showing posts tagged with 'security'
by lunarg on December 14th 2016, at 16:29

Terry Zink, an MVP, wrote a good article about the difficulty most common e-mail filters have at stopping phishing impersonation attacks using simple display tricks.

Full article:

by lunarg on November 3rd 2016, at 15:41
An SSL certificate and private key can be stored in many formats. Sometimes, it may be necessary to convert from one format to another. One such case is where you have a private and public key (certificate) in PKCS12 (PFX-file) format, and need the individual certificate and private key in X509 format. You can use OpenSSL to perform the conversion.

A PFX-file generally contains both the private and public key (certificate) and is usually secured with a passphrase. If the PFX-file you want to convert is secured with a password, you will need this in order to perform the conversion. If you do not have the password, there's no way to reset this and the PFX-file will be unusable. When performin  ...
by lunarg on March 19th 2015, at 16:04
Internet Explorer's Enhanced Protected Mode is an additional layer of security that protects our computer against malicious content from exploiting Internet Explorer and prevents infections on your computer. It is available since Internet Explorer 10, and only on 64-bit versions of Windows. It works by running all Internet Explorer processes in 64-bit mode on a 64-bit computer. Starting from Windows 8, EPM also limits access to the registry and file system to certain (harmless) locations only, further enhancing security on that platform.

It is possible to enable EPM through Group Policy, provided you have the required Internet Explorer 10 ADMX or Internet Explorer 11 ADMX files present on y  ...
by lunarg on March 5th 2015, at 12:35
By default, when opening up OWA (Outlook Web App) access to the internet, you could technically also get into Exchange Admin Center (EAC) by appending /ecp after the external OWA URL, potentionally creating a security vulnerability and increasing the chance for a brute-force attack to succeed.

While it is generally a good idea to deny access to the Administrator user to manage the Exchange-server, this is not always possible or desireable. Additionally, because EAC is a VirtualDirectory within a site in IIS, it is not possible to have it listen on a separate internal IP address and secure it through the edge firewall. Luckily, IIS also has some other mechanisms to secure access. There's an   ...
by lunarg on February 23rd 2013, at 11:02

It's possible for Synology devices running DSM 3 or higher to enable support for NTFS ACL's. This allows Windows-users to set up Security through Windows Explorer itself. Most of the ACL types are supported.

NTFS ACL's have to be enabled for a share through the web-interface:

by lunarg on June 23rd 2011, at 17:37
Since version 2.0, OpenVPN has the ability to use PKCS12-files as TLS/SSL keys for accessing an OpenVPN server. The advantage of this is that you only have one key file containing the private and public key of the client and the CA certificate.

Creating such a certificate storage file can be done very easily when you already have the individual files, using OpenSSL.

openssl pkcs12 -export -in my-vpn.crt -inkey my-vpn.key -certfile my-ca.crt -out my-vpn.p12

Run the command above, matching the file names to the ones you have. Optionally, you can type in a password to secure the PKCS12 file.

Next, adjust your OpenVPN config: remove all the lines to your certificate and key files and add a s  ...
showing posts tagged with 'security'