Protecting against DDoS on the 5555-x

Similar Messages

• MacBook Pro's keyboard resting against screen when the monitor is closed

  I opened my macbook pro's screen just now and I'm starting to see outlines from the keys on my keyboard on my screen. I'm worried about wear and tare on the screen in a year or two. Is anyone else having this issue?

  Susan Dennis wrote:
  ... Does anyone know if covering the keys with the micofiber cloth can interfere with the unit's cooling capability?
  Susan: I don't know if the microfiber cloth interferes with cooling, but after using a sheet of paper for almost one year for the same protective purpose, I can say that a sheet of paper evidently does not interfere with cooling capability. I can't remember the last time my cooling fans turned on with the sheet in place. And I can vouch for the ability of a paper sheet to protect against marks from the aluminum keyboard on the 1st generation MBP screen.
  Perhaps you should swap out your microfiber cloth for a sheet of paper and see if you get an improvement in cooling. A very cheap experiment to perform!
  -Dave

• How do you protect yourself against DDOS attacks?

  I'm starting a new job soon for an employer who has had the occasional ddos attack against their website.
  Anyways I was wondering, how do you guys protect yourselves against ddos attacks?
  The way my employer fought against it last time was rather unelegant and a sort of lucky situation. They noticed that all the attacks came from IPs which where located in foreign countries, so they simply blocked entire ip ranges which werent from the country they were providing the service for.
  This seems like quite a drastic measure to me. After all, one goal of my employer is to become more international, and even if you cater only to local clientele, plenty of legitimate users could be across the border.
  Specifically protecting Apache against DDOS attacks is what I would be interested in.
  Can anyone suggest some software or setup I should research for this?

  A colleague of mine recently had one of his own servers under a DDOS attack. Nginx helped out a bit. But the holy grail in this case was Fail2ban.
  Now, usually a DOS would mean that massive requests are issued within a short time. Such behaviour is easily identified and blocked. But how do you react when its distributed and each individual node is issueing requests at a normal rate?
  Well in my tests I came to the conclusion that its all about the difference in typical behaviour of legitimate visitors to a site and automated requests as in the case of a DDOS attack.
  For example, while a DOS bot might not issue requests at an alarmingly high rate (slow and steady wins the race), but will continually issue requests for hours.
  So rather than trying to catch "burst" behaviour with requests crossing a certain threshold in a short amount of time, I instead configured fail2ban to check for IPs which crossed a certain threshold after an hour, and then block that IP for 24hours.
  It might take a while to find the sweet spot. And it wont be effective immediately. But with a little patience the blocklist started to fill up, and after a few hours the DDOS'ers seemed to have run out of IPs from which to attack.
  It makes sense if you think about it. A legitimate human user, will go to a site, and spend most of their time reading content, rather than klicking links. Well, usually anyways.
  Also, I've noticed that bots always seem to hit the same URL. Meaning, the main url of the site, and not selecting any links within the site. While I suppose that it would be trivial to configure a bot to act more legitimately and have it actually klick through all available links, I think it kind of defeats the purpose. Or at least most script kiddies won't go that far.
  If you know your way around with REGEXP, I'm sure you could come up with some really nicely custom-tailored rules for fail2ban to use in identifiying and blocking ips. So for example, rather than simply counting ANY connection made in the http logs, you could concentrate on IPs which only and continually access the main the url, over and over again.
  Legitimate users will most likely click on other links as well, so if you manage to exclude these kinds of accesses from Fail2ban's counting mechanism, you minimize the chance of locking out legitimate users.

• Each time I start Firefox it says: "URGENT! Your version of Firefox is no longer protected against online attacks. Get the upgrade - it's fast and free!" I am using ver. 3.6.13 and upgrading "successfully" only stays on 3.6.13 with same URGENT message.

  Each time I start Firefox it says:
  "URGENT! Your version of Firefox is no longer protected against online attacks. Get the upgrade - it’s fast and free!"
  I am using ver. 3.6.13 and upgrading "successfully" only stays on 3.6.13 with same URGENT message.

  Your UserAgent string in Firefox is messed up and needs to be reset. <br />
  [http://en.wikipedia.org/wiki/User_Agent]
  type '''about:config''' in the URL bar and hit Enter <br />
  ''If you see the warning, you can confirm that you want to access that page.'' <br />
  Filter ='''general.useragent.''' <br />
  Right-click the preferences that are '''bold''', one line at a time, and select ''' ''Reset'' ''', <br />
  Then restart Firefox

• Itunes error. the data execution prevention pops up and says "to protect your computer, windows has closed this program. Data execution prevention helps protect against damage from viruses and other threat.

