Securing Notes Databases
Diving through the layers of securing Domino, we are now at database security. For any Notes database be it a mail file or an application the front door for getting in the database is the database’s Access Control List. Hence, it is imperative that you develop ACL standards and enforce them to control not only data access but also the creation, modification and deletion of documents. ACL standards should consider the following guidelines
• Anonymous access governs what non authenticated web clients can access. For a web enabled server a best practice is Anonymous to have No Access. An exception may be databases that contain public information, ie product FAQs.
• Default access controls what authenticated Notes and web clients can access. Similar to Anonymous, only select databases should have Default higher than No Access.
• The user population generally needs Depositor, Reader, Author or Editor rights. Only database and system administrators should have Designer or Manager rights.
• Divide Author and Editor rights, where Editor is only assigned to those that should be able to modify any document.
• Understand the ACL flags, which are those check box items on the right hand side of the ACL dialog box. Use these to control who can do what in the database. For example, for a database with very sensitive data remove the Replicate or Copy Documents flag to prevent these actions.
• Every database needs an Administration Server defined, which allows Adminp to propagate name changes and terminations to the Access Control List and documents.
• Think about database replication across multiple servers. Set LocalDomainServers to the access that reflects what should be synchronized.
• Will the LocalDomainAdmins group be represented to provide access or will Full Access Admin be utilized as needed?
• Ensure user types are defined for the ACL entries to prevent rogue access attempts.
• Roles are not scary. If you do not understand roles, get to know them and use them to protect sensitive documents.
Next, inventory database ACLs to determine if the defined standards are being met. While you can open each database and review its ACL a faster method is to review the ACLs in a database collection. The native Catalog task collects ACLs and writes them to the catalog.nsf. Additionally, RPR Wyatt’s Essential Tools product centrally stores ACLs and allows them to be reviewed. For example, the ACL by Entry view allows you to quickly see what databases have Default set to Manager. Don’t laugh – I see this more times than I care to count. Also, ET can verify ACL entries exist in the Domino Directory. Using ET or a manual process, mitigate ACLs so they fall in line with the established rules.
And once those ACLs are set, it is important that processes are put in place to ensure database ACLs remain secure. Just like we discussed with the Domino Directory’s ACL, you can monitor ACL changes with Events monitoring, Domino Domain Monitoring and ET. The advantage of using a product like ET is that the ACL Enforcer can both monitor and revert the ACL to the intended settings.
There are security features that can be added to design elements to enhance document security.
• Reader names fields control who can read the document. Note – Views also have reader names fields; however, this should not be used as the primary method for securing sensitive data for one with the ability to create a view could simply display all documents.
• Author name fields work in conjunction with Author access. If someone has Author access to a database, then they can only modify documents where they are listed in the Author names field.
• Encrypting fields prevents anyone other than the intended reader from seeing the data contained in these fields. The most popular use is email encryption, where the Body field is encrypted.
• Encryption keys are another way to encrypt and protect document information. An encryption key is created and then shared with a subset of people.
There are database properties that can be configured to increase the security of a database.
• Web Access – For a web enabled server review these options. For example, if you do not want a web browser to access the data, then select “Don’t allow URL open.”
• Background Agents – Agents are very powerful in terms of mass data manipulation. If there are no scheduled agents, consider enabling the disable option.
• Stored Forms – Stored forms allow the design elements to travel with an email message. For a mail enabled database this allows for an email to be received and opened with its form intact. While this can be helpful for preserving format, it can allow for automatic execution of attached files.
• User Activity – In order to review who is reading, creating, modifying and deleting documents enable Record activity, which is located beneath the User Detail button.
• Last Accessed – On the propeller hat tab there is an option to Maintain LastAccessed property. This will track read access to documents. Due to the Disk I/O overhead it add to the Domino server, ensure it is only added to databases where read access needs to be monitored.
Ultimately, database security methods protect data access and data integrity. If you have not previously inventoried your database ACLs, consider assigning yourself a project as part of a security resolution for 2018!
Want to be notified about upcoming blogs from the Domino Security Series? Enter you email below!
Sign up for my webinar on November 16th to get a first hand view of how to perform the configurations above and many more
RPR Wyatt Product Portfolio
|VitalSigns||Essential Tools||Essential Agent Master||Essential Frameworks|
|VitalSigns™ is a server monitoring tool for collaboration and messaging infrastructures, optimized for enterprise environments, that constantly checks the status of every server or service your email users depend on. When it detects a problem, it sends an alert to the appropriate person. While VitalSigns is running it also captures performance statistics that can be used to produce reports and graphs to share with colleagues.||
Essential Tools (ET) is an robust, Beacon award-winning server-based Domino Administration tool designed to assist Domino administrators perform their tasks significantly more efficiently and also allow them to fulfill certain tasks that the infrastructure did not allow them to do so before. The robustness of ET stems from the basic architectural fact that the Domino Infrastructure information is collected in a centralized single point.
|Essential Agent Master (EAM) is a Domino agent monitoring and management application. Designed to run on single or multiple Domino servers, Essential Agent Master collects detailed agent information on configuration settings and execution specifics, provides notification of key agent failures, and allows control of end-user created Domino agents.||The Essential Framework (EF) enables administrators to take over and complete tasks that normally require a developer or development. By leveraging one document and one agent, administrators have the ability to pull data from any source and manipulate it into eye pleasing charts and graphs. Reports are constructed through an iterative process in a web browser or in your preferred reporting mechanism.|