I am looking for the best way to provide secure e-mail
for remote employees (both remote offices and mobile
workers). Currently e-mail is provided from a central
e-mail server (Exchange). The remote offices and
mobile workers connect via Internet to the central
Exchange server to send and receive
WLBS (Windows Load Balancing Service) or some types of clusters may be the cause. The
hosts that participate in such a "WLBS construct" have each their own IPs and own
MACs. But they comunicate with a virtual IP and virtual MAC. The first switch (the
hosts are directly connected in) can't learn
Biometrics are tricky. One thing to think about it how to revoke users.
There are a lot of great companies that make the fingerprinting stuff
including ethentica and a lot of others.
Try to pay close attention during your installation to the user
management.
AS to your question on
I've been using it for a while, and have investigated ways of handling the
updates of workstations. My situation is I don't have time to get very
fancy. I've got too many things to do, so I need it quick and easy. With
that said, here is what I do:
Every Friday, download the update definitions to
I concur with David's point that the systems that connect to your network
need to have a minimum level of security that is in line with your policies.
It is critical to verify the security of the end user's system before they
connect to your network through VPN. Otherwise, any compromise of the
en
On Tuesday 05 November 2002 23:35, Mayur Kamat wrote:
> Newbie question: I need to setup up a secure webserver. Do I
> install apache 2.0 and then go for mod-ssl or open-ssl
well, you'll need mod_ssl and OpenSSL, since mod_ssl only provides an
interface to the OpenSSL library.
/Thomas
--
[EMA
forgive me, i'm not following you. i find the words "some" and "fairly
trivial" difficult to put my hands around.
Most of the security/web engineers I know who work for large banks
demonstrate a genuine interest in protecting customer's data as well as an
intimate understanding of what would hap
PDM and telnet from only one IP? That's the first I've heard of this.
Unless your concerned about a unattended workstation, you can have more
than one ip on the telnet and pdm. On our PIX 515's, I have at least
two. The BDC on site so as a adminitrastor at any site you can remote
to the server
Well it depends, how desperate somebody wants to get into the computer
room, e.g would they be willing to cut off your hand or pull out your
eyeball.
I would think that finger prints would be the best. It is considerably
cheaper then a retinal scanning equipment.
I have also rolled out Symantec AV Corporate Edition. My only problem is
rolling out clients to the DMZ. Im not sure what ports to open for the
updates, and if ports are opened what security risks are involved.
The other issue is the virus definition are only downloaded once a week
(Wednesday), i
You can easily do this with any of the following Smartcard Vendors:
Smartcard
ActivCard
DataKey
Schlumberger
USB Smartcards
ActivCard
Alladin
Rainbow
Take a look at the smart card alliance for information on Smart Card
Vendors. http://ww
this should help http://housecall.trendmicro.com/
lets you scan the PC from the web always updated and free
gaurav bhandari
We live in an age where lemons are used to wash dishes, and lemonade is made
with artificial flavors
- Original Message -
From: "Ian Kelly" <[EMAIL PROTECTED]>
To:
In our Novell environment, we have had quite a bit of success with
managing the anti-virus on workstations via the System Center Console.
Via the console it is very easy to set up every server and client to
automatically look to a specific server for AV updates on a regular basis.
Thus, you only
Im tired of reading my 6 megs of PIX syslog messages using notepad
Is there
a program out there with a GUI and options like put in order of ports
requests.
Even better, if there is an message or log analyzer (which would make a
little bit like an IDS)
I tried Kiwi Deamon but couldnt make it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
One of the more memorable things that I have read about fingerprint
scanners is:
http://www.counterpane.com/crypto-gram-0205.html#5
You can basically fake a fingerprint biometric machine with a gummi
bear. If I remember correctly, the majority of fin
The activKey solution is very good. Some major competitors to look at
are:
authenex - Low cost alternative
Alladin
Rainbow
Regards;
Bryan
Bryan Glancey
[EMAIL PROTECTED]
Manager of Security Solutions
EPS Technology
999 Executive Parkway Drive
St. Louis, MO 63141 USA
http://www.epsione.com/
3
Hi.
I have a Sun Blade 100 workstation, running Solaris 9.
The Sun Blade 100 is delivered with Solaris 8, wich does not support the
smart card reader, Solaris 9 (wich is installed) does tho...
My questions here are pretty basic.
How does the smart card authentication work ?
What information is
Your external DNS should not be a secondary of your internal server. It
should be a separate DNS with only the informations about your DMZ servers
and MX record.
You should work in split DNS mode. Your internal DNS have the informations
about the internal AND DMZ server. Your DMZ DNS only know
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How about using SSH instead of telnet for starters? Then maybe a
two-factor authentication method using AAA, say an RSA server?
- -Original Message-
From: John Canty [mailto:John.Canty@;Vibro-Meter.com]
Sent: Tuesday, November 05, 2002 2:23 P
I think I understand how this incident occurred but there are some pieces
that I feel I do not understand. Specifically, I would like to understand
start to finish, how it happened, where I went wrong, and how to prevent
it. Here's the executive summary.
We installed IIS 5 on a server,
>From security books I've read it's not hard to
eavesdrop on network communication using tools like
dsniff, even in a switched environment. My
understanding is that it is accomplished quite easily
by ARP poisoning your victim in thinking your
machine's MAC as the router MAC & after interception,
re
On Tue, 2002-11-05 at 23:35, Mayur Kamat wrote:
> Newbie question: I need to setup up a secure webserver. Do I install apache
> 2.0 and then go for mod-ssl or open-ssl OR do I directly opt for the
> apache-SSL project? which one is better in terms of security, functionality
> and convinience (in th
I just rolled it out across five sites with about 80 desktops & I'll have to say it's
been a lifesaver. We are a mixed Novell/NT/Linux environment & so far it's worked
great.
All of the tools have worked as expected. My only complaint is that there isn't
really a Linux piece for it. I partic
Hello,
I'm looking for your response on ActivKey Solution by ActivCard. If anyone
have implemented this solution, could you kindly provide your feedback (any
price, features, etc.)
I'm on researching phase, so any input would be greatly appreciated.
Thanks
_
Hello list!
I will work in a project where phisical security will be based on
biometrics, in fact only will be based on fingerprints biometric.
How secure are fingerprints?, what biometric are more secure? (voice,
eye, ??? what else).
I'm not a security expert :-)
Thanks a lo
-BEGIN PGP SIGNED MESSAGE-
The Cisco routers are based on the same IOS as the pix firewall. You
can set ACL's for management on the Cisco routers, for the interfaces
and the console ports.
- -Original Message-
From: John Canty [mailto:John.Canty@;Vibro-Meter.com]
Sent: 05 Nove
26 matches
Mail list logo
