only one left currently; minor adjustments were made for privacy reasons)

Read the article
Deploying an application on a windows domain

- by ALOToverflow

I'm looking for different ways to deploy, execute and uninstall an application on all machines of a Windows domain. I've did some research on Group Policy Object (GPO) but I'm still looking for other ideas. As I said, I need to deploy the application, run it without the user having to click anything and letting him to control over the machine. Once it's finished running I need to uninstall it and never run it again. Can such things be done with a GPO? Are there any other possibilites on a Windows domain? Thank you

Read the article
iptables NAT configuration

- by Sarp Kaya

Hello I am experiencing some issues with my iptables. Here's what I want to do: A(eth0)--------(eth0)B(eth2)---------------(eth2)C Brackets are interface names A,B and C are hosts. Now I would like to forward port number 80 of host C so that It would be accessed via host A. host A is 192.168.1.254 host C is 192.168.3.2 I intentionally ACCEPTed all FILTER chain options as the default policy because I wanted to make sure that NAT is working properly first. I enabled ip_forward. So here's what I have done: sudo iptables -A PREROUTING -t nat -p tcp - d 192.168.1.254 -j DNAT --to 192.168.3.2 However it is not working. What am I missing here?

Read the article
Notebook Operating System with extreme support cycles/security updates

- by leto

Hello there, after reading the announcements about Mac OS X "Lion" and Apples political decision, I've had enough. I'm a longtime Apple User since 1992, have always felt at home there, but am trying to switch to alternative Operating System since a year. I've also been working with Unix machines since 2001, so I'm looking in one of the free Unices or a Linux. Since I last looked at the desktop in 2002 choke much has changed, it seems. So I'm lost once more in the war between desktop environments and software. To be honest: I don't care what it's name is, I want to get my job done. Here's what I set me as landmark for an operating system/software to be considered: Has to be atleast four years old Has to supply security updates for current release for atleast a year Production quality stability for the whole desktop environment (!) No f****g commercial stuff that tends to supply me with privacy invading App Store or Cloud space So far I'm running a MacBook from 2007, 4 Gig memory, 250 Gig disk and I need: IMAPs for Mail since 1995 Webbrowser sic Shell Keeping current with Updates/Upgrades with no more than 5 Minutes spent in entering commands (makes it hard for OpenBSD ;-) ) A desktop filemanger would be nice, but is a bonus. What can you suggest as operating system? The one with the longest support cycles and best chance to survive the next 10 years will win a new user, even sending patches when needed :-) Greets

Read the article
HD video editing system with Truecrypt

- by Rob

I'm looking to do hi-def video editing and transcoding on an unencrypted standard partition, with Truecrypt on the system partition for sensitive data. I'm aiming to keep certain data private but still have performance where needed. Goals: Maximum, unimpacted, performance possible for hi-def video editing, encryption of video not required Encrypt system partition, using Truecrypt, for web/email privacy, etc. in the event of loss In other words I want to selectively encrypt the hard drive - i.e. make the system partition encrypted but not impact the original maximum performance that would be available to me for hi-def/HD video editing. The thinking is to use an unencrypted partition for the video and set up video applications to point at that. Assuming that they would use that partition only for their workspace and not the encrypted system partition, then I should expect to not get any performance hit. Would I be correct? I guess it might depend on the application, if that app is hard-wired to use the system partition always for temporary storage during editing and transcoding, or if it has to be installed on the C: system partition always. So some real data on how various apps behave in the respect would be useful, e.g. Adobe, Cyberlink, Nero etc. etc. I have a Intel i7 Quad-core (8 threads) 1.6Ghz (up to 2.8Ghz turbo-boost) 4Gb, 7200rpm SATA, nvidia HP laptop. I've read the excellent posting about the general performance impact of truecrypt but the benchmarks weren't specific enough for my needs where I'm dealing with HD-video and using a non-encrypted partition to maintain max performance.

Read the article
Non existing GPO applying? WSUS

- by Jake

I recently took my WSUS server offline. In the mean time I want the clients to update from the internet until I get WSUS up again. However, Windows Updates is tring to contact the old server and (obviously) failing to get new updates. I have updated the WSUS GPO to disabled. Checked DNS is resolving. Deleted WSUS GPOs. GPRESULT reports that policy is not being applied Run GPUPDATE /force No issues reported from DCDIAG I delete the registry keys HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate But the keys return after a reboot. What else can I try ?

Read the article

< Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97 | Next Page >