The security of the Domino system is influenced by the physical location of the Domino server, Operating System configuration and network access points. It is important to understand how these can impact Domino.
Common security sense says that the servers of any application should be stored in a data center that has some type of controlled access. While your servers are probably in such a room, do you know who is accessing that area? When I did a lot of on site consulting, I tested physical access by writing in the data center log the name of a Disney character. Sadly, you would probably not be shocked by the number of times this was never contested. Data center log ins are similar to the Windows server shut down prompt – who actually reads them. Key card access has removed paper sign in sheets, but it is still important to track entry and exit of the data center.
Operating System Security
Operating System security needs to be reviewed and configured in order to prevent unauthorized access to Domino data. Remote access and shared network drives are incredibly convenient, but they do allow for the interaction of Domino databases and server console. Hence, be careful who has the ability to access the server via these methods. Whether backing up to physical media or a cloud service, ensure the data is securely stored. Additionally, use the OS firewall to control what ports can be accessed on the server. If you remove POP3 under Domino, then remove it as an open port at the OS level.
Finally, anti virus software is a no brainer – protect the Domino server by scanning files on local drives, file attachments in Domino databases and email messages as they pass thru the router.
Network security basics include reducing the access points of the Domino server. All too often I see the Domino server sitting behind a firewall with 1352 open through the firewall to allow remote access. While I understand why this is done, ideally, the Domino server should be remotely accessed via a VPN solution. Using Domino pass thru is a Domino centric method for providing remote access, while keeping your Domino data off the public wire. Also, within Domino encrypt the network port to ensure the client and server traffic is encrypted.
As a Domino administrator, you control the configuration settings under Domino, but what about these system properties that are not part of the application? For a small environment you may be in charge of the entire system; however, in large organizations functions tend to be federated. If you are dependent upon others, then document your needs and forge relationships with those entities to ensure your server’s security.
Want to be notified about upcoming blogs from the Domino Security Series? Enter you email below!
Sign up for my webinar on November 16th to get a first hand view of how to perform the configurations above and many more
RPR Wyatt Product Portfolio
|VitalSigns||Essential Tools||Essential Agent Master||Essential Frameworks|
|VitalSigns™ is a server monitoring tool for collaboration and messaging infrastructures, optimized for enterprise environments, that constantly checks the status of every server or service your email users depend on. When it detects a problem, it sends an alert to the appropriate person. While VitalSigns is running it also captures performance statistics that can be used to produce reports and graphs to share with colleagues.||
Essential Tools (ET) is an robust, Beacon award-winning server-based Domino Administration tool designed to assist Domino administrators perform their tasks significantly more efficiently and also allow them to fulfill certain tasks that the infrastructure did not allow them to do so before. The robustness of ET stems from the basic architectural fact that the Domino Infrastructure information is collected in a centralized single point.
|Essential Agent Master (EAM) is a Domino agent monitoring and management application. Designed to run on single or multiple Domino servers, Essential Agent Master collects detailed agent information on configuration settings and execution specifics, provides notification of key agent failures, and allows control of end-user created Domino agents.||The Essential Framework (EF) enables administrators to take over and complete tasks that normally require a developer or development. By leveraging one document and one agent, administrators have the ability to pull data from any source and manipulate it into eye pleasing charts and graphs. Reports are constructed through an iterative process in a web browser or in your preferred reporting mechanism.|