SECURITY


The Domino security model
The IBM® Lotus® Domino™ security model is based on the premise of protecting resources, such as the Lotus Domino server itself, databases, workstation data, and documents. The resources, or objects, that are being protected are set up to define the rights of users to access and change the object. Information about access rights and privileges are stored with each protected resource. Thus, a given user or server may have different sets of access rights, depending on the resources to which that user or server requires access.

The following includes brief descriptions of the various resources that you need to protect in a Lotus Domino environment. Some of the topics are not specific to Lotus Domino security, but are included here in the interest of thoroughness.

Physical security

Physically securing servers and databases is equally as important as preventing unauthorized user and server access. It is the first line of defense against unauthorized or malicious users, by preventing them from having direct access to your Lotus Domino servers. Therefore, we strongly recommend that you locate all Lotus Domino servers in a ventilated, secure area, such as a locked room. If servers are not physically secure, unauthorized users might circumvent security features -- for example, ACL settings -- and access applications directly on the server, use the operating system to copy or delete files, or physically damage the server hardware itself.

Physical network security concerns should also include disaster planning and recovery.

Operating system security

Unauthorized or malicious users often take advantage of operating system vulnerabilities. As a system administrator, you should safeguard the operating system on which your Lotus Domino server runs. For example, you should limit administrator login/rights, disable FTP (on NT), and avoid the use of mapped directory links to file servers or shared NAS server for Lotus Domino servers. Stay informed about your operating system of choice, and keep current with security updates and patches.

Network security

The goal for securing your network is to prevent unauthorized users from gaining access to servers, users, and data. Physical network security is beyond the scope of this book, but you must set it up before you set up Lotus Notes and Lotus Domino connection security. Physical network security is established through the use of devices -- such as filtering routers, firewalls, and proxy servers -- that enable network connections for various network services (such as LDAP, POP3, FTP, and STMP) that you want to provide for your users. Network connection security access is also controlled using these devices, as you can define what connections can be accessed, and who is authorized to used them.

Properly configured, these devices prevent unauthorized users from:


Server security

The Lotus Domino server is the most critical resource to secure and is the first level of security that Lotus Domino enforces after a user or server gains access to the server on the network. You can specify which users and servers have access to the server and restrict activities on the server -- for example, you can restrict who can create new replicas and use passthru connections.

You can also restrict and define administrator access, by delegating access based on the administrator duties and tasks. For example, you can enable access to operating system commands through the server console for system administrators, and grant database access to those administrators who are responsible for maintaining Lotus Domino databases.

If you set up servers for Internet/intranet access, you should set up SSL and name-and-password authentication to secure network data transmitted over the network and to authenticate servers and clients.

For more information, see the topic Server security.

ID security

A Lotus Notes or Lotus Domino ID uniquely identifies a user or server. Lotus Domino uses the information contained in IDs to control the access that users and servers have to other servers and applications. One of the responsibilities of the administrator is to protect IDs and make sure that unauthorized users do not use them to gain access to the Lotus Domino environment.

Some sites may require multiple administrators to enter passwords before gaining access to a certifier or server ID file. This prevents one person from controlling an ID. In such cases, each administrator should ensure each password is secure to prevent unauthorized access to the ID file.

For more information, see the topic Notes and Domino ID security.

You can also secure Lotus Notes user IDs with Smartcards. Smartcards reduce the threat of user ID theft, as a user who has a Smartcard needs their user ID, their Smartcard, and their Smartcard PIN to access Lotus Notes.

For more information on Smartcards, see the topic Enabling Smartcards for Notes login if you have installed Lotus Notes 8 Help. Or, got to http://www.lotus.com/ldd to download or view Lotus Notes 8 Help.

Application security

Once users and servers gain access to a Lotus Domino server, you can use the database access control list (ACL) to restrict access that specific users and servers have to individual Lotus Domino applications on the server. In addition, to provide data privacy, encrypt the database with an ID so unauthorized users cannot access a locally stored copy of the database, sign or encrypt mail messages users send and receive, and sign the database or template to protect workstations from formulas.

For more information on database ACLs, see the topic Application security.

Application design element security

Although users may have access to an application, they may not have access to specific design elements in the application -- for example, forms, views, and folders. When designing a Lotus Domino application, an application developer can use access lists and special fields to restrict access to specific design elements.

For more information on securing design elements, see Application design element security.

Workstation data security

Lotus Notes users may keep and use important applications and information on their workstations. This information can be protected through the use of an execution control lists (ECL), which defines the access that active content from other users has to the user workstation.

For more information on execution control lists, see the topic Workstation data security.

See also