Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
4
votes
1 answer

How to audit a specific folder in Windows Server 2003?

We have had several cases of file deletion in one of our windows file servers. Server is also a domain controller. Unfortunately we kept the auditing disabled completely due it being such a resource hog. So I was wondering If there is a way to audit…
0xdeadbeef
  • 397
  • 6
  • 13
4
votes
5 answers

Is iptables enough security, if port 80 is the only unblocked port and apache is setup correctly?

We are using PHP,MySQL,SVN, and Apache. I want to know if I assume the local subnet trusted, and allow all ports on our subnet using iptables, then allow only port 80 as open to "anyone". If it is "good security" taking that the subnet is trusted as…
Joshua Enfield
  • 3,454
  • 8
  • 42
  • 59
4
votes
6 answers

Small business: what should I know about computer security?

I run a small (1 man) consulting company in the field of embedded systems, working from home using a standard DSL internet access. My main development machine is a Windows XP PC, which is connected to the router with an ethernet cable. I also have a…
geschema
  • 205
  • 1
  • 7
4
votes
4 answers

Determining who is running with administrator rights?

I work at a small non-profit organization with about 55 desktop PCs running Windows XP Pro. The domain controller is running Windows Server 2003. I have a two-part question (note that I'm a bit of a newb when it comes to network…
Alex C.
  • 121
  • 5
4
votes
1 answer

nikto probe warning messages

I have a pretty standard VPS running Ubuntu 8.1, Apache 2.2, PHP 5 etc. -- standard Lamp stack. I am using suhosin and have tried my best to plug the obvious stuff, since I'm the only user-- there's no SSH access except via pubkey on a non-standard…
julio
4
votes
3 answers

Comparison of Firewall, Intrusion Prevention, Detection and Antivirus Technologies in Organizational Network Architecture

in these days i'm reading about intrusion prevention/detection systems.When reading i really confused in some points. First, the firewall and antivirus technologies are known terms for years, however now IDS becomes popular. My question…
Berkay
  • 431
  • 4
  • 18
4
votes
3 answers

How secure is a VPN connection over WiFi?

I travel a lot and connect to public wifi hotspots all the time. What information will be given out if I use VPN within public wifi hotspots? Will the owners or intruders in the hotspot be able to detect the websites I go to (DNS lookups, Traffic…
Pasta
  • 302
  • 1
  • 12
4
votes
7 answers

Host's sysadmins - can they view files?

Just a quick question. When using shared hosting, can system admins (employed by the host) access your files and read your database connectionstring details? Can they also access your database, and view the files, without a connectionstring? I'm…
FullTrust
  • 185
  • 2
4
votes
1 answer

SQL 2005 Security - Users: What are they used for? (and other various questions)

I am not a DBA and so dont really know anything about SQL 2005 security settings, etc. I am attempting to set up an empty copy of our database by generating the full database from SQL Management Studio generated scripts. Unfortunately I don't know…
MrLane
  • 247
  • 1
  • 3
  • 9
4
votes
3 answers

Backup security: Why same keys to backup and restore?

I'm evaluating some backup tools to find a good solution for my scenario and I was wondering about a common security choice in a lot of these tools. I've noticed that backup software commonly encrypt backups and restore files from encrypted backups…
Andrea Zilio
  • 173
  • 5
4
votes
2 answers

What are some good security audit tools for PHP web applications?

I'm interested in finding open-source tools for auditing some PHP code I didn't write, before putting it into production. I'll need black-box HTTP-probing scanners as well as static code parsers/analyzers. Where can I find a good comprehensive list…
Alex R
  • 1,063
  • 3
  • 14
  • 29
4
votes
1 answer

Removing Debug-Program privileges via GPO - should I leave Local System?

Per recommendations from SANS and others to mitigate against hash dumping and other attacks, I'm looking at defining the 'Debug Programs' user rights assignments using a group policy. When not enabled, the default policy is to allow this privilege…
nedm
  • 5,630
  • 5
  • 32
  • 52
4
votes
5 answers

recommend firewall options for a dedicated server

I'm looking for recommendations on firewalls for a dedicated server that will be hosting a few websites of average traffic (5000 uniques monthly). the hosting company has port and full hardware firewalls. There's also the option of installing…
FiveTools
  • 197
  • 6
4
votes
7 answers

How do I securely execute commands as root via a web control panel?

I would like to build a very simple PHP based web based control panel to add and remove users to/from and add and remove sections to/from nginx config files on my linode vps (Ubuntu 8.04 LTS). What is the most secure way of executing commands as…
Chris J
4
votes
2 answers

what chmod and owner:group settings are best for a web application?

we are configuring a PHP web application on CentOS and have all our files currently in /var/www/html/project/ Apache is configured to run as apache:apache and has access to the directory above. Right now our files and directories have the following…
solsol
  • 1,121
  • 8
  • 21
  • 31
1 2 3
99 100