headers
i.t | 2 Mar 2003 05:37
Picon

Re: Outlook web access

msg Donnerstag 27 Februar 2003 19:21 by Marc Suttle:
> I would like to have some kind of login for the users at the apache level
> on the dmz that would interact with the exchange server on the internal
> network.  Any input if this was clear is appreciated.  Basically I do not
> want to allow any communications from the outside to the internal network.

there is a short article in php magazine 1/2003
http://entwickler.com/itr/ausgaben/psecom,id,115,nodeid,112.html
on the apache site you can have basic auth, LDAP etc.

Regards
--

-- 
 . ___
 |  |  Irmund     Thum
 |  |
Permalink | Reply | 7 comments |
headers
SB CH | 3 Mar 2003 02:28
Picon
Favicon

access-list at 4006 catalyst switch?

Hello all.

I have a 4006 layer 2 cisco switch which os is catos.
I would like to restrict ip address which can telnet to the switch.
But I can't find any access-list like command at 4006 switch.
Can't I restrict telnet client ip or snmp client ip at 4006?

Thanks in advance.

_________________________________________________________________
책상위에 다리 올리고 느긋하게 즐긴다... MSN 온라인 상영관   
http://vod.msn.co.kr
Permalink | Reply | 2 comments |
headers
SB CH | 3 Mar 2003 02:33
Picon
Favicon

what's the meaning 255.255.255.255?

Hello, all

I have operated 2 /24 network(like 211.1.1.0/24, 211.1.2.0/24 ) at one 
router.
I can see 255.255.255.255 traffic.

Then what's the defference between 255.255.255.255 and 211.1.1.255 ?
255.255.255.255 traffic spreads all over the network?
255.255.255.255 pass the router if there isn't any access-list?
211.1.2.0/24 range can recognize 255.255.255.255 traffic too?

Thanks in advance,

_________________________________________________________________
책상위에 다리 올리고 느긋하게 즐긴다... MSN 온라인 상영관   
http://vod.msn.co.kr
Permalink | Reply | 1 comment |
headers
swin | 3 Mar 2003 08:55
Picon

Any good method to check network overload?

Hello!

  	I am doing researtch on protecting system from DDoS attacking,in 
my researth work ,there is a part is to find network is overload and
raise alarm .
	Here ,network overload means in certain  time ,network is very 
busy ,servers or network equipment can not deal with so much request 
and make the entire network system very slow. As known ,when systems
are in DDoS attacking ,it can cause this situation,but also when sometimes a lot of normal user are using the
server together ,it also
approach this situation.
 	Right now, I do not care about what really cause this network 
overload, alse if I am energetic enough I can take care of the 
system 24 hours a day, but I want to use a program automatically check this situation,when our system is in
overload,it can alarm.
	Before this I also thought some methods to check ,for example I 
used to try to calculate the average load of the system and use this
value multiply certain coefficient as the systen's max load when 
exceed this so call max load we consider it overload,but this method
I'm not satisfied .
	The second achive is to check server or network equipment's 
network stack queue,if the queue is too long ,it represents the system
are too busy to deal with so much request,but I'm also not sure about
this method ,so I want know other's opinion.
	Alse if any others have better way to check this overload ,I'm so
glad to hear it !
	Thanks in advance!
     
  	Swin. wang
(Continue reading)

Permalink | Reply | 1 comment |
headers
Roger Bou Aoun | 3 Mar 2003 07:10

RE: information security university degree

Dear Aleksander,

Greetings, hereunder you will find some of the universities that offer a
University degree program in Information Security /quality assurance. for
further information's feel free to contact me.

