0
© 2014 IBM Corporation
BP103
Ready, Aim, Fire: Mastering
the Latest in the
Administrator’s Arsenal
Kim Greene, Kim Greene ...
52
Securing Your Servers
ID Vault
Use it!!!
– Customer scenarios:
• Lost ID because PC crashed, had to go back to original ID on network drive, whi...
Protected Groups
Prevents accidental deletion of designated “critical” groups
Configured in Directory Profile of the Domin...
Protected Groups
Open Domino Directory→Actions→Edit Directory Profile
55
Protected Groups
Prevent deletion of these groups
56
Password Checking
Password checking is crucial for securing IDs
Enable in both Server document and Person document
57
+
Internet Password Lockout
Set threshold for Internet password authentication failures for HTTP users
58
Locking down your server’s ACLs
Ensuring that your Domino databases are locked down from the server side can be vital.
– M...
Locking down your server’s ACLs
DominoHunter results
60
Locking down your server’s ACLs
Easy to recognize when looking into Domlog.nsf (for v0.9 it records thousands of hits from...
Domino server ports
Make sure not to leave ports open that you do not have to
– This will be the number 1 step for any pot...
Domino server ports
Make sure not to leave ports open that you do not have to
– This is the number 1 step for any attacker...
How to Contact Us
76
@iSeriesDomino
www.linkedin.com/in/kimgreeneconsulting
@BenMenesi
ca.linkedin.com/in/benedekmenesi
Co...
78
Acknowledgements and Disclaimers
© Copyright IBM Corporation 2014. All rights reserved.
U.S. Government Users Restricte...
Upcoming SlideShare
Loading in...5
×

Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x

743

Published on

This is a tip from the IBM Connect 2014 session "BP103 : Ready, Aim, Fire: Mastering the Latest in the Administrator’s Arsenal". Speakers Ben Menesi (Ytria) and Kim Greene (Kim Greene Consulting) step through the new features IBM has introduced to Domino from release 8.5.x-9.x.

This tip covers why you should use ID Vault, how to set up protected groups, what settings to tweak to make sure password checking is up and running, how to lock down your server’s ACLs and more.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
743
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x"

  1. 1. © 2014 IBM Corporation BP103 Ready, Aim, Fire: Mastering the Latest in the Administrator’s Arsenal Kim Greene, Kim Greene Consulting, Inc Ben Menesi, Ytria
  2. 2. 52 Securing Your Servers
  3. 3. ID Vault Use it!!! – Customer scenarios: • Lost ID because PC crashed, had to go back to original ID on network drive, which was created under different certifier than current certifier • Forgotten passwords • Setting up new users / existing users get new PCs/laptops - Notes client setup simply pulls ID from vault, no manual handling of ID file Tip: – If have multiple OUs, easiest to implement from top OU Gotcha: – Doesn’t work in Citrix® environments (yet) 53 Domino 8.5
  4. 4. Protected Groups Prevents accidental deletion of designated “critical” groups Configured in Directory Profile of the Domino Directory – Tip: You must edit and save once to become operational Requires Domino directory to have 9 design Defaults to LocalDomainAdmins, LocalDomainServers, and OtherDomainServers 54 Domino 9.0
  5. 5. Protected Groups Open Domino Directory→Actions→Edit Directory Profile 55
  6. 6. Protected Groups Prevent deletion of these groups 56
  7. 7. Password Checking Password checking is crucial for securing IDs Enable in both Server document and Person document 57 +
  8. 8. Internet Password Lockout Set threshold for Internet password authentication failures for HTTP users 58
  9. 9. Locking down your server’s ACLs Ensuring that your Domino databases are locked down from the server side can be vital. – Make sure Anonymous has no access to your databases (especially system databases!) – Use DominoHunter to gather information from the outside • You might be surprised what you find! DominoHunter: open-source PERL script that automates opening and querying standard databases from the web – Beware: even if you get satisfying results, you may have databases left open to the web that this script won’t find! • It works based on a pre-set list of system databases • Use syntax: dh.pl –h targetaddress.com –l results.txt 59
  10. 10. Locking down your server’s ACLs DominoHunter results 60
  11. 11. Locking down your server’s ACLs Easy to recognize when looking into Domlog.nsf (for v0.9 it records thousands of hits from the same IP!) – You can even write an agent to get notified about such attempts / attacks 61
  12. 12. Domino server ports Make sure not to leave ports open that you do not have to – This will be the number 1 step for any potential outside attack – Nmap is a great tool to test for open ports: 62
  13. 13. Domino server ports Make sure not to leave ports open that you do not have to – This is the number 1 step for any attacker – You can use Nmap to scan for open ports • DomLog records hit when selecting intense scan 63
  14. 14. How to Contact Us 76 @iSeriesDomino www.linkedin.com/in/kimgreeneconsulting @BenMenesi ca.linkedin.com/in/benedekmenesi Contact – Ben Menesi Contact – Kim Greene We’d love to hear from you! kim@kimgreene.comben.menesi@ytria.com
  15. 15. 78 Acknowledgements and Disclaimers © Copyright IBM Corporation 2014. All rights reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, ibm.com, and IBM Domino®, IBM Notes Domino®, IBM Notes®, IBM Traveler®, Sametime® LotusScript® are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml This slide presentation may contain the following copyrighted, trademarked, and / or restricted terms: Microsoft®, Windows®, Microsoft Office®, Ytria®, Panagenda®, Visual Basic®, Java®, Perl®, OGSi®, Trust-factory®, Citrix® Other company, product, or service names may be trademarks or service marks of others. Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×