RBAC: Tech Words of the Day

Role Based Access Control. Often part of a MAC (Mandatory Access Control) system, but can be present on a system where root still retains absolute power. Terminology varies widely with specific implementations, but there will be some set of defined privileges or authorizations that can be assigned to certain users or processes. For example, SCO OSR5 defines an authorization for backup (from the docs):

Title  Last Comment
Manything, Wemo and IFTT make a cheap security camera  
- Rather than trade in my old iPhone, I turned it into a security camera -

Packets on wrong interface  
- Packets on wrong interface due to wiring layout -

Hacking the new more secure credit cards  
- This hack has been blocked, but I'm sure more will come. -

Logitech Circle Camera  
- Logitech Circle Camera is a simple home camera that watches all day long and saves interesting clips. -

System Integrity Protection (SIP) in El Capitan  
- No, they haven't killed root, but they have limited its power. System Integrity Protection (SIP) in El Capitan -

Why should I trust The Cloud?  
- Why should I trust The Cloud? There is no cloud, it's just a computer that's located somewhere else! -

I fell for a Microsoft phone scam. What should I do now?  
- I fell for a Microsoft phone scam. I let them access my computer, but didn't pay any money. What should I do now? -

With security software, the cure can be worse than the disease  
- With security software, the cure can be worse than the disease -

Are you kidding me, Apple?  
- Are you kidding me, Apple? This is what you call making IOS apps secure? XcodeGhost infects IOS store -

Setting hosts connection limits in Kerio control  
- Setting hosts connection limits in Kerio control -

Kerio Control configuration changes reverted  
- A simple traffic rule was intended to allow ssh access to an internal machine but it refused to record, offering a strange reason -

Configuration changes reverted  
- Configuration changes reverted because rule would break your connection - a vague message, but a simple solution -

Is Apple finally taking security seriously?
- Do the new security features slated for IOS 9 and OS X 10.11 mean Apple is finally turning its eye to security? -

MyKerio lets you control multiple Kerio Control appliances from a single console  
- MyKerio lets you control multiple Kerio Control appliances from a single console -

How can I open eml files with Outlook?  
- How can I open eml files with Outlook? Windows 7 and Windows 8 machines won't work when I double-click an eml file. -

How can I accept email if the domain doesn't exist?  
- How can I accept email if the domain doesn't exist? -

Is is safe to visit my bank if I'm using unsecured wifi?  
- Is is safe to visit my bank or other secure sites like Gmail if I'm using unsecured wifi? -

Take Control of Security for Mac Users  
- Most security books are too technical for the average reader. Take Control of Security is not - learn how to protect yourself with this new book by Joe Kissel. -

Another router security flaw - netUSB  
- This netUSB vulnerability is real, but I have to ask why anyone ever thought netUSB was a good idea? -


Canary is a good idea at a ridiculous price  
- While I do like the idea of the Canary Honeypot, the price is utter nonsense. There's nothing difficult about doing this and nothing worth that kind of money. -

Google helps you with privacy now and after you are gone  
- It's not just privacy, though: you can also tailor ads and search results to be more relative to your needs -

Debugging Host Connection Limit Reached on Kerio Control  
- The Packet Dump feature in Connect's Debug log gives you an easy way to debug excessive connections to a host. -

The Moose Linux Router Worm is more like Bullwinkle, honestly  
- Honestly, how can you look at me with a straight face and call this a Linux security issue? It isn't: it's an idiot's security issue. -

Why use a VPN instead of opening ports?  
- I need to access my security cameras from home. My camera guys says we need to forward ports on the firewall, but my firewall guy says I should use the VPN instead -

Looking for secret connections  
- Malware often has secret internet connections. Spotting them in your firewall isn't always easy but I can offer some hints. -

Google Password Alert - barn doors and horses  
- Although two factor authentication protects you more, users who will not or cannot use that might consider this. To me, this seems like a silly answer! -

Managing iptables drop lists  
- After blocking large numbers of sites accidentally, cleaning them out is easier with this script -

Mac OS X 'rootpipe' is not a backdoor  
- An exploit that requires a local login is not a back door. It's not even an open safe. Most of us have nothing to fear. -

Spotting Click Bombing with Google Analytics  
- Here are two simple Analytics report that could help you spot click bombing and identify the source -

