Collaborate Disseminate
The company I work for uses Symantec security. When I am connected to the network (by cable) I can see that my IP address is registered to Symantec.
My question is, do other companies that are also using Symantec get this sa… Continue reading When using Symantec security, is our IP address our own or shared, should we whitelist?
Is there a way to limit the list of mailadresses a user can send mail to, to a small whitelist of approved addresses?
The only option I can think of right now is a customized contact form, but I’m looking for a better way th… Continue reading Whitelist outbound mail
We have white-listed full domains and that creates uncertainty i.e. myservice.com
Anyone can send spam mails and we can’t block it.
We have white-listed specific emails / IP addresses and there is no immediate concern.
My problem
I am looking for an application which runs on Windows Server 2012 for security reasons. Our server began attacked on many protocols. They are trying brute force attacks with very weak passwords. It is just annoyin… Continue reading Whitelist Application For Windows Server 2012
I am using the Accept known good validation strategy to sanitize user input (rich HTML) and are using a 3rd party component to do this.
The component by default requires every permitted class name to explicitly listed, but also has a checkbox to suspend this rule (i.e. every class name will be accepted). The help text for this checkbox says:
Bypassing this rule may lead to security vulnerabilities. Only grant this filter to trusted roles.
I understand by checking that box, I would permit user input such as:
<div class="exploit">…</div>
However, I am unable to think of what to replace “exploit” with that may be a security vulnerability.
Can anyone explain to me why I need to whitelist class names.
I’m currently working for a startup company who maintains a server on AWS. Currently, our server is set up so that in order to access it via SSH, you need to be on a white listed IP (set up in AWS) and have a valid RSA key to… Continue reading Is SSH public key authentication sufficient for protecting a server if IP Whitelisting is disabled?
I use a firewall and I’m having a hard time to figure out what to block and what to allow.
I don’t know if a certain IP/URL is safe. I’ve seen https://zeltser.com/malicious-ip-blocklists/ , http://www.dnsstuff.com and http:… Continue reading How to properly create blacklists and whitelists in firewalls?
We hear time and time again of countries censoring internet traffic by blocking IP Ranges.
Without getting into the politics of it, let’s take for example China’s Great Firewall. Even though it is not the most oppressive of firewalls, it … Continue reading Has there ever been a country that implemented whitelist-based internet censorship?
I’ve Windows 7 with latest updates without any antivirus software.
I use ZoneAlaram Free Firewall to restrict application from accessing Internet without my knowledge (every new application requires ok/cancel in firewall’s p… Continue reading How safe I am without antivirus on Windows 7 with restricted security policy enabled?
I have difficulties in understanding the difference between Knowledge-based IDS and behavior-based IDS.
This link says that a knowledge-based IDS uses a database of specific attacks and system vulnerabilities, which is black… Continue reading Difference between Knowledge-based IDS and behavior-based IDS