Security :: Where To Put VPN Appliance?
Feb 3, 2010
I will soon have a setup consisting of a firewall with 1 WAN interface, and 2 LAN interfaces. One will be a DMZ (With ports forwarded to some servers from the WAN interface), and the other an internal LAN.
Now, I wish to install an OpenVPN appliance, so that i can access my internal network remotely. I'm just a bit confused *where* to place the appliance..
The point of me splitting up the 2 LANs was to avoid port forwarding onto the internal network...
View 2 Replies
ADVERTISEMENT
Mar 29, 2010
Quote: The boxes were designed to intercept those communications without breaking the encryption by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.
Complete Article It seems like the EFF is still trying to figure what the best way to protect against this sort of attack is. The idea they kicked around about using the Tor network to compare certificates in other geographical locations seems kinda clumsy to me, though. Surely they've got a better approach brewing. How about you guys? Any thoughts to share?
View 5 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Nov 2, 2010
We make network appliances for process control. The owners and operators are not supposed to open them. But they can.
For unrelated reasons, we put our homegrown software onto a USB that is inserted into the appliance. To keep prying eyes off it, we encrypt it. The key is on the appliance internal drive, which can be removed and mounted elsewhere by enterprising IP thief, who can then find the key to the encrypted USB drive.
Any ideas for closing this vector down?
For casual snoopers, we have password protected grub.
Calling cadillackid: would be very pleased to hear about your approach to locking down devices sent to remote premises.
View 9 Replies
View Related
Mar 17, 2011
I am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
View 7 Replies
View Related
Jan 30, 2010
I'm using VirtualBox 3.1.2 (r56127) on Linux (Ubuntu 9.10 64-bit). I'm trying to use Export Appliance utility to clone my virtual machines over local network using SMB protocol to NAS. I decided to do it because some machines are larger than free space on my local disk drive - lack of space for the clones. Simply, I specify GVFS path in the folder selection dialog box, for example:
/home/mloskot/.gvfs/mloskot on browarekhd/VirtualBox/clones
The process starts but after a minute or so the VirtualBox throws an error. Here is screenshot with the exact error:
Does it mean export over network is not supported? Does it mean there is a bug in VirtualBox? Or, simply I must not have used GVFS path as the one above as it consists of spaces in mloskot on browarekhd ?
UPDATE: Maciek suggested below to copy vmdk file to NAS manually. Generally, it would work, but as I specify in my question, I can't generate vmdk file (by exporting VM locally first) on my box where I keep all my VMs due to lack of disk space.
View 1 Replies
View Related
Jan 20, 2011
Id like to know if I can import my VirtualBox OSE from Ubuntu 10.10 to Ubuntu 11.10 coming up in April? I will hold off and wait until April, before purchasing my new computer, if I have to build the VirtualBox OSE from scratch, as I have spent a lot of time on it.
View 2 Replies
View Related
Nov 7, 2010
looking for a free LAMP appliance for my Ubuntu machine. I found a DubuntuServerAppliance, downloaded it,and unzipped it,I have a file on computer called DubuntuServerAppliance.ova, which I have no idea what to do with (I wasn't able to execute it, and I didn't find installlation instructions on the download web site).So I am looking for an alternative, or, in the alternative, information on how to install DubuntuServerAppliance.ova.
View 1 Replies
View Related
Apr 17, 2010
I have downloaded the Mediawiki demo appliance from UEC store. I have installed it and also it is running. I would like to know how to access the mediawiki demo appliance. I tried accessing it as [URL] but is not accessible.
View 2 Replies
View Related
Sep 16, 2010
This isn't exactly Ubuntu specific, but I do plan on using Ubuntu to try to recover this array. I've been using a Freedom9 freestor 4020 for the past few years and other than it totally blowing up last week it's been pretty good. I was on vacation for almost a month and a few days after I returned my NAS (freestor 4020) started acting up. I tried a few power cycles, but was dismayed to see that I could not log in via browser or SSH (SMB shares were no accessible either). A drive failure light is supposed to illuminate if a disk fails, but no dice.
I plugged all 4 drives from the NAS into an Ubutnu 9.04 Desktop system and one started throwing out all kinds of errors. Thinking that it would be a simple rebuild, I went to my local computer shop and picked up another 500GB drive (same manufacturer/part #), replaced the failed drive, and powered up the NAS again... Nothing. I left it for 12 hours then powered it down, plugged the new drive into my linux box again to see if it rebuilt... the drive was a virgin. What gives me hope that I can still recover the data is Ubuntu sees "RAID components" on the drives (through disk manager and parted), and gives me the option of initializing the array.
