Thursday, 5 July 2007
|
| Higher-End Home FW Question bPstyles 20:03:33 |
| | I would love to get my hands on a Fortigate 60 box for my home network. I
am really looking for something that will do FW, IDS, shaping as well as
virus and malware filtering... on one platform. Is there another company i
can look at that isn't as expensive as Fortinet? I'd rather not spend about
$700 on it. Thanks.
|
| |  46 answers | Add comment |
Wednesday, 9 May 2007
|
| Remote computers and Norton FW 2005 Shegeek72 14:12:31 |
| | I was "forced" to upgrade from Norton FW 2003 to 2005 since they no
long support 2003. I guess it was for the best 
I have a question about attempted connections from remote puters. In
2003 FW they were auto-blocked. However, in 2005 you have to manually
decide what to do with each one. I always block even though Norton's
recommendation is to "always allow." Aren't most attempted connections
from remote puters malicious? I tried connecting to a few of the DNS
addresses, most were refused and one was from an obscure website.
Thanks,
SG
|
| | 1 answer | Add comment |
Tuesday, 26 September 2006
|
| backup checkpoint NG management server Luciano Talarico 21:35:35 |
| | Hi to all,
I would like to do a full backup of objects, policy package and
evrithing about a checkpoint management server.
I think that if i create a tar file of the most important directory
shuld be ok, but I ask you if there is an official procedure to do a full
secure backup.
Thanks for answer
Luciano
--
www.luciano.talarico.it
|
| | 4 answer | Add comment |
Monday, 14 August 2006
|
| w2k3 server hooked to the www Guest 21:08:13 |
| | Hi All,
I have a customer who I have safely tucked behind
iptables. She has a w2k3 server running an M$ SQL
based administrative program on it. The firewall
accepts no SYN packets. All in fine.
But, now whe wants a second w2k3 server that
need to talk to the first w2k3 server AND is open
to the web. The idea is that users (about 5000
of them) can remotely log into the second w2k3 server
and do maintenance on their records. The second
w2k3 server will also have a credit card payment system as
well. Neither server uses any open source products:
only M$ products.
Now I am freaking out. I am thinking that all I reasonably
can do is to forward http and https packets to the second server
and install obnoxious passwords on every computer. Maybe
install a third nic in the firewall and only allow M$ SQL traffic
to enter the local network?
Any one have any advice/recommendations?
Many thanks,
-T
|
| | 1 answer | Add comment |
|
| pam_cracklib required characters not working Van P Trinh 21:03:25 |
| | I'm using RHEL4 2.6.9-34.0.2.ELsmp, pam-0.77 (according to
/usr/share/doc/), I'm trying to see why the negative value for credits
don't seem to do what they claim:
Here is my pam configuration
...
password required /lib/security/$ISA/pam_cracklib.so \
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
---
I'd expect that the password must have at least 1 digit, 1 uppercase
and 1 other character but this password "darkwater" is accepted??
Am I mis-configuring my pam_cracklib or is the negative value for
credits not being supported?
|
| | 3 answer | Add comment |
|
| Somebody is keep trying to ssh into my systems, how can I stop that? Gs 20:51:50 |
| | I have my LAN setup with Broadband router, somebody is trying to ssh
into my systems, how can I stop that, Is it possible to drop the packet
at Network (at MAC level) level?. thanks.
|
| | 237 answers | Add comment |
|
| Initiate SSH session from other side? Dspfun 20:16:56 |
| |
Is it possible to somehow trigger an SSH session from inside a network,
so that I can use an SSH session from outside the network into the
network? For example by having a program (crontab) or something
initiating the SSH session from inside the network to a specific
IP-address and port number? The problem is that it is not possible to
directly ssh into the network from outside the network.
BR!
|
| | 2 answer | Add comment |
|
| Benefits of VNC over RDP Darkmoo 18:58:13 |
| | I've seen alot of outsourced IT companies use VNC on every machine they
remotely manage for client sites. Whats the benefit of using VNC
(tightvnc) over RDP?
|
| | 6 answers | Add comment |
|
| PuTTY for Windows x86_64 Guest 04:49:41 |
| | I have made a x64 build of PuTTY that will run natively on Windows XP
Professional x64 Edition and Windows Server 2003 x64 Edition.
