Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
3
votes
2 answers

readonly mode for SMB Windows backups on Samba Server to prevent encryption/manipulation

There seems to be just another huge attack with crypto trojans. I have an office here, where I am responsible for the samba server that receives the windows backups (with windows backup tool) In an efford to make the encryption of backup-data…
moestly
  • 1,188
  • 9
  • 11
3
votes
4 answers

Signed executables under Linux (or other OS's)

This question was asked first at stackoverflow. After 60 views, I got just one response. Now I'm trying serverfault - that's a pertinent topic for here, I guess. For security reasons, it is desirable to check the integrity of code before execution,…
TH.
  • 205
  • 1
  • 10
3
votes
4 answers

What is a secure way to transport hard drives?

I would like to transport several gigabytes (apx. 250 GB) worth of sensitive data from one location in the US to another. It seems at the moment the easiest way to do this is to ship an encrypted hard drive containing the data. What options are…
MiffTheFox
  • 152
  • 2
  • 12
3
votes
0 answers

Restricting query types in Bind9

The network is relatively straightforward: on the inside there is Active Directory, in the DMZ is a BIND9 DNS forwarder. The Active Directory domain controller is the internal DNS server for all Windows clients and all machines must use the DNS…
Joe Dohn
  • 31
  • 1
3
votes
2 answers

What are possible security issues with TLD not being secured with DNSSEC, even if subdomain is?

We are working on a stablished network with a BIND9 server running (as well as many other services). I'm learning and trying to reorganize the old configuration files to comply with the present day (Many dead machines, unused names, reverse mapping…
Mathias San Miguel
  • 33
  • 2
3
votes
1 answer

Decrypting ESP Packets with IPSEC Transport Mode if Pre-Shared Key is Known

I am reading up on IPSec, and was wondering if I could use wireshark to decrypt ESP packets from IPSEC transport mode sessions that are using a preshared key . From reading this thread, I have gathered that even if the preshared key is already…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
3
votes
1 answer

Azure Active Directory account auto-expiration

I need to set some user accounts in AAD to expire in some time. For example, students in the university should not be allowed to access class sharepoint site after graduation (4 years). Is their some automatic mechanism to do this? Mainly I'm…
Ryan
  • 187
  • 1
  • 1
  • 8
3
votes
0 answers

Constant Audit Failures in Event Viewer from Users not logged on

Let me start off with some details on my environment: Windows Active Directory Domain Environment Domain Controller: Windows Server 2003 R2 Problem Workstation: Windows 7 Professional 64-bit Lately I've gotten reports of Domain User Accounts being…
OilyBusiness
  • 31
  • 3
3
votes
2 answers

Handling keyboard-interactive inputs with Ansible

I have setup a few GNU/Linux (Ubuntu and Amazon Linux) servers to prompt for Time-Based OTP using google-authenticator module for PAM and the keyboard-interactive:pam SSHD authentication method. I'm struggling to get ansible to prompt me for the…
eternaltyro
  • 262
  • 2
  • 14
3
votes
1 answer

how to disable run via search on Windows 10?

We are trying to prevent our users from running various commands that we don't specifically approve. We have implemented Applocker, but that doesn't prevent the user from running commands beginning with rundll32.exe or regsvr32.exe. In previous…
curwin
  • 111
  • 1
  • 6
3
votes
2 answers

ProFTPD: The meaning of the "TLS Verify Client" and "NoCertRequest" in the TLS configuration

I know that per default FTP is insecure, because it is not encrypted. To avoid this insecure behavior of FTP, I want to set up a TLS encryption in my ProFTPD. Pursuant to this tutorial here:…
Wubi
  • 83
  • 1
  • 9
3
votes
3 answers

MySQL connection security

I have 2 Windows 2003 servers. One is running IIS with Microsoft's FastCGI extension and PHP. The other server is running MySQL 5.1. I want to setup some PHP applications on the IIS Server and have them use databases on the second sever. What do I…
Brian Lyttle
  • 1,757
  • 1
  • 17
  • 17
3
votes
3 answers

Why would I pick IPv4 or IPv6 for SSH access?

I'm setting up a Linode server and the Getting Started security guide suggests disabling ssh access over either IPv4 or IPv6 so that I only have one of the two enabled. I understand the general theory of reducing attack surface, but why would I…
Moshe
  • 160
  • 1
  • 9
3
votes
1 answer

HTTPS over third-party SSH tunnel. Is it safe?

I just get a Linux server from a third-party. Then I create a SSH tunnel via SecureCRT: https://www.vandyke.com/support/tips/socksproxy.html , where the Linux server is used as the Gateway Server. However, the Linux server is not 100% safe since it…
alancc
  • 141
  • 12
3
votes
1 answer

Best development setup for multiple server roles?

At the company I work for we have a pretty complex development environment. Our system runs on several servers, each server fills a different role and has its own code base. There might be more than one actual server for each role (for example we…
Ken
  • 181
  • 1
  • 4
1 2 3
99 100