_
______________________________________________
Roger Bou-Aoun, PhD
Doctorate of Philosophy in E-Commerce Security
MCNS, CISSP (Candidate), CSM (Candidate)
Chief Information Security Officer
Notre Dame University - Lebanon
GSM: +961-3-843-155
E-mail: roger.bouaoun <at> ndu.edu.lb

USA:

http://www.capitol-college.edu/academics/grad/msns.html

they offer MS in Network Security and there program is Interesting

or you can always check in Georges Washington University,

http://www.nsa.gov/isso/programs/nietp/newspg1.htm

This is the list of all the approved university from the US government to
teach InfoSec

Australia:
(Continue reading)

Permalink | Reply | 1 comment |
headers
Devdas Bhagat | 1 Mar 2003 22:40
Picon

Re: Outlook web access

On 27/02/03 12:21 -0600, Marc Suttle wrote:
> Hello list,
> 	Real quick question.  I was wondering if there are any open source
> utilities that will install to apache that will allow outlook web access
> from the dmz to an internal exchange server.  
Why not use IMAP with an IMAP based webmail client?
www.squirrelmail.org
www.horde.org

Devdas Bhagat
Permalink | Reply | 1 comment |
headers
Chris Travers | 1 Mar 2003 15:26

Re: Outlook web access

Not that I know of.  However you could use an HTTP proxy and reverse 
proxy the connections in.

Best Wishes,
Chris Travers

Marc Suttle wrote:

>Hello list,
>	Real quick question.  I was wondering if there are any open source
>utilities that will install to apache that will allow outlook web access
>from the dmz to an internal exchange server.  
>
>My setup is this:
>
>
>internet-------fw---------internal lan--------exchange 5.5 mail server
>                -
>                - 
>                -dmz------apache web server-------
>
>
>I would like to have some kind of login for the users at the apache level on
>the dmz that would interact with the exchange server on the internal
>network.  Any input if this was clear is appreciated.  Basically I do not
>want to allow any communications from the outside to the internal network.
>
>Thanks,
>
>Marc
(Continue reading)

Permalink | Reply | 0 comments |
headers
marco misitano | 3 Mar 2003 14:38

RE: information security university degree

In italy:

Master in ICT security  <at>  http://mast.dico.unimi.it/ by the department of
computer science from the university of milan

Advanced course in information security management
http://www.securman.it/ backed by cefriel (cefriel.it) and
MIP/Politecnico di Milano

I am afraid all the pages are in italian only

~misi

-----Original Message-----
From: Aleksander Sinigoj [mailto:aleksander <at> palsit.com] 
Sent: Thursday, 27 February, 2003 06:37 PM
To: security-basics <at> lists.securityfocus.com
Subject: information security university degree

Hi,

After conducting a thorough research with Google etc. I would like to
ask you for some help.

In Slovenia we are introducing some postgraduate programes in
information security from both technical and managerial perspective.

We are looking for any similar programes in Europe/US or other parts of
the World that are being taught at the university level.
(Continue reading)

Permalink | Reply | 0 comments |
headers
CHRIS GRABENSTEIN | 3 Mar 2003 14:25

RE: Outlook web access

SquirrelMail should do that for you.  You'll have to adjust your firewall
accordingly of course.  Take a look at
http://www.squirrelmail.org/wiki/en_US/SquirrelMailWithExchangeFAQ

I haven't tried it myself with exchange, but it's on my to-do list.

|-----Original Message-----
|From: Marc Suttle [mailto:marc.suttle <at> anidirect.com] 
|Sent: Thursday, February 27, 2003 1:21 PM
|To: security-basics <at> securityfocus.com
|Subject: Outlook web access
|
|
|Hello list,
|	Real quick question.  I was wondering if there are any 
|open source
|utilities that will install to apache that will allow outlook 
|web access
|from the dmz to an internal exchange server.  
|
|My setup is this:
|
|
|internet-------fw---------internal lan--------exchange 5.5 mail server
|                -
|                - 
|                -dmz------apache web server-------
|
|
|I would like to have some kind of login for the users at the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Eric Zatko | 3 Mar 2003 17:16
Picon

Critical/Security Updates as well as other Patch Management

Good day everyone,

I am very interested in hearing all opinions/resources/etc. regarding the topic of Security updates,
Critical updates, and general patch management. Any and all platforms... not only, but including Microsoft.

What are the strategies being used?

What are the best web/free resources?

What are your opinions?

My sincere thanks in advance.
Eric
Permalink | Reply | 3 comments |

Gmane