APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed
Microsoft Digital Rights Management

"New Office locks down documents" reports on how Microsoft is adding Digital Rights Management to Office 2003 applications.

Title Last Comment
Why use a VPN instead of opening ports?  
- I need to access my security cameras from home. My camera guys says we need to forward ports on the firewall, but my firewall guy says I should use the VPN instead -

Looking for secret connections  
- Malware often has secret internet connections. Spotting them in your firewall isn't always easy but I can offer some hints. -

Google Password Alert - barn doors and horses  
- Although two factor authentication protects you more, users who will not or cannot use that might consider this. To me, this seems like a silly answer! -

Managing iptables drop lists  
- After blocking large numbers of sites accidentally, cleaning them out is easier with this script -

Mac OS X 'rootpipe' is not a backdoor  
- An exploit that requires a local login is not a back door. It's not even an open safe. Most of us have nothing to fear. -

Spotting Click Bombing with Google Analytics  
- Here are two simple Analytics report that could help you spot click bombing and identify the source -

Someone is click bombing me  
- If someone is trying to damage you, here's how to track them down and stop them -

Are A/V vendors really this clueless?   2015/04/15 TonyLawrence
- This botnet infected an additional 128,000 new computers each month over the past half year and the A/V folks couldn't stop it? -

Patch fixes sudo escalation flaw  
- Yosemite 10.10.3 patches a local exploit that elevates an ordinary user to root privileges. Upgrade now and do not run as an administrator account. -

Kerio Connect DSN breaks DMARC   2015/01/20 TonyLawrence
- Kerio Connect DSN breaks DMARC due to use of hostname as sending domain -

Renewing Kerio Control SSL Certificates  
- Renewing Kerio Control SSL Certificates does have some pitfalls. By default, Kerio Control ships with several predefined SSL certificates which are used for specific purposes. There's a "Default", one for Reverse Proxy, one for Local Authority and one for VPN. -

Upgrading from software Kerio Control to the hardware version  
- Upgrading from software Kerio Control to the hardware version is not difficult -

Help protect your mail domain with DMARC  
- Although not widely implemented, DMARC can help protect your domain -

Hassle free SSL/TLS?  
- Hassle free SSL/TLS? Let’s Encrypt: Delivering SSL/TLS Everywhere -

Is your password safe?   2014/12/01 TonyLawrence
- Is your password safe? Kasperksy may not think so even if other sites say it is. -

Hacked at my own site  
- Well, not really hacked but a password exposed and that's pretty bad! -

Monitoring Kerio Connect for suspicious activity  
- If you suspect that user's email has been compromised, here is a script that can help. -

Packet Dump in Kerio Control  
- Packet Dump used to be a hidden option in Kerio Control and you needed ssh to get the logs or even to remove them. That's no longer the case.` -

IPS in Kerio Control  
- You may never have even looked at IPS in Kerio Control or ever need to. It's there when you need it, though. -

Samepage - Redefining how people create and share information
DNS Forwarding in Kerio Control  
- DNS Forwarding in Kerio Control can be pretty powerful stuff. Learn its ins and out here. -

Who's been reading my email?   2013/07/02 DaveGillam
- The boss noticed that some emails he did not read were marked as read - who was responsible? -

Important changes coming in Kerio Control   2013/09/21 TonyLawrence
- The 8.1 release of Kerio Control contains a number of important new features. Some require a bit of explanation. -

Clicky Analytics for your website  
- Clicky Analytics offers some advantages over Google Analytics and can be used alongside too. -

More about Cloudflare  
- CloudFlare should now be fully active on this site. Visitors should only see speedups in page loads and no adverse affects. -

Expectations of privacy - time to shut it down?  
- Groklaw shuts down, the NSA spying gets worse. Is this Orwellian or just business as usual? -

Basic software firewall introduction for home users  
- You almost certainly have a software firewall on your Windows or Mac computer. You also probably have a hardware firewall. Understanding just a little bit about them can save you trouble. -

Using SCO Unix as a firewall  
- Given the current cost of hardware and the availability of Linux software, why on earth would you want to run a firewall on a production server? -

Websockets and Kerio Control  
- How to set your Kerio Control proxy to work with websockets -

Kerio Control Connection Limit Reached Alert  
- While this alert might indicate suspicious activity, it might just be something simple that you forgot about. -

Script to block DOS attacks   2013/06/03 TonyLawrence
- People steal content. If you run a website, you almost certainly know that; here is a simple script to block annoying abusers and possibly stop a little theft, too. -

Wireshark 101   2013/05/26 TonyLawrence
- Silly me. I really should have started using Wireshark long before this! -

Kerio Control with multiple Internet Interfaces   2014/01/24 basit
- If you have more than one Internet connection, Kerio Control can configure and use these in different ways. Learn how here. -

Simple debugging with Kerio Control  
- An easy way to use Control as a network sniffer by creating useless rules and adding Accounting logging. -

A Verizon FIOS STB and a Kerio Control router   2013/01/19 anonymous
- Verizon provides a router that is needed for their Video on Demand and other TV services to work. How can we use a Kerio Control box with that? -

Examining Kerio Control Traffic Rules   2012/11/08 TonyLawrence
- A simple Perl script helps display Kerio Control traffic rules. -