  I have a windows Xp computer. and i needed to download the newest itunes to support my ipod touch. but now my computer doesn't let me open itunes. The the data execution prevention pops up and says "to protect your computer, windows has closed this program. Data execution prevention (DEP) helps protect against damage from viruses and other threat." I tried excluding itunes from DEP on settings but it still doesn't work. I don't know what to do. please help me!!!
  thanks 

  try to select the computer cd/dvd autorun off.
  I had the same problem, then Kaspersky software found a conflict suggesting me this solution.
  Itunes now works...even if it always asks to set the cd/dvd autorun on when lunched.

• What are the most common/important DB firewall intrusion methods Security Admins need to protect against?

  Hi everyone,
  I was curious about the top methods attackers are using to breach Oracle DB firewalls.  We are running Oracle 11.2.0.4 DB running on RedHat Linux 5.3 and using the standard IP tables/firewall for Linux turned on.  We have all the ports closed that were recommended by our security auditing company.  However, we just wanted to know if there were specific attack methods that are commonly being used which we should additionally protect against.
  Thanks in advance for any info.

  Anybody? Bueller?  Bueller?

• What is the best protection against virus

  what is best protection against any virus.

  what is best protection against any virus.
  You.
  There will always be threats to your information security associated with using any Internet - connected communications tool:
  You can mitigate those threats by following commonsense practices
  Delegating that responsibility to software is an ineffective defense
  Assuming that any product will protect you from those threats is a hazardous attitude that is likely to result in neglecting point #1 above.
  OS X already includes everything it needs to protect itself from viruses and malware. Keep it that way with software updates from Apple.
  A much better question is "how should I protect my Mac":
  Never install any product that claims to "clean up", "speed up",  "optimize", "boost" or "accelerate" your Mac; to "wash" it, "tune" it, or to make it "shiny". Those claims are absurd.Such products are very aggressively marketed. They are all scams.
  Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources.
  Illegally obtained software is almost certain to contain malware.
  "Questionable sources" include but are not limited to spontaneously appearing web pages or popups, download hosting sites such as C net dot com, Softonic dot com, Soft pedia dot com, Download dot com, Mac Update dot com, or any other site whose revenue is primarily derived from junk product advertisements.
  If you need to install software that isn't available from the Mac App Store, obtain it only from legitimate sources authorized by the software's developer.
  Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
  Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iCloud, iTunes, or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
  Don’t install browser extensions unless you understand their purpose. Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.
  Don’t install Java unless you are certain that you need it:
  Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  Java can be disabled in System Preferences.
  Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
  Beware spontaneous popups: Safari menu > Preferences > Security > check "Block popup windows".
  Popup windows are useful and required for some websites, but unsolicited popups are commonly used to deceive people into installing unwanted software they would never intentionally install.
  Popups themselves cannot infect your Mac, but many contain resource-hungry code that will slow down Internet browsing.
  If you ever receive a popup window indicating that your Mac is infected with some ick or that you won some prize, it is 100% fraudulent. Ignore it.
  The same goes for a spontaneously appearing dialog insisting that you upgrade your video player right this instant. Such popups are frequently associated with sites that promise to deliver "free" movies or other copyrighted content that is not normally "free".
  The more insistent it is that you upgrade or install something, the more likely it is to be a scam. Close the window or tab and forget it.
  Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  The most serious threat to your data security is phishing. Most of these attempts are pathetic and are easily recognized, but that hasn't stopped prominent public figures from recently succumbing to this age-old scam.
  OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
  Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.
  Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.

• I'm running Spywareblaster on an XP desktop. When I use "Clear Recent History" in Firefox, it disables protection against the same 230 sites that Spyware Blaster was protecting my PC from.

  Every time I use "Clear Recent History" in Firefox, I have to open "Spywareblaster" and re-enable protection against the same 230 sites that I was protected against prior to clearing history. Any ideas?

  Just make sure that you do not use [[Clear Recent History]] to clear the "Site Preferences" when Firefox is closed.
  Clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, and passwords.

• What is the best way to protect my macbook on the internet

  what is the best way to protect my macbook on the internet, using mobile broadband?

  against what ? malware ?
  on Macs, all that's needed is common sense.
  Mac Virus/Malware Info

• SCC4 - Protection against SAP upgrade

  Hello guys,
  i have a question regarding to the "Protection against SAP upgrade" flag in SCC4 for the client settings.
  I know that this flag will make a client unusable in case of an upgrade (for example from ERP2004 to ERP2005), but what is about applying support packages?
  Is this flag also valid for support packages?
  The documentation about this parameter does not make a statement to this point:
  > If this flag is set, the client is no longer supplied with data during SAP upgrades. After an SAP upgrade, it is not possible to work actively in the client. The flag can only be set for a test client or an SAP reference client (Early Watch).
  Does SAP understand "applying support packages" as an upgrade?
  Answers will be rewarded.
  Regards
  Stefan

  No.
  Applying SP is not SAP upgrade.
  -Pinkle

• CS3/CS4 protecting against SQL Injection

  Hi:
  I was wondering if the newer versions of Dreamweaver like CS3/CS4 do a good enough job to protect against SQL Injection when using the built in Insert/Update/Delete behaviors or should I use Commands with Stored Procedures (MS SQL)?
  Thanks!
  Mitch

  David , Günter - many thanks for your help !
  In my ignorance I appear to have been misled by my website host who, in response to a related problem, informed me as follows:
  "your website's scripting does appear to be highly vulnerable to SQL  injection attack, this can be easily seen via the following example:
  /s-sub_detail.php?cat_id=TEST
  As  you can see, arbitrary data entered as the cat_id variable of the shopping cart  script is being passed unchecked to the SQL server, which is then returning a  notice relevant to the data passed (in the above example case this is an  "unknown column" error) - This effectively demonstrates that your shopping cart  script performs no validation on variables used within the script and passes  them directly to the SQL server, which means arbitrary commands can potentially  be added as variable data for the SQL server to execute.
  In order to  correct this all variables and any other posted data used by the shopping cart  script must be fully validated by the script itself before being passed to the  SQL server so that SQL commands cannot be executed by simply manually entering  these as a script variable".
  Thanks to David I understand the issue with the need for data validation but the response above appears to indicate that they believe there is more to it.
  David and Günter - I would welcome your response to the above and perhaps recommendations for SQL injection vulnerability testing.
  Kind regards
  J

• "FRM-40200: Field is protected against update"

  "FRM-40200: Field is protected against update" ...
  hi guru,
  when im about to check the checkbox in transaction statuses in receiving-> transaction status summary . to  resolve the pending receiving transaction in PO, this error occurs "FRM-40200: Field is protected against update" ...
  Thanks

  Hi,
  In this form you may delete the record but won't be able to update it.
  Thanks,
  PS.

• Lightswitch Security, Protection against SQL Injection attacks etc.

  Hi all,
  I have been hunting around for some kind of documentation that explains how Lightwitch handles typical web application vunerabilities such as SQL injection attacks.
  In the case of injection attacks it is my understanding the generated code will submit data to the database via names parameters to protect against such things but it would be good to have some official account of how Lightswitch handles relevant OWASP
  issues to help provide assurance to businesses that by relying on a framework such as Lightswitch does not introduce security risks.
  Is anyone aware of such documentation? I found this but it barely scratches the surface:
  http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
  There is this which describes best practices but nothing to say that these practices are adopte within Lightswitch
  http://msdn.microsoft.com/en-us/library/gg481776.aspx?cs-save-lang=1&cs-lang=vb#code-snippet-1
  Thanks for any help, I am amazed that it is so difficult to find?

  LS is a tool built in top of other technologies including Entity Framework.
  Here is a security doc about EF.
  http://msdn.microsoft.com/en-us/library/vstudio/cc716760(v=vs.100).aspx
  LS uses Linq to Entities and therefore is not susceptible to SQL injection.
  HTH,
  Josh
  PS... the only vulnerability that I'm aware of is when a desktop app is deployed as 2-tier instead of 3-tier.  In that case, the web.config which contains connection strings is on the client machine, which is a risk.  Here is a discussion related
  to db security & 2 vs 3-tier.
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/93e035e0-0d2e-4405-a717-5b3207b3ccac/can-sql-server-application-roles-be-used-in-conjunction-with-lightswitch?forum=lightswitch

• CFInsert/Update: protection against SQL injection?

  Hello,
  I'm trying to find out if the use of CFInsert or CFUpdate
  offers any protection against a SQL Injection attack. We are on a
  project that uses many CFInserts and Updates, and lack the time to
  rewrite new queries using CFQueryParam. Will a CFInsert or Update
  handle the situation?

  Validate every field before you get to the cfinsert/cfupdate
  tag, something you should have been doing anyway.

• Firefox 3 says I no longer have protection against online attacks

  firefox 3.6.13 says I no longer have protection against online attacks. Version 4 will not run because I don't have "enough previledges for some itms.'''
  '''

  The Firefox 3.5.x branch has reached end-of-life and is no longer maintained.<br />
  You will no longer receive security updates.<br />
  You can update Firefox via "Help > Check for Updates" or download and install the latest Firefox 3.6.x or 4.0.x version.<br />
  <br />
  Download a new copy of the Firefox program and save the DMG file to the desktop
  * Firefox 4.0.x: http://www.mozilla.com/en-US/firefox/all.html
  * Firefox 3.6.x: http://www.mozilla.com/en-US/firefox/all-older.html
  * Trash the current Firefox application to do a clean (re-)install
  * Install the new version that you have downloaded
  Your profile data is stored elsewhere in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Firefox Profile Folder], so you won't lose your bookmarks and other personal data.