Guys,
Is it possible to make the IIS application itself run with as little as
possible privs on the windows box itself? Its to my understanding that it
runs with system privs...
Can this be changed some how? Or is it essential?
Regards
How many help desk techs do you have, is the real question. Every
person who has access to any part of employee SSNs is a potential risk
for identity theft and fraud.
Suggestions for alternatives:
1) Use another number
2) If you must use part of the SSN, consider setting up an app where the
Take a look at the ikey or ActivCard ActivKey. They are SmartCard and reader
in one, so you don't have to carry a reader around all the time. It's also
plug and play, works great in Windows environment. I think it is probably an
expensive implementation of PKI. Usually people use PKI as a
I have the same config here 1720 perimeter and pix 515e. The pix can be
set to receive telnet and pdm from one and only one IP and you can also
set the interface on which it will see that IP. The router, I am less
familiar with. I believe you may be able to do the same. The only
downside is this
Whenever the switch receives a packet for which it doesn't find the destination mac
address in its forwarding database, it sends that packet to all Ports in that VLAN.
These are known as unknown unicast messages. You probably are seeing those packets.
One way to block this is to have the ports
Newbie question: I need to setup up a secure webserver. Do I install apache
2.0 and then go for mod-ssl or open-ssl OR do I directly opt for the
apache-SSL project? which one is better in terms of security, functionality
and convinience (in the same order of priority).
thanks in advance,
Mayur
Safe in this case I assume you are referring to the encryption level.
VNC/SSH can be relatively safe. Encryption is weak for PC anywhere 9
http://online.securityfocus.com/bid/1093
-Original Message-
From: SB CH [mailto:chulmin2;hotmail.com]
Sent: Tuesday, November 05, 2002 5:47 PM
To:
Thanx Bennett for understanding my question correctly. This information
would definitely help. I did get some other useful suggestions like
using
+
Try adding this to named.conf:
options {
query-source address * port 53;
};
++
If HTTPS is not secure enough, than why do banks use them? Just
wondering...
Because *most* people see the litle padlock in the status bar and think that it's
secure.
So the banks humour them.
On the other hand it *does* provide some, if not fairly trivial security.
-D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anyone have any opinions on this for managing workstation virus
checkers? Doing it by myself and trusting the users to update is
getting tedious. I'm interested in anyone running it on a Novell
network especially. What do each of the modules
Cisco has some very good documents on their site regarding the basic
security configurations for routers. I do not, unfortunately, have the URL.
That being said, there are a few things that you may want to place on your
router
1. Block incoming traffic originating at RFC1918 private addresses.
2002-11-05-14:36:41 Naman Latif:
Try adding this to named.conf:
options {
query-source address * port 53;
};
++
Which would have the originating queries only from Port 53, thus making
it easier to implement in the firewall.
It may make it easier to
Yes, snmp for one. Then you might consider services you don't/won't ever
need to be seen from the internet (like sun rpc services, any type of
network back services, application service ports, etc.)
If you only need something like port 80 open, then map out a way to only
allow that port opened.
Naman,
Unless this DMZ DNS system will provide name lookups for public clients,
you only need to ensure your public to DMZ gateway/firewall/router will
allow outbound syn connections and inbound ack connections to the DMZ
DNS box. This will effectively limit any public system from
establishing a
How about blocking packets with a source address of the internal networks
and rfc1918 networks coming in on the serial interface and vice versa on
the ethernet interface.
-- Willie
On Mon, 4 Nov 2002, Naman Latif wrote:
Hi All,
I wanted some suggestions\practical experiences for
Read This, may be related.
http://www.phenoelit.org/arpoc/
Also I want to ear the experts opinion about this or similar soft. This
work? this represent a risk?
Thanks
Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
- Original Message
The only problem I see with your solution is that you are assuming that the
partner on the other side of the VPN is keeping to the same level of security
as your own system (at least as secure as your own.) What if the partner
organization is an easy target? The VPN will allow an intruder to
17 matches
Mail list logo