My plan of attack is to plug all of the drives back into my Ubuntu box, initialize the RAID array via LVM, and pretty much hope for the best. The data is not uber critical, but it would be a pretty big pain in the behind to rip/upload all the software that was on it (ripping hundreds of DVD/CD images is not fun). If my Ubuntu box can make sense of this newly initialized/mounted RAID set... I'll plug in a 2TB external drive, copy the data over, and rebuild the NAS from scratch, then put my data back on (perhaps a different unit, or something running openfiler).
View 2 Replies
View Related
Nov 20, 2010
I know there are ways to change the login of a linux box (runlevel 3) so that you don't see the regular login prompt but that you get a list with options. You see this with appliances.
My goal is to create a login like some of those appliances have. Instead of just getting a login prompt you can select several options like login, change network configuration, change password, stuff like that. How can I do this? Is there an Open Source tool to configure this?
View 1 Replies
View Related
Nov 17, 2009
I am encountering a strange problem on my VOIP setup Basically, I have a asterisk appliance IP04. I have setup all the extensions and everything. I use a Linksys PAP2T as an ATA remotely. Now, my problem is the ATA sometimes is okay can call SIP and PSTN but sometimes I just can't hear anything. I thought it was my ISP blocking the VOIP packets but I have tried both the SIP softphone and IAX2 softphone on my PC. For IAX2, it works perfectly however in the SIP, I can hear the other end but they cannot hear me.
These are the ports I have opened on my router
1.) UDP 5060 - SIP Port
2.) UDP 10000 - 20000 - RTP Port
3.) UDP 4569 - IAX2
Do I need to open both TCP/UDP for these ports or UDP should be enough? These are the test cases:
1.) Using my WiFi Connection and a analog phone connected to ATA --> Sometimes working sometimes not and sometimes you can call SIP but the other end cannot hear you
2.) Using IAX2 in WiFi connection --> This one works perfectly
3.) Using a mobile phone connected to WiFi Network --> The same...but you can call and go out on PSTN but the other end cannot hear you
4.) Using a mobile phone connected via 3G --> Works perfectly but as expected it is quite slow and voice quality is awful
I want to use SIP rather than IAX2 because it is widely used and since my ATA doesn't support IAX2. Are there other ports I need to open or configure?
View 2 Replies
View Related
Jun 15, 2011
We have an appliance with image being installed from CD/DVD installation
This appliance image is based on CentOS 4.7 kernel/installer/etc. Everything works fine, we ship this product for about 2 years. Recently I had to move it (port everything) to CentOS 5.5 Everything went fine and it works fine except one minor thing )) We can't install it from CD/DVD image yet. Actually it start fine, finds kickstart file, creates partitions correctly, copies install image to harddrive, but fails the next step when it tries to install RPM's
The message we get:
Quote:
the file termcap-5.5-1.20060701.1.noarch.rpm cannot be opened. This is due to a missing file, a corrupt package or corrupt media. Please verify your installation source. If you exit your system will be left in an inconsistent state that will likely require re-installation"
View 2 Replies
View Related
Mar 1, 2011
I have downloaded and setup the SUSE Lifecycle Management Server on vmware using the Live CD Distribution. I have connected it to Susestudio.com as my repository and setup a user account via the backend on pg 96 using the slms-admin-ui-user -o to create my administrator account since I lost the password for the initial login. I created a customer and have the following:
Mirroring Credentials - User Name: (random character)
Mirroring Credentials - Password: (random character)
Also I have a test box for installing the Live CD of our application. Do all appliance created on suse studio have the client to connect to the SLMS server or do need to install a client? If there is no client how do I obtain and add it to the appliance on susestudio.com ? How do I setup appliance as a client?
View 1 Replies
View Related
Feb 8, 2010
We are trying to define an appliance for an application server so I would like to know which should be the best file system type for this kind of use, basically our web applications uses libraries of 50 KB and our web apps.creates temp and logs files not bigger than 3 MB.
View 1 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Jan 19, 2010
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Jan 17, 2011
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
View 9 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
Feb 3, 2010
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies
View Related
Mar 29, 2010
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center
IBM Internet Security Systems
Symantec Threatcon
McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
View 2 Replies
View Related
May 29, 2010
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
View 2 Replies
View Related
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
Feb 28, 2011
When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies
View Related
