Knowing how to lock down access to your IBM Domino server is of vital importance. In the event of unauthorised access to the server, a breach of confidentiality is more likely and can lead to data theft. Legal battles and hefty fines can be extremely detrimental to the company. Use the following steps to ensure the lockdown of your IBM Domino servers.
1. Protect the server with a strong password
A multi-part password helps to deter hackers who are looking for easy targets in which to gain access to. A number of experts – including IBM as well as gurus like Gabriella Davies and Paul Mooney – highly recommend implementing this step as a method of security. However, those in the position of admin of these companies tend to ignore such advice to allow ease of use. Adding a password to the server ID can make server reboots more difficult because a password has to be provided each time. Rebooting the server in the middle of the night then becomes a logistical nightmare if the password is highly secure because it involves multiple parts.
2. Ensure that only authorised individuals can access the Domino directory
The Domino directory should only be accessed by those individuals who are in need of doing so. This typically means those people who are tasked with the admin or those who are charged with maintaining the security and integrity of the system. This is not to say that other users are not able to access the system. They should only have the ability to read and only selectively edit those documents that require them to do so.
3. Maintain appropriate Access Control Lists (ACLs)
In general, there are different levels of access which centre around granting users the authority to access only those applications that are needed. For example, applications that involve actions that can affect all of the company's employees, such as the minutes of a board meeting, would typically only be accessible to members of the board and other top level executives rather than all of the employees.
4. Allow admins to have access to data to perform their jobs
Many companies find they walk a fine line with one particular group of employees – the admins. It is this group that always needs to have access to all of the applications of the system. Having this access is necessary so they can perform maintenance and other tasks. Some companies use features such as Authors and Readers fields to restrict access further by fine-tuning user access. Other organisations use encryption to protect sensitive data fields. Encrypted data, however, can still be accessed by those who are unauthorised to do so by using someone else's ID.
5. Use DominoProtect for added security
DominoProtect adds an essential extra layer of security as a tool that works above and beyond the ACL restrictions. DominoProtect allows an admin to gain manager access to the database, for example, but prevents the admin from actually accessing the data contained within that database. DominoProtect also allows server IDs to be protected – with multiple passwords if you so wish – and still enablesunattended server restarts.
For more information about DominoProtect check out our webinar: Top 5 Actions to Boost Your IBM Domino Server Security
Need help securing your Domino severs?