Should I buy the Kerio Control Appliance or run the software version?  
- Kerio offers its Control firewall in both software and hardware versions. Which should you choose? -

Troubleshooting Kerio Control installation  
- Setting up Kerio control is usually very easy. If you do experience problems, this guide can help. -

Kerio Operator in a separate subnet behind Control Firewall   2013/06/14 TonyLawrence
- Installing Kerio Operator in a private subnet that is not the same as your office LAN network requires some special firewall rules. -

Kerio Control Require3WayHandshake dropping packets   2012/10/24 NickBarron
- A Kerio Control 3110 replaces an old SonicWall. Immediately we saw problems with dropped packets: packet dropped: 3-way handshake not completed -

How to find password hacks in your Kerio Mailserver log  
- If a hacker can guess a password for a mail user on your system, they can send email that will appear to be from a legitimate user. Here's how to find and prevent such use. -

Avast Free Antivirus for Mac   2012/05/30 NickBarron
- Will someone please make decent malware/antivirus protection for Macs? I'd hope that Apple would be smart enough to do that itself, but so far they seem uninterested and that leaves me feeling worried. -

Why you should let me sell you a new firewall   2012/05/20 TonyLawrence
- I know - your current firewall is working fine. Or so you think. You could be right about that, but let me go over a few reasons why you might want to consider changing that firewall now. -

Kerio Control Rip and Replace   2014/07/10 TonyLawrence
- I tore out a perfectly good Astaro Firewall and replaced it with a Kerio Control box. The Astaro was only two years old and was working fine, but tearing it out made both me and my customer very happy. Read on to learn why. -

Kerio Control Hardware Appliance firewall   2012/05/22 TonyLawrence
- I got to configure two new Kerio Control hardware appliances this week. Learn what's different about these boxes compared to the software versions. -

A Kerio Firewall transplant causes mail problems   2012/04/06 TonyLawrence
- Moving a Kerio Control firewall to new hardware shouldn't be any trouble at all. In fact, it was not, but some red herrings led me to think that something had gone mysteriously wrong. -

Understanding Kerio Control Firewall Licensing   2014/06/17 TonyLawrence
- How many user licenses will your Kerio Control firewall require? The answer isn't as simple as it was before, but the current licensing does offer more flexibility. -

Misconfigured router causes open SMTP relay   2012/03/10 NickBarron
- The last thing you want is an active mailserver acting as an open relay. Learn how a misconfigured router caused that on an innocent Kerio server. -

Book Review - Michal Zalewski's 'The Tangled Web'   2011/11/12 TonyLawrence
- We will not have ventured very far into the Internet forest before we realize that our 'crack team' of web browsers is anything but. Most of them can't seem to tell a squirrel from a poisonous snake. When they do decide to point their weapons at something threatening, we had better duck ourselves, because their aim is atrociously bad. Suspicious looking miscreants appear at the edges of our trail and beckon us to follow them into the dark woods; our guides lay down their weapons and, with beaming grins, trot off never to be seen again! -

Exploring Apple Document versions  
- When I made the switch, I of course had files under the old account. Some were things I knew I'd need immediately, so I copied them to the new account and changed permissions. Others were things I might need, but then again I might not. What to do about those? -

Can Online Services Be Secure?   2011/08/22 Ralph
- Recent data theft disasters have shown that it is not enough to operate a "secure server" and leave all customer's information unencrypted on this server. Because if you think your secure server is invincible, all your customer's data is at risk, the moment it turns out that the secure server is not as secure as you thought. -

Kerio Connect Mailserver
Advantages of Kerio Control Firewall  
- As this customer actually wanted the appliance version, he asked about hardware replacement policies, extended warranties and wondered if he should buy two -

Using fail2ban with Kerio Connect mailserver   2014/01/05 TonyLawrence
- Fail2ban is fussy about dates in log files; Kerio's security log does not meet its standards -

Helping my sister-in-law with Gmail   2011/06/02 TonyLawrence
- I'd rather send pictures or a move than take control of their computer. They can refer back to what I sent over and over again. -

Sophos free anti-virus for Mac   2011/05/23 TonyLawrence
- Although the main threat to Macs is trojans and malware, not viruses, the common man doesn't distinguish these - they are all the same to most folks. -

A SCO Openserver to Red Hat Linux Conversion   2011/04/02 TonyLawrence
- A detailed history of a SCO to Linux Conversion - including desktop users. -

Cisco PIX interferes with TLS (encrypted) Email   2010/12/09 TonyLawrence
- A PIX firewall with the Mailguard feature turned on may interfere with encryption of SMTP traffic -

Winroute Firewall StaR reporting  
- Most low and medium end firewalls offer very little in the way of reporting - often nothing more than raw logs (and even those may be difficult to access). If they do offer anything more, it's probably extra cost. -

Winroute Firewall Advances   2010/04/02 TonyLawrence
- Some of my readers and clients know that I used to sell Fortinet firewalls. I stopped doing that several years ago because I found their support (for both me and my customers) to be unacceptably poor. The products themselves worked well and were reasonably priced, but support was not good and because of lousy documentation, support was often needed. -

Off we go into the wide blue yonder  
- It seems like everyone says 'move to the cloud', but there are questions you need to ask before you do that. -

More Security articles

Have you tried our Tests?