Task | Use |
Choose an internal or external Internet certificate authority | Set up a certifier that will be used to issue Internet certificates in your organization. |
Cross-certify IBM® Lotus® Notes® user IDs and Domino server and certifier IDs | Allow Notes users and Domino servers in different hierarchically certified organizations to ascertain the identity of users and servers in other Notes organizations. |
Allow or deny access to a server | Specify which Notes users, Internet clients, and Domino servers are authorized to access the server. |
Allow anonymous server access | Give server access to Notes users and Domino servers outside of the organization without issuing a cross-certificate. |
Allow anonymous Internet/Intranet client access | Determine whether Internet/intranet users are allowed to access the server anonymously. |
Secure the server with name-and-password authentication | Identify Internet and intranet users accessing the server and control access to applications based on the user name. |
Enable session-based authentication | Allow Web browser clients to authenticate and maintain state with the server by using cookies. using session-based name-and-password authentication. Session-based authentication lets administrators provide a customized sign-in form and configure session expiration to log users off the server after a specified period of inactivity. Also provides capability for single single-on between Domino and WebSphere servers, using the same cookie. |
Controlling the level of authentication for Web clients | Specify the level of refinement that the server should use when searching for names and authenticating Web users. |
Limit access to create new databases, replicas, or templates | Allow specified Notes users and Domino servers to create databases and replica databases on the server. Limiting this access avoids a proliferation of databases and replicas on the server. |
Control access to a server's network port | Allow specified Notes users and Domino servers to access the server over a port. |
Encrypt server's network port | Encrypt data sent from the server's network port to prevent network eavesdropping. |
Password protect the server console | Prevent unauthorized users from entering commands at the server console. |
Restrict administrator access | Assign different types of administrator access to individuals based on the tasks they need to do on the Domino server. |
Restrict server agents | Specify which Notes users and Domino servers are allowed to run which kinds of agents on the server. |
Restrict passthru access | Specify which Notes users and Domino servers can access the server as a passthru server and specify the destinations they may access. |
Restrict server access by browser users running Java or JavaScript programs | Specify which Web browser users can use Domino ORBs to run Java or JavaScript programs on the server. |
Secure the server with SSL | Set up SSL security for Internet/intranet users to authenticate the server, encrypt data, prevent message tampering, and, optionally, authenticate clients. This is mandatory for e-commerce and secure business-to-business messaging. |
Set mail router restrictions | Restrict mail routing based on Domino domains, organizations, and organizational units. |
Set inbound SMTP restrictions | Restrict inbound mail to prevent Domino from accepting unwanted commercial e-mail. |
Use S/MIME | Use S/MIME to encrypt outgoing mail. This is often mandatory for secure business-to-business messaging. |
Prevent relaying through MTA | Enhance SMTP router security. |
Use file protection documents | Specify who can access files -- for example, HTML, GIF, or JPEG -- on a server's hard drive. |
Authenticate Internet clients using a secondary Domino Directory or LDAP directory | Authenticate Web clients who use name-and-password or SSL client authentication in secondary Domino or LDAP Directories marked as "trusted" by your domain. |
Authenticate Web clients for a specific realm | Allow Web users to access a certain drive, directory, or file on a Domino server and prevent Domino from prompting users for a name-and-password for different realms. |
Locate the server in a secure area | Prevent unauthorized access to unencrypted data and server and certifier IDs that are stored on the server's hard drive. |
Secure the server console with a Smartcard | Prevent unauthorized access to the server console by requiring the use of a Smartcard to log in to Domino. |
Use a firewall to protect access to a server | Control unauthorized access to a private network from the public Internet. |
Restrict access to a server's data directory | Use ACL files to protect server directories by specifying the names of users authorized to access those directories. |