English
IBM Domino Server provides a range of security measures, but the configuration can easily get complicated and give rise to major security issues. It is impossible to satisfy the security and compliance requirements of a multi-server environment in organizations without having a reliable track record of the access and configuration changes.
Knowing how to lock down access to your IBM Domino server is of vital importance. In the event of unauthorised access to the server, a breach of confidentiality is more likely and can lead to data theft. Legal battles, GDPR compliance breaches and hefty fines can be extremely detrimental to the company. Use the following steps to ensure the lockdown of your IBM Domino servers.
Ignoring basic common sense about ID's, it is a common practice for
Domino Server ID’s to be left without a password. Experts and even
IBM have warned against this widespread practice, but with what is at stake on your server, does it make sense to leave it vulnerable?
There was a time when software could focus on delivering the business solution it was designed to provide. But with the ever escalating threats of hacking and data breaches, from both external and internal sources, far more attention needs to be placed on security, along with audit trails and event logs which can be used to perform forensic investigations. IBM Domino Servers, even though a robust and secure platform, lack the depth of logging necessary to deal with today’s challenges. While Domino Server does an excellent job providing a collaboration and email platform, it can be prone to some significant security gaps, due in part to the lack of logging.
Surprisingly, many major companies aren't even aware that real time security features exist. Or they misunderstand what this type of security accomplishes. What we're used to, what non-technical people understand with regard to security, is that we can track everything. So, in theory, you'd get an email or an alert when something malicious happens. If someone tried to hack your database, you'd get an alert letting you know that they were able to bypass your protections. You'd even be able to track exactly what records were accessed.
Data protection - it's probably one of your company's top priorities. But often we concentrate our efforts to protect against threats that are external to the company - software and other measures to keep influences from infiltrating systems. What companies have to be aware of in order to truly lock down their important information is that internal threats are far greater. Many data security issues are instigated from the inside. It's estimated that over 70% of data breaches at banks and other financial corporations are instigated by employees or past employees. There are also a high number of employees who gain access to proprietary data and use it to their benefit, either to leverage employment with a competitor or to start their own venture. While there are legal options your company can employ to deter this activity,
it still happens.
Knowing how to lock down access to your IBM Domino server is of vital importance. In the event of unauthorised access to the server, a breach of confidentiality is more likely and can lead to data theft. Legal battles and hefty fines can be extremely detrimental to the company. Use the following steps to ensure the lockdown of your IBM Domino servers.
Schutz für Konfigurationsdokumente
Mit DominoProtect schützen Sie alle für Sie relevanten Dokumente bis hin zu einzelnen Feldern, z.B. Zugriffskontrolllisten (ACL’s), Server-, Konfigurations-, Verbindungs- oder Domänendokumente. Individuelle Szenarien, wie “im Directory-Dokument nur das Feld HTTP-Password direkt editierbar” können realisiert werden. Sie definieren, welche Zugriffsmöglichkeit verhindert werden soll – Öffnen, Ändern, Löschen. Der Schutz umfasst auch Änderungen durch Replikation, außerdem wird die manuelle Erstellung solcher Dokumente im Domino Directory verhindert. Beim Zugriff auf geschützte Objekte können beliebige Aktionen definiert werden, z.B. Versenden einer E-Mail, Ausführung von Agents oder Anzeigen von Dialogen.
Domino Protect, Support - German Language, Security Monitoring
Intelligentes Management für Konfigurationsänderungen
Die Konfigurationsdokumente werden nach Aktivierung des Schutzes nur noch über die DominoProtect-Datenbank gepflegt. Für kontrollierte Änderungen stellt DominoProtect ein Request-Modell mit optionalen Freigabe-Zyklen zur Verfügung. Für das Erstellen, Editieren oder Löschen von geschützten Objekten wird ein Vorgang gestartet, der automatisiert ausgeführt und protokolliert wird.
Domino Protect, Support - German Language, Configuration Management
Automatisierung des Server-Starts mit Passwortschutz für die Server-ID
Die gefährliche Praxis Server-ID-Dateien ohne Kennwort zu nutzen wird in ihren Auswirkungen oft unterschätzt. Die BCC Erfahrung zeigt: die Server-ID-Datei ist bei vielen Domino Anwender-Unternehmen verschiedenen Personen im IT-Bereich zugänglich und meist nicht durch ein Kennwort geschützt. Der fehlende Kennwortschutz hat seine Ursache oft in der Anforderung, dass der Domino Server im Falle eines Absturzes oder Neustarts ohne Kennworteingabe automatisch starten muss. Handelt es sich bei dem Server um einen ID-Vault Server, kann der fehlende Schutz leicht zum Mißbrauch der User-IDs führen. Diese Sicherheitslücke kann zuverlässig geschlossen werden!
Domino Protect, Support - German Language, Automation, Server restart, ID-Schutz
