Security :: Opening FTP Service On Public Facing Website For 3rd Party Maintenance Access

Nov 4, 2010

I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ? If yes, what sort of FTP application to install in your Linux webserver?

View 7 Replies


ADVERTISEMENT

Ubuntu Security :: Opening FTP Service On Public Facing Website

Nov 4, 2010

I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?

If yes, what sort of FTP application to install in Ubuntu ?

View 1 Replies View Related

Security :: Public Facing OpenVPN - Open Any Ports On The Router / Firewall

Feb 14, 2011

Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.

Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]

If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.

View 1 Replies View Related

Server :: Secure Bind 9 For A Public Facing Dns

Jan 20, 2011

I am just about to undergo a new peice of freelance work myself on Bind 9, but it has been ages since I have done this, this was on my own LAN with port 53? Blocked from outside, so mine is not public facing.

But this project is, what should I setup to make this truely secure, just to recap on my thoughts aswell, forward resolving is Domain -> IP is not it? Then Reverse is IP->Domain is not it?

View 3 Replies View Related

Networking :: Using A Public-Facing SSH Server To Broker A Connection Between Two Clients?

Feb 22, 2010

I'm sure this is possible... I'm just not sure how. Yet! I have three machines. One is at home behind my firewall and has a dynamic IP. That's fine as I don't really want to open any ports on my home firewall. The second is at work sitting behind the firewall there- and I'm not even going to ask for approval to NAT an IP to my PC at work :-).

The third is in a data center far away. I only have a shell account on this server but other than that shell account not being root, I can do most anything I like with that account. What I would like to do is SSH to this server simultaneously from my home and work PCs and, via this third machine, make them talk.

This is pure geekery so it doesn't matter what they say to each other; I just want to make them talk. Maybe one uploads a file and the other just pulls down that file. Maybe one opens a FIFO on the remote server and starts writing to it while the other starts snarfing that data. In fact, I like this latter idea best, I think. How would you do it? What scripts (fired by cron if need be since I'm ostensibly away from at least one of the PCs at any given time) would you use?

View 1 Replies View Related

Ubuntu :: Apache - Website Maintenance Written In ASP

Apr 29, 2010

I was asked to take over maintenance for a web-site written in .asp. Can Appache handle it installed on linux, as a local test-server?

View 2 Replies View Related

OpenSUSE :: Website Design / Maintenance Tool Sets

Oct 15, 2010

Two part question:
1. what tools are recommended for designing web pages?
2. What tool sets are recommended for maintaining them?

I suspect that the first question really addresses the second rather than the literal question because of the source of the request. Here's the environment. A small church wants to post and maintain a website. Various non-tech persons will be responsible for maintaining much of
the content of the site. This tells me that they want/need a site that contains the necessary content maintenance tools within the site itself, not a tool on the individual desktops with the only real need for the design/dev tools being for initial construction of the site and a GOOD book on site design to guide construction of the site in the first place.

View 9 Replies View Related

Security :: Restrict A User To Access Particular Service?

Sep 24, 2010

I heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny

View 3 Replies View Related

Ubuntu Security :: How To Setup Web-facing Ssh Server Securely

Oct 18, 2010

I have a small network at my office (3 workstations, 1 ubuntu desktop that I'm using as a file server). I'm using a WRT54G2 router for networking and internet connectivity. Here's what I'm trying to accomplish: I want to be able to access my little file server from home, across town. I think ssh might be the best way to go now. What I don't know: How do I set up the ssh server on my machine/network without compromising my network security and the security of my server? Do I just set up port/ip forwarding on my router, install openssh, and that's it?

View 9 Replies View Related

Ubuntu :: Use Openssl Public And Private Keys So Only A Host With The Public Key Could Access / Decrypt The Filesharing

Aug 2, 2011

I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive

View 2 Replies View Related

General :: Cannot Connect To Service With Public IP Only With Localhost

Apr 20, 2010

I have installed Linux Mint 8 (based on ubuntu). And I have setup a webserver on port 8098.

I can connect to my webserver with http://127.0.0.1:8098, but when I try to connect to http://192.168.1.107:8098 from the same machine or another machine it doesn't work.

How can I get this working? Is there any default firewall settings that I have to change?

View 2 Replies View Related

General :: Maintenance - Make Changes In Maintenance Mode

May 4, 2010

I notice when Linux boots in maintenance mode the filesystem is read-only.

Is there a way to change this, perhaps remounting as writable?

An example of this being a problem is that I was unable to open vi because there were too many session files....

Not to mention it would be nice to actually fix problems....

What are you meant to be able to do if you can't make any changes to the filesystem? What kind of maintenance can be expected?

