Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
3
votes
3 answers

Allow internal DNS to be queried from the DMZ?

We have a mail gateway running in a DMZ, which is a relay for our internal mail server holding all the mail. We have come accross the need to use DNS from the DMZ to resolve names of internal services (such as the internal mail server, etc.). Should…
David
  • 387
  • 1
  • 7
  • 16
3
votes
2 answers

Apache security - list all possible handlers / actions

To ensure there aren't security weaknesses that can be exploited via .htaccess, how can we see all possible handlers that Apache can use via directives like SetHanlder and AddHandler. I know I can find some by looking at the output of mod_info or…
sa289
  • 1,318
  • 2
  • 18
  • 44
3
votes
1 answer

Audit Logs for Environment Path Changes

Something (or someone) keeps changing our environment path variables on several of our servers. I have the Audit Policy (under local sec pol) set to Success, Failure for all but Process Tracking (which is just failure). However, when changes are…
John S.
  • 141
  • 1
  • 5
3
votes
2 answers

How worried should I be about unsecured HTTP on a "private" network?

So I've joined a new team, which develops and operates a service available on the Internet. It's aimed at B2B use rather than consumer, although anyone can sign up for a low-tier account to check it out (you don't get anywhere if your potential…
Anon
  • 33
  • 2
3
votes
1 answer

how to block all requests from URLs with MSDOS device name using isapi filter cve 2007-2897

I recently had an audit report on my windows server 2008 R2 and it failed with the error/vulnerability: Microsoft asp.net ms-dos device name DoS www (443/tcp). I have not been able to find any solution to fix this vulnerability yet as noone of the…
Musa Zargar
  • 31
  • 1
  • 2
3
votes
1 answer

Automatic unlock bitlocker to go (usb stick) on domain computer

Is there a way to automatically unlock bitlocker encrypted USB sticks on windows computers that are domain joined (8.1 Enterprise)? (e.g., based on the "BitLocker identification Field"?) The scenario I'm thinking of is that the IT department…
Robbie
  • 163
  • 6
3
votes
6 answers

default ubuntu install, is it hackable?

Coming from a windows background, and I have admin'd a windows box for years now and I pretty much just have to install the patches (actually auto update takes care of that!). I am thinking about playing around with slicehost, and want an if a…
user21317
  • 31
  • 1
3
votes
1 answer

How to handle vulnerability searches in IIS?

I have a web server running an ASP.NET web application on IIS 8.5. I noticed that several 404 errors were logged by the application which are not related to my application in anyway. Here are few example…
jorel
  • 133
  • 3
3
votes
1 answer

VLAN isolation failure with HP Procurve, Juniper Netscreen

I'm having problems with hosts being able to ping other hosts they shouldn't be able to communicate with. Fairly simple network - relevant hardware: HP Procurve 2810-24G switch Juniper Netscreen 208 firewall Netgear GS-108PE switch I simply want…
Phil K
  • 61
  • 5
3
votes
3 answers

Secure internet accessible NAS

I would like to be able to set up and access a NAS securely via an internet connection. I would like to use an existing linux server I own, so essentially I am looking for recommendations for which software would be ideal.
Martin OConnor
  • 131
  • 1
  • 3
3
votes
1 answer

How to detect Bios Rootkits on a server mainboard?

I recently read about a talk by Corey Kallenberg and Xeno Kovah given at the CanSecWest-conference which describes how the firmware of a server mainboard can be reprogrammed to include malicious software. This has left me really worried! I'm now…
pefu
  • 679
  • 1
  • 6
  • 24
3
votes
1 answer

Is setting a Content Security Policy incompatible with Joomla's admin page?

I'd like to set a content security policy header for a Joomla website running on Apache 2.4. Using this configuration from h5bp and setting Header set Content-Security-Policy "script-src 'self'; object-src 'self'" gives me a blank page for the…
Tom Brossman
  • 301
  • 4
  • 13
3
votes
2 answers

How to implement table security without SUPER privilege?

A MAJOR provider of cloud-based MySQL does not grant the SUPER privilege to the master user. The provider is Amazon RDS, but my question isn't about Amazon RDS specifically, it's for the general case of the database owner/administrator not having…
Alex R
  • 1,063
  • 3
  • 14
  • 29
3
votes
1 answer

Need advices on iptables

Helly guys ! :-) . I need a (several?) advice(s) from you about my iptables setup. I'm pretty new to iptables, and this is the first time I configure a server with iptables ONLY as a firewall (we don't have money nor time to set a "true" firewall…
iptablewnew
  • 33
  • 4
3
votes
1 answer

What is the best way to isolate permissions to a role, where traditionally role-based security is not implemented?

The particular example I'm pursuing here is a having a deployment officer role. Typically, this would be performed by one particular employee, but that employee can get sick, fired, go on vacation, etc. So from a Windows security perspective, this…
Chris B. Behrens
  • 671
  • 1
  • 6
  • 12
1 2 3
99
100