Download installer executable here:
http://home.no.net/nxs/files/putty_x64_setup.exe
Download fixed source (no patches yet):
http://home.no.net/nxs/files/putty_0.58_x64_source.7z
I mostly changed SetWindowLong to SetWindowLongPtr in the source code
which is required when building for x86_64.
This is only a Windows 64-bit build. No alterations or optimizations
has been made for 64-bit Linux.
|
| | Add comment |
|
| secure ethernet device? how about those on /proc /sys /dev/shm /dev/pts Guest 04:33:15 |
| | hi
almost every device on linux has a "file" to it, eg, /dev/hda, and
normal user can't write to it.
how about securing those interfaces showing up on "ifconfig"?
also how should I treat those files on /proc /sys /dev/shm /dev/pts
/proc/bus/usb etc ?
|
| | 1 answer | Add comment |
|
| what is the security model of linux? Guest 04:29:35 |
| | hi
what is the security model of linux?
I mean the OS , not application.
I try google, but there is nothing too useful to shape my ideas.
|
| | 1 answer | Add comment |
|
| Cleaning out unneeded executables Guest 04:28:19 |
| | Howdy,
Well after a few days of compiling, scripting, hacking, tuning,
busting, boobytrapping, and generally munging my default linux
installation I am nearly ready for public access. This was a _base_
installation of a major distro that will for the moment remain unnamed.
"find" tells me a I have something in the neighborhood of 11000,
(THOUSAND) executable files on my box. Hmm. Obviously strict permission
are not required to publish an RPM. 
Anybody got a script for recursing through all this unneeded crap and
sorting the wheat from the chaf?
-Thanks
-Matt
|
| | 19 answers | Add comment |
|
| best distro for security Marco 04:08:04 |
| | Hi,
I'd like to place a Linux-based pc to handle my internet connection,
getting it from the adls line and sourcing it to the pc on a
Windows-based net. It has to be placed as a "filter" in between the
internet and the Win computers. Which distro would you suggest me? Any
comments, tips, tricks on the way I should do that?
Thanks so much for youyr help,
Marco
|
| | 29 answers | Add comment |
|
| suid/sgid suggestion Guest 00:06:54 |
| | can someone give opinion on the following files being suid/sgid, or
best not.
thanks.
find / -type f \( -perm -04000 -o -perm -02000 \)
/bin/su
/bin/ping
/bin/passwd
/bin/mount
/bin/umount
/usr/bin/screen-4.0.2
/usr/bin/rsh
/usr/bin/ping
/usr/bin/sudo
/usr/bin/gpasswd
/usr/bin/chfn
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/write
/usr/bin/expiry
/usr/bin/chage
/usr/bin/rcp
/usr/bin/rlogin
/usr/bin/sudoedit
/usr/lib/pt_chown
/usr/lib/pppd/2.4.3/rp-pppoe.so
/usr/lib/pppd/2.4.3/pppoatm.so
/usr/sbin/traceroute
/usr/sbin/ssh-keysign
/usr/sbin/rscsi
/usr/X11R6/bin/Xorg
|
| | 7 answers | Add comment |
Sunday, 13 August 2006
|
| script in crontab Guest 05:05:33 |
| | Hello All,
I am a new member of this group.Can some one help me in writing the
script for detecting a folder or file creation?
I have cygwin SSH running on a Windows 2003 Server.I would like to run
a program everytime a user uploads a folder containing files or just
files on to a directory.Can someone give me the script that I need to
put in my crontab file for the required and I would like to run the
script say every 1hr for detecting folder/file creations and would like
to run the program based on this.
Your help is appreciated.
Thank you,
Madhuri.M
|
| | 6 answers | Add comment |
|
| Re: new malware info Willbill 01:57:13 |
| | George Macdonald wrote:
On Tue, 13 Jun 2006 14:03:43 -0500, willbill <trek@worldwide.net> wrote: fwiw, i clearly have something on my>>Win XP SP2 machine.  >>i noticed it 2 weeks ago (during a 100GB d/l>>day via dial-up modem)>> and again this past weekend> Symptoms?
2+ weeks ago, my next to last session, of the
100GB day, i'd downloaded ~3GB of a Nero 6 update,
(via a d/l manager) and looked at the I/O stats,
that the XP dialer was showing, and saw that i'd
sent *out* about 1.5GB of data!
i of course cut the connection; easy to do when
one has an external modem. a bit of a pain with
XP (as opposed to 98SE), but no big deal with XP
a similar thing again happened this past weekend
too bad i didn't think to take a long look
at my s/w firewall logs.
the whole thing doesn't make sense.
assuming i'm correct (and yes, i could
be wrong about this) why would anyone
want to sift thru gigs of my data?
i'd think that 99+% of the stuff that's
on most PCs is not worth taking the time
to actually look at
i don't keep sensitive stuff on my PC.
no checking account stuff, no credit
card stuff, etc.
the one minor thing that i did have on it
was the password for my dialup ISP account
(which i changed this past Monday)
which got me around (finally) to using>>a h/w router (that i bought 18 months>>ago but never got around to using it)>> for the moment, the router has saved>>the day
So the router's blocking the trash chat of the worm/trojan/whatever?
i hope so; meaning that i think that
it is, but i'm not totally sure at
this point
problem is that i've got no real-time
insight into what is actually going on
with the in/out data transfer of the
external modem any more (since the
router deals with it and my PC doesn't
see the external modem any more)
i like what i've learned (so far) about
using a router with a single personal PC
(or 2 PCs when i get my new machine fully
functional)
i've yet to do an update with microsoft>>for XP SP2. i mean, the whole thing has>>looked beyond daunting to me>> any suggestions on how to *best*>> (without screwing everything up,>> and with minimizing future update>> download volume and times) will be>> VERY much appreciated!!> Run MSCONFIG and check Services tab with "Hide All Microsoft Services"> checked
how interesting
that does make it easier to see the 3rd
party s/w that is running on XP
does checking it do anything else?
i mean, XP does the usual thing and states
that i have to reboot for all changes to
take effect
this is one time when i have to think
that nothing will be different when
i reboot
- also look in Startup tab for suspicious prog names;
nothing. i've looked with my old ZTree
file manager, which i have confidence
shows me *everything*
you should> only find things to do with required progs like for video, chipset, sound,> AV, etc. Generally malware will put itself back in Services or Startup on> the next reboot if you disable/remove it... and often even without a> reboot. > Go to www.sysinternals.com (Mark Russinovich is the guy who exposed the> Sony Rootkit) and get Rootkit Revealer and Process Explorer.
thanks for the ref.
Again check> for suspicious stuff... and read the instructions on what might be "normal"> for Rootkit Revealer. Try to get details on every process shown by Process> Explorer, so you're satisified it's benign. You'll probably find some> other interesting software there for poking around in files and system.> I assume you have some kind of Anti-Virus software but it finds nothing?> Try running it in Safe Mode before giving up with it.
good idea
at the moment, my running s/w, for firewall and
virus, is System Suite 6 Pro by VCOM
now that they've been bought out, i am
distraught in that i had some trust
with VCOM products, and seriously suspect
that i no longer can
Also get and run> Ad-Aware, Spybot S&D and Ewido... with their latest definitions.
i don't think so
i bought one of them (not your list)
and it didn't do squat, just slowed my
machine down
Again,> Safe Mode will have a better chance of removing villains.
thank you again (and to NNN) for that
i booted XP into safe mode and ran
both the SS6 virus checker and also
the SS6 malware checker, with no finds
If you have to resort to manual removal of anything, you'll have to weigh> the estimated time to complete -- it can be considerable -- against the> "cost" of a clean reinstall.
i'm NOT gonna do a reinstall!
i mean, what is the price i pay? that some
spybot pgm is sending my data out
other than that, when i'm offline, there
are no issues
I've never had to do a clean reinstall to rid> (other peoples' computers of malware *yet* but some of them have been> very time-consuming... days is not out of the question if you count all the> research and searching.> I'd strongly advise getting the Windows Updates..
i totally agree
what a PITA this whole Win XP thing is
i never did an update with Win 98SE
and note that you'll very> likely get download failures with a bunch of messages in WindowsUpdate.log> which say "Download failed due to regulation". M$ has no one explanation> or fix for those but eventually, days or even weeks, they seem to go> away.<shrug>
aw geez
not what i wanted to hear.
aside from that, thank you very much
for your detailed comments
at the moment, i'm taking a long hard
look at a better, more expensive, router
that offers real-time I/O status of what
is going on with the modem
bill
|
| | 86 answers | Add comment |
Saturday, 12 August 2006
|
| Key establishment question Jack 18:53:37 |
| | In Internet, when two computers need to establish a secret key, the two
machines need to exchange two random numbers, e.g., R1, R2, if
Diffie-Hellman is used. How are the two random numbers exchanged? Are
the two numbers sent as TCP/IP packets? How is Diffie-Hellman
implemented in Internet? Thanks a lot.
Jack
|
| | 4 answer | Add comment |
|
| Best Windows Software Firewall for Power Users Guest 18:15:14 |
| | Greetings all,
I hope my thread title described what I'm looking for fairly clearly.
I've spent the last day looking for a decent replacement for Kerio
Personal Firewall 2.x and have gone through about 15 software packages.
Nearly all of them were terrible.
A good number of them would easily let in rogue traffic because they
don't let you configure the firewall enough, relying on "automatic"
rules. Most were designed for Joe User who does not have a clue about
the structure of the Internet and in any case they lacked the
functionality and simplicity of Kerio PF 2.x.
Kerio PF 2.x (and to a much lesser extent, Kerio PF 4.x) had a very
well thought out and effective interface. Building firewalls around
the paradigm of "allow all traffic from port 80, POP3, FTP, etc." does
not make sense for the modern desktop user. This is one reason why I
don't have all that much respect for hardware firewalls. This one size
fits all rule does not apply in modern desktop computing. Today's user
encounters a multitude of new software every day which may want to
connect to the Internet, and every piece of software will have to be
handled differently.
Kerio PF 2.x was built around the paradigm of "program control", i.e.
every new program must be cleared before access is granted and denied.
It then offers "port control" within each and every program. P2P
programs use every port in the book so it makes sense to allow all
their traffic through, while it might be useful to block port 80 from
Outlook, for example.
None of the firewalls I used gave me this kind of functionality.
Locking down an application to only one port takes 3 clicks with Kerio
PF; it would be many, many more clicks on the newer firewalls, and even
then the feature may not be available.
Another major difficulty I had is with "security levels". As the old
saying goes "Keep It Simple, Stupid". This is something newer
firewalls refuse to do. One had an option of 10 different security
modes. Let's go back to Kerio PF 2.x. Three security modes - Allow
All Traffic, Prompt User, Deny All Traffic. Simplicity. That's what
the advanced user loves, don't you think?
There is so much bloat and irrelevant features in these products. Have
they forgotten what a "firewall" is supposed to do? No, it's not
supposed to be an anti-virus, a pop-up blocker or a content blocker. I
simply want it to be a FIREWALL.
Does anyone know where I can find a software firewall with the features
that Kerio PF 2.x had? Maybe even a clone of that version is in order?
All the newer firewalls seem to be made with Joe User in mind: "let's
churn out any old firewall for these idiots - they'll buy it anyway and
think it's great".
BTW, I would continue to use it but the latest version in 2.x has a
known issue whereby it will crash at a certain interval, thus making it
unsuitable for an always-on connection.
Thanks if you can help. If you can't, it looks like it's almost
impossible to get a decent software firewall and I'll have to run a
Linux box to do it instead. And sorry if this is a bit long..
Anon.
|
| | 8 answers | Add comment |
|
| What application Tim 08:08:17 |
| | What application utilizes port 63000 and >.
I am seeing alot of traffic on these ports and I'm guessing they are
bittorrent related. Any clues?
|
| | 3 answer | Add comment |
|
| Official warning on Windows bugs Imhotep 07:19:29 |
| | Official warning on Windows bugs
"The US Department of Homeland Security has urged Windows users to install
the latest patches from Microsoft as quickly as possible."
http://news.bbc.co.uk/2/hi/technology/4782811.stm
--Imhotep
|
| | Add comment |
|
| advapi.dll security question Jjoensuu 05:56:34 |
| | Hi all,
I happened to come by an old article (dated 04.09.1999) about NSA
having something to do with an extra set of keys inside the Windows
advapi.dll file. According to the article the extra keys are in this
dll on every version of Windows between Windows 95 OSR2 and Windows
2000.
Three questions that came to mind:
1. has anything similar been reported about Windows XP?
2. what kind of software would one use to check the dll for keys?
3. if answer to 2 is "hex editor" or other low level editor: how would
you know that you have found a key?
cheers,
JJ
|
| | 2 answer | Add comment |
|
| how to detect successful intrusions Rob van Riel 05:11:22 |
| | I might be asking something stupid or impossible here, but how would I be
able to determine if my system has been broken into? No matter how tight
your defenses, there always the possibility someone might get past them.
If this occurs, I'd like to be able to spot it, and devote some attention
to kicking the intruder out and closing the breach.
Rob
|
| | 14 answers | Add comment |
|
| 4000 to 5000 TCP hits in my Firewall log?? Guest 01:59:03 |
| | We have a small office network (5 computers) and each has PC-cillin
Internet Security 2006 installed. On 1 computer the firewall log is
showing 4000 to 5000 entries every day. All of these are from the same
computer on our network, all are directed to port 135. However, a
virus scan of that computer comes up clean (with PC-cillin, McAfee's
online scanner & MS's Malicious software tool). Can anyone tell me
what is going on here? Is there anyway to stop it?
Some typical entries in the log are:
TypeTimeProtocolSource IP AddressSource PortDestination IP
AddressDestination PortApplication PathApplication
DescriptionDescription
Firewall0:00:17TCP192.168.1.1542630192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:00:20TCP192.168.1.1542630192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:00:26TCP192.168.1.1542630192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:01:11TCP192.168.1.1542633192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:01:14TCP192.168.1.1542633192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:01:20TCP192.168.1.1542633192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:02:05TCP192.168.1.1542634192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:02:08TCP192.168.1.1542634192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:02:14TCP192.168.1.1542634192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Firewall0:02:59TCP192.168.1.1542635192.168.1.100135C:\WINDOWS\SYSTEM32\SVCHOST.EXEGeneric
Host Process for Win32 ServicesSecurity rule matched
Thanks for any help,
Pdarrah
|
| | 8 answers | Add comment |
Friday, 11 August 2006
|
| Newbie... need basics Bruce 23:07:10 |
| | Hi... Before I ask any questions on any NG, could someone
give me some links to networking basics. I'm computer literate
but I've never had to deal with networks so I'm pretty ignorant.
I need to understand an existing small network that needs
to expand. It currently has a DSL line with a Netgear
8-port VPN Switch/Router/Firewall (VPN not used), a wireless
router, and a Print Server. I need to expand the network in
another part of the building where the wireless signal is weak.
The expansion is to attach more computers and a printer.
The DSL is only used for internet/email access. There is no
web services or other fancy needs.
I need to understand the basics of Routers, Switches, hubs,
Print Servers, hardware & software firewalls. I hope I don't
need to understand all the different protocols. My biggest
concern is to protect these new computers as they will have
sensitive data. So I need to protect it from outside the
firewall as well as computers from within the network.
Any assistance/links would be appreciated
--bruce
|
| | 7 answers | Add comment |
|