View 1 Replies View Related

Ubuntu Security :: Not To Send Any Data To Third-party-users

May 18, 2011

As I'm interested in user-behaviour-information-security I would like to know what I�ll have to turn off or to uninstall to make the ubuntu-pc-usage as anonymous as possible (no musicbrainz, cddb, or alike).I want ubuntu not to send any data to third-party-users.

View 6 Replies View Related

Ubuntu :: Firefox Crashes When Opening Music Website

Oct 19, 2010

I have a strange problem with my browser(s), even Epiphany....when I go to my music site [URL] then log in, go to my page and click on link to play a song the browser Crashes. It never did this before and I dont know what I could have done to cause this. It only does this on this website. Could it be that they use a Quicktime plugin to play the music? I don't know cause I used to be able to play music on there before. It doesnt do this on my Reverbnation site page, just Icompositions. If I click on the icon to restart browser a box comes up saying "we're sorry"...your browser crashed for no apparent reason.....and offers a choice to either reload the page (that repeatedly crashes) or start new session. It isn't a big deal but this never used to happen before. Could it be some bad code on that website?

View 1 Replies View Related

Security :: Support Of Third Party Tools Logs In Syslog/rsyslog?

Aug 23, 2010

I am searching that how i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog. Is their any possibility how can i achieve that

View 2 Replies View Related

Ubuntu Multimedia :: ITunes Store Access - Third Party Extension

Jan 4, 2010

I got about 30 bucks worth of iTunes giftcards I'd like to redeem, but Apple doesn't have iTunes support for linux. I installed it via wine, but I can't get the itunes store to open up. I've been trying for several hours to get a workaround, with no success, as follows:

1) iTunes on Wine (didn't work, like I said)
2) Sharp Musique (old thread, all the links were broken and it's not in my Synaptics repos)
3) Banshee iTunes Store extension*****

This last one with Banshee seems promising, but I'm getting nowhere. I've downloaded the third-party extension, installed the .deb, and followed the directions on the banshee webpage. Still, when I go under Edit>>>Preferences>>>Extensions, it doesn't show up. I found the install called "iTunesMusicStore.dll" in /usr/lib/banshee/Banshee.Plugins, and I've moved it to ~/.config/banshee-1/addin-db-001/addin-data, but it still won't show up in the plugins.

View 4 Replies View Related

Fedora Installation :: FC14 Very Slow Opening Website Pages?

Dec 27, 2010

I just installed FC14 on 2 different PCs. It takes over 40 seconds for either of them to open some webpages, ie amazons home page. It is not my internet connection. I can open the same webpage on both my Windows PCs in less than 5 seconds. I was using FC9 up until 1 month ago, and I believe it took about 15 seconds to open amazon, but I never actually timed it. I spend many hours a day on the internet and have used FC for many years. I have been very happy with it. Until now. My PCs are 1.8GHZ single processor and 2.4GHZ dual processor. Do I have to revert back to FC9 to fix this, or use a different distro?

View 4 Replies View Related

Security :: Laptop Wifi Security In Public Library?

Jul 8, 2010

I recently got a nice, lightly used IBM Thinkpad laptop. It has wireless capability for the Internet. Linux is the only OS in the laptop. At home, I don't have wireless-- I have a wired DSL connection for my laptop and for my IBM desktop (which also only has Linux as OS).

When I took the laptop to the public library, wireless is provided there for free and I had no trouble connecting to the system there. But since I'm new to wireless, what do I need to have installed to have a secure laptop when in the public library (or when I'm anywhere else that offers free wifi) using the wireless connection? [I use Firestarter as my firewall in the laptop and in the desktop.] Do I have to install some software to make sure my laptop is secured from spying and invasions when in the library or is the Firestarter enough? If Firestarter is not enough, what is that wifi security software by name?

[My OS is MEPIS 8.5, a Debian-based distro.]

View 2 Replies View Related

Ubuntu Security :: Basics Of Good Security Of Small Commercial Website?

Jan 17, 2011

1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?

2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?

3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?

View 9 Replies View Related

Security :: NAT 1-1 For Three Public IPs On Ubuntu

Mar 7, 2010

I am trying to figure out the best way to set up 1-1 NAT for three public ips to three private ips through a ubuntu gateway machine.

I am running ubuntu server 9.10 and the set up is:

Internet/ISP modem -> NIC 1 Ubuntu Gateway Machine NIC 2 -> Three PCs with Private IPs

I had a few questions on how to do this correctly and securely.

1) What packages do I need to install (aside from the basic ubuntu server installation and possibly DHCP3-Server)

2) How do I assign all three public IPs to the NIC connected to the ISP modem? All addresses will be static, will I need the DHCP3-Server package?

3) Once I have the three public IPs assigned how do I map each specific public IP to the private IP address associated with it and provide the correct loopback? I want to make sure each response from the internal machines are sent out as their specific public IP.

4) Aside from allowing all connections, how should IP tables be configured to allow web services to one internal machine, mail to another internal machine and DNS to the other internal machine?