Someone is click bombing me  
- If someone is trying to damage you, here's how to track them down and stop them -

Are A/V vendors really this clueless?   2015/04/15 TonyLawrence
- This botnet infected an additional 128,000 new computers each month over the past half year and the A/V folks couldn't stop it? -

Patch fixes sudo escalation flaw  
- Yosemite 10.10.3 patches a local exploit that elevates an ordinary user to root privileges. Upgrade now and do not run as an administrator account. -

Kerio Connect DSN breaks DMARC   2015/01/20 TonyLawrence
- Kerio Connect DSN breaks DMARC due to use of hostname as sending domain -

Renewing Kerio Control SSL Certificates  
- Renewing Kerio Control SSL Certificates does have some pitfalls. By default, Kerio Control ships with several predefined SSL certificates which are used for specific purposes. There's a "Default", one for Reverse Proxy, one for Local Authority and one for VPN. -

Upgrading from software Kerio Control to the hardware version  
- Upgrading from software Kerio Control to the hardware version is not difficult -

Help protect your mail domain with DMARC  
- Although not widely implemented, DMARC can help protect your domain -

Hassle free SSL/TLS?  
- Hassle free SSL/TLS? Let’s Encrypt: Delivering SSL/TLS Everywhere -

Is your password safe?   2014/12/01 TonyLawrence
- Is your password safe? Kasperksy may not think so even if other sites say it is. -

Hacked at my own site  
- Well, not really hacked but a password exposed and that's pretty bad! -

Monitoring Kerio Connect for suspicious activity  
- If you suspect that user's email has been compromised, here is a script that can help. -

Packet Dump in Kerio Control  
- Packet Dump used to be a hidden option in Kerio Control and you needed ssh to get the logs or even to remove them. That's no longer the case.` -

IPS in Kerio Control  
- You may never have even looked at IPS in Kerio Control or ever need to. It's there when you need it, though. -

DNS Forwarding in Kerio Control  
- DNS Forwarding in Kerio Control can be pretty powerful stuff. Learn its ins and out here. -

Who's been reading my email?   2013/07/02 DaveGillam
- The boss noticed that some emails he did not read were marked as read - who was responsible? -

Important changes coming in Kerio Control 2013/09/21 TonyLawrence
- The 8.1 release of Kerio Control contains a number of important new features. Some require a bit of explanation. -

Clicky Analytics for your website  
- Clicky Analytics offers some advantages over Google Analytics and can be used alongside too. -

More about Cloudflare  
- CloudFlare should now be fully active on this site. Visitors should only see speedups in page loads and no adverse affects. -

Expectations of privacy - time to shut it down?  
- Groklaw shuts down, the NSA spying gets worse. Is this Orwellian or just business as usual? -

Basic software firewall introduction for home users  
- You almost certainly have a software firewall on your Windows or Mac computer. You also probably have a hardware firewall. Understanding just a little bit about them can save you trouble. -

Using SCO Unix as a firewall  
- Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server? -

Samepage - Redefining how people create and share information
Websockets and Kerio Control  
- How to set your Kerio Control proxy to work with websockets -

Kerio Control Connection Limit Reached Alert  
- While this alert might indicate suspicious activity, it might just be something simple that you forgot about. -

Script to block DOS attacks   2013/06/03 TonyLawrence
- People steal content. If you run a website, you almost certainly know that; here is a simple script to block annoying abusers and possibly stop a little theft, too. -

Wireshark 101   2013/05/27 TonyLawrence
- Silly me. I really should have started using Wireshark long before this! -

Kerio Control with multiple Internet Interfaces   2014/01/24 basit
- If you have more than one Internet connection, Kerio Control can configure and use these in different ways. Learn how here. -

Simple debugging with Kerio Control  
- An easy way to use Control as a network sniffer by creating useless rules and adding Accounting logging. -

A Verizon FIOS STB and a Kerio Control router   2013/01/20 anonymous
- Verizon provides a router that is needed for their Video on Demand and other TV services to work. How can we use a Kerio Control box with that? -

Examining Kerio Control Traffic Rules   2012/11/08 TonyLawrence
- A simple Perl script helps display Kerio Control traffic rules. -

Should I buy the Kerio Control Appliance or run the software version?  
- Kerio offers its Control firewall in both software and hardware versions. Which should you choose? -

More Security articles

Have you tried our Tests?