SlideShare a Scribd company logo

Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client

panagenda
panagenda

This document summarizes a presentation on best practices for securing HCL Notes/Domino. It discusses securing client-server communication through encryption settings, safeguarding data in local replicas with encryption and access controls, protecting the client from untrusted code using execution control lists, staying up-to-date with security updates, and using authentication security practices like password policies and single sign-on. Commercial services from panagenda can help organizations implement these security configurations and topics.

Software
1 of 19
Download to read offline
Make Your Data Work For You Best Practices for HCL Notes/Domino Security Part 1: The Notes Client 16th March 2021
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Speakers Join the conversation using #NotesDominoSecurity & @panagenda
Agenda 1. Introduction 2. Secure client-server communication over any port (with and without SafeLinx) 3. Safeguarding data in local replicas/databases 4. Protecting the client environment from running untrusted code 5. Staying current with security updates 6. Authentication security
1. Introduction – Available clients • Available clients – HCL Notes – Basic configuration – HCL Notes – Standard (incl. Eclipse) – HCL Notes – Standard (incl. Eclipse + Admin and/or Designer client) – HCL Client Application Access – aka HCAA – HCL Nomad – mobile app for Android – HCL Nomad – mobile app for iOS/iPadOS – HCL Nomad Web (beta) – via Browser – HCL Verse – via Browser
2. Secure client-server communication – Client • NRPC port settings – NRPC = Notes remote procedure call – Port 1352 – Legacy • LAN0 / COM(.*) / DisabledPorts → Should be removed – Port settings in notes.ini • Ports=TCPIP • TCPIP = TCP,0,15,0,,45056, → with encryption only • TCPIP = TCP,0,15,0,,45088, → with encryption & compression • TCPIP = TCP,0,15,0,,12288, → DEFAULT - without encryption & compression
2. Secure client-server communication – Server • Legacy/Default port encryption for Notes/Domino – RC4 128Bit (Rivest Cipher 4) • Best practice settings for port encryption on Domino server >= 9.0.1 Fix Pack 7 – AES-GCM 128Bit (Advanced Encryption Standard) – notes.ini → PORT_ENC_ADV=84 • See the following Technote for details and read before you use the parameter: – https://help.hcltechsw.com/domino/11.0.1/admin/conf_port_enc_adv_r.html
2. Secure client-server communication – mobile app • HCL Nomad mobile app – Classic → NRPC (direct using VPN/Passthrough) – New → SSL Tunneling (port 443) using Nomad Proxy aka HCL SafeLinx
3. Safeguarding data in local replicas/databases • Local replicas of (Domino) server databases – One of the most powerful features of Notes/Domino is “Replication” – Almost every customer has local replicas on some or on all Notes clients (managed and/or unmanaged) – Local replicas in general should always be encrypted – Use “Strong Encryption” or even better “128 bit AES”
3. Safeguarding data in local replicas/databases (cont.) • Access Control List (ACL) of local replicas – Use the option “Enforce a consistent Access Control List” in the ACL’s of your server Application Databases to ensure ACL is identical on all replicas (incl. local).
4. Protecting the client environment from running untrusted code • Execution Control List (ECL) – The ECL takes care that code only gets executed if the “code signer” is trusted – Either a user or admins can put “signers/users” on the ECL – Using an Administration-ECL or manage the ECL (incl. lock down) is highly recommended and also ensures that a user cannot add users/Signers to the list • If a user then gets an “Execution Security Alert” → it is a security alert!
5. Staying current with security updates • Do you remember our first slide? • Available clients – HCL Notes – Basic configuration – HCL Notes – Standard (incl. Eclipse) – HCL Notes – Standard (incl. Eclipse + Admin and/or Designer client) – HCL Client Application Access – aka HCAA – HCL Nomad – mobile app for Android – HCL Nomad – mobile app for iOS/iPadOS – HCL Nomad Web (beta) – via Browser – HCL Verse – via Browser
5. Staying current with security updates (cont.) • Do you remember our first slide? • Available clients and latest releases – HCL Notes 11.0.1 FP2 SHF46 – Basic configuration – HCL Notes 11.0.1 FP2 SHF46 – Standard (incl. Eclipse) – HCL Notes 11.0.1 FP2 SHF46 – Standard (incl. Eclipse + Admin and/or Designer client) – HCL Client Application Access 3.0.3 – aka HCAA – HCL Nomad 1.0.15 20210219-1541 – mobile app for Android – HCL Nomad 1.0.11– mobile app for iOS/iPadOS – HCL Nomad Web (beta) – via Browser – HCL Verse 2.0.1 – via Browser
5. Staying current with security updates (cont.) • More security options – The newer the version, the more modern and better the security options and features • Vulnerability – The older the version, the higher the risk of being vulnerable – Check out this link (sorted in ascending order by date): https://support.hcltechsw.com/csm?id=kb_search&spa=1&language=en&u_document_type=Security%20B ulletin&kb_category=1ec026dc1b45730083cb86e9cd4bcb24
6. Authentication security • The following may sound silly, but – PLEASE use ID files protected with passwords – Use a Security-Policy to force password • expiration after xx days • complexity • Single Sign-On (SSO) may help here – Comfort combined with security – Notes Shared Login (NSL) • https://help.hcltechsw.com/domino/11.0.1/admin/conf_usingnotessharedlogintosuppresspasswordpr ompts_c.html – Notes Federated Login (NFL) • https://help.hcltechsw.com/domino/11.0.1/admin/secu_using_security_assertion_markup_language_saml _to_configure_federated_identity_authentication_t.html?hl=federated%2Clogin
- Commercial break - All the 6 topics and more can be easily covered/solved/managed by
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Q & A Join the conversation using #NotesDominoSecurity & @panagenda
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Thank you! Join the conversation using #NotesDominoSecurity & @panagenda
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Thank you! Join the conversation using #NotesDominoSecurity & @panagenda

Recommended

HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
Ales Lichtenberg
 
New! getting domino current is easier than you think v5
New! getting domino current is easier than you think v5New! getting domino current is easier than you think v5
New! getting domino current is easier than you think v5
Andy Porter
 
HCL Sametime Update (deutsch)
HCL Sametime Update (deutsch)HCL Sametime Update (deutsch)
HCL Sametime Update (deutsch)
eschwalb
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-ServerBewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
panagenda
 
Unboxing HCL Notes/Domino v12!
Unboxing HCL Notes/Domino v12!Unboxing HCL Notes/Domino v12!
Unboxing HCL Notes/Domino v12!
panagenda
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best Practices
Dylan Redfield
 
HCL Sametime 11.5 Meetings - A look behind the curtain
HCL Sametime 11.5 Meetings - A look behind the curtainHCL Sametime 11.5 Meetings - A look behind the curtain
HCL Sametime 11.5 Meetings - A look behind the curtain
eschwalb
 
Domino V10 and How to Get There - IBM Think 2019
Domino V10 and How to Get There - IBM Think 2019Domino V10 and How to Get There - IBM Think 2019
Domino V10 and How to Get There - IBM Think 2019
Dylan Redfield
 

Recommended

HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
Ales Lichtenberg
 
New! getting domino current is easier than you think v5
New! getting domino current is easier than you think v5New! getting domino current is easier than you think v5
New! getting domino current is easier than you think v5
Andy Porter
 
HCL Sametime Update (deutsch)
HCL Sametime Update (deutsch)HCL Sametime Update (deutsch)
HCL Sametime Update (deutsch)
eschwalb
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-ServerBewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
panagenda
 
Unboxing HCL Notes/Domino v12!
Unboxing HCL Notes/Domino v12!Unboxing HCL Notes/Domino v12