View 14 Replies View Related

Ubuntu Security :: How To Export A Public Key

Jun 6, 2011

I've got a p12 certificate (I own the secret key), and I would like to export the public key to gpg keyservers. How to achieve this?It works flawlessly inside gpgsm and kleopatra, but I cannot send keys:

Code:
$ gpgsm --send-keys 0xDA4E5DD0
gpgsm: this command has not yet been implemented

View 1 Replies View Related

Security :: Strange Ports On Public Ip?

Dec 2, 2010

looking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now

View 4 Replies View Related

Ubuntu Security :: Import Public PGP Key Which Is Secret Key?

Oct 18, 2010

I have an encrypted document (with my key) which I should decrypt. After the generation of my key, my computer is formated and new reinstalled. Now GnuPG find my key public and I can't use it for decryption!

View 9 Replies View Related

Security :: Symlink On Public Folder - Problem Or Not

Jul 22, 2010

I have to make sym link of phpmyadmin in /var/www in order to run phpmyadmin. I read that links can't be chmod-ed. The link ot folder phpmyadmin has 777 permissions. When browse in it every file has only read and for the root read/write access.

Is that a problem (777 access rights on sym link phpmyadmin on /var/www folder)?

View 1 Replies View Related

Ubuntu :: Access To Exchange Public Calender?

Jan 26, 2011

I have an Ubuntu 10.10 in my work environment and have issues handling the Exchange 2007 server's public calender.My outgoing server is SMTP | Incoming server is POP3 (my office have disabled IMAP and run MAPI). First I tried evolution but it said ""The server is running Exchange 5.5, evolution-exchange connector supports 2000 and 2003 Server" Installed thunderbird and i am happy with it. The only thing which i would like to do is access my exchange public calender and firefox will not be able to do it in OWA.

View 4 Replies View Related

Networking :: Access Public IP From Local Subnet

Jan 22, 2011

does somebody know how dnsmasq / iptables need to be configured such that requests to my public IP from lan are correctly NAT'ed to the host that handles them? Currently my routing device treats them like "oh, these are anyway for me, gnam gnam" which actually doesn't work.Unfortunatly setting up NAT rules that redirect requests from my lan correctly as they are redirected from wan is an option I would like to use only if there is no other possibility.I would like some kind of solution that treats packets that are sent to my public IP as normal packets that are not looped back before they even get out. So they would need to be at least sent to the wan gateway where they are directed back where my firewall can successfully treat them like all other public requests.

View 1 Replies View Related

Networking :: Remote Access To LAN When Public IP Is Dynamic?

Feb 4, 2010

Is it possible to provide remote Windows users access to a LAN via the Internet when the LAN itself is connected to the Internet via a SOHO router that is assigned an IP address dynamically? An LQ thread from 2004 includes a suggestion to use VPN and DynDNS.com. Is that still a good solution? Are there any security issues?

Assuming:VPN is a good choice. DynDNS.com or similar can be used to give remote clients the public IP address of the SOHO router. the SOHO router is configured to forward VPN traffic to a Linux system acting as the VPN gateway. then, for a LAN of ~20 IP nodes and less than 5 simultaneous remote clients, are there any other VPN server software solutions to consider other than OpenVPN, Openswan and strongswan?

View 2 Replies View Related

Ubuntu Security :: Setting Up Public Key For Passwordless Ssh Login

Sep 8, 2010

I can't get this to work on my machines.

So far I have:

1. created a key with ssh-keygen on the server to be logged in to
2. copied the .pub key to my local machine
3. chmod 700 ~/.ssh on both machines
4. chomd 600 ~/.ssh/ic_rsa on the server, and on known_hosts on my local machine
5. added the .pub key to ~/known_hosts on my local machine

my local machine doesn't have an "authorized_keys" file which is what everything is telling me I should append my .pub key to. The only thing that was in my .ssh folder was known_hosts, so I tried that. I also tried making an authorized_hosts file to no avail, changing permissions appropriatly on all files.

Should I/Can I reset ssh in some way? Is there are reason I don't have an authorized_keys file or is my known_hosts file my authorized_keys file?

Would it be better just to uninstall/reinstall ssh?

View 2 Replies View Related

Ubuntu Security :: How Safe Are Updates On Public Networks

Jul 17, 2011

how safe is it to run Ubuntu updates when I'm connecting via a public network (wireless or wired) from a hotel (or other public settings). I'm not familiar with the internals but is there an additional validation mechanism for the package servers other than the URL ?

View 4 Replies View Related

Security :: Ssh Authentication With Rsa - Error Permission Denied (public Key)

Mar 24, 2010

I have trouble with rsa authentication:

I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys

I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect:
ssh sampleuser@sapleserver

I get that: permission denied (public key)... I know I do smth wrong but I don't know what.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved