Re: Domino

• To: trevor_sterritt@mail.amsinc.com
• Subject: Re: Domino
• From: Charlie_Kaufman/Iris.IRIS@iris.com
• Date: 28 Aug 96 16:27:01 EDT
• Cc: Www-Security@ns2.rutgers.edu

>Does anyone have knowledge about the strength of security implemented by
>Lotus Notes 4 and Domino?  Suppose that we are storing two kinds of
>information on one Notes server - one type is suitable for general public
>access through the internet, and the other is for internal use only. Is
>Lotus Notes/Domino's  security strong enough that knowledgeable and
>malicious people outside of our organization are prevented from accessing
>our internal information? 

If your server is properly configured, you can protect yourself. Here's how it 
works:

Every Notes database has an ACL, which lists the users (or groups) who are 
allowed what access to the database. If the database is world readable, it can 
be read by all Notes clients and Web Browser clients. If anyone were to be so 
foolish as to make a database world writeable, it can be updated by all Notes 
clients and Web Browser clients.

If the ACL restricts use, then only authenticated users can access it. Notes 
clients authenticate using their RSA private keys and public key certificates. 
This is very secure. Web Browser clients authenticate using a password that is 
sent in the clear and verified using a hashed value stored in the server's Name 
and Address book. This is not very secure for all the usual reasons. Only users 
who have a hashed password stored on the server can so authenticate.

If you wanted to make a database accessible only to Notes clients, you would 
set the ACL to not include any users who have hashed passwords stored on the 
server. Because this is a common desire and administratively cumbersome to 
assure, in the next release of Notes (4.5), there will be a new field in the 
ACL called "Maximum access from an Internet Browser". By setting that field to 
"None", all access via a browser can be denied (or by making it "Reader", 
access can be limited to reading the database).

>Other alternatives would be to store the
>external information on a separate HTTP server, or to have two Lotus
>Notes servers - one for public access and one for internal access, with
>the public machine outside the firewall.

This is a conservative approach and will protect against various kinds of 
accidental misconfiguration. You might keep a replica of the public data on the 
server inside the firewall and have Notes keep the two copies loosely 
synchronized. This would also protect against denial of service to internal 
users if the external machine were overwhelmed with requests.

 --Charlie Kaufman
 (charlie_kaufman@iris.com)

• Previous: Re: disabling "save as source"?
• Next: Re: Domino
• Index(es):
  • Index
  • Thread