SECURITY


Server security
To secure IBM® Lotus® Domino™ servers, you allow and prevent user and server access. In addition, you restrict the activities that users and servers may perform on the server.
TaskUse
Choose an internal or external Internet certificate authoritySet up a certifier that will be used to issue Internet certificates in your organization.
Cross-certify IBM® Lotus® Notes® user IDs and Domino server and certifier IDsAllow Notes users and Domino servers in different hierarchically certified organizations to ascertain the identity of users and servers in other Notes organizations.
Allow or deny access to a server Specify which Notes users, Internet clients, and Domino servers are authorized to access the server.
Allow anonymous server accessGive server access to Notes users and Domino servers outside of the organization without issuing a cross-certificate.
Allow anonymous Internet/Intranet client accessDetermine whether Internet/intranet users are allowed to access the server anonymously.
Secure the server with name-and-password authenticationIdentify Internet and intranet users accessing the server and control access to applications based on the user name.
Enable session-based authenticationAllow Web browser clients to authenticate and maintain state with the server by using cookies. using session-based name-and-password authentication. Session-based authentication lets administrators provide a customized sign-in form and configure session expiration to log users off the server after a specified period of inactivity. Also provides capability for single single-on between Domino and WebSphere servers, using the same cookie.
Controlling the level of authentication for Web clientsSpecify the level of refinement that the server should use when searching for names and authenticating Web users.
Limit access to create new databases, replicas, or templates Allow specified Notes users and Domino servers to create databases and replica databases on the server. Limiting this access avoids a proliferation of databases and replicas on the server.
Control access to a server's network port Allow specified Notes users and Domino servers to access the server over a port.
Encrypt server's network portEncrypt data sent from the server's network port to prevent network eavesdropping.
Password protect the server console Prevent unauthorized users from entering commands at the server console.
Restrict administrator accessAssign different types of administrator access to individuals based on the tasks they need to do on the Domino server.
Restrict server agents Specify which Notes users and Domino servers are allowed to run which kinds of agents on the server.
Restrict passthru access Specify which Notes users and Domino servers can access the server as a passthru server and specify the destinations they may access.
Restrict server access by browser users running Java or JavaScript programs Specify which Web browser users can use Domino ORBs to run Java or JavaScript programs on the server.
Secure the server with SSL Set up SSL security for Internet/intranet users to authenticate the server, encrypt data, prevent message tampering, and, optionally, authenticate clients. This is mandatory for e-commerce and secure business-to-business messaging.
Set mail router restrictionsRestrict mail routing based on Domino domains, organizations, and organizational units.
Set inbound SMTP restrictionsRestrict inbound mail to prevent Domino from accepting unwanted commercial e-mail.
Use S/MIMEUse S/MIME to encrypt outgoing mail. This is often mandatory for secure business-to-business messaging.
Prevent relaying through MTAEnhance SMTP router security.
Use file protection documents Specify who can access files -- for example, HTML, GIF, or JPEG -- on a server's hard drive.
Authenticate Internet clients using a secondary Domino Directory or LDAP directory Authenticate Web clients who use name-and-password or SSL client authentication in secondary Domino or LDAP Directories marked as "trusted" by your domain.
Authenticate Web clients for a specific realm Allow Web users to access a certain drive, directory, or file on a Domino server and prevent Domino from prompting users for a name-and-password for different realms.
Locate the server in a secure area Prevent unauthorized access to unencrypted data and server and certifier IDs that are stored on the server's hard drive.
Secure the server console with a SmartcardPrevent unauthorized access to the server console by requiring the use of a Smartcard to log in to Domino.
Use a firewall to protect access to a serverControl unauthorized access to a private network from the public Internet.
Restrict access to a server's data directory Use ACL files to protect server directories by specifying the names of users authorized to access those directories.
For more information on securing Lotus Domino servers, see the topic Customizing access to a Domino server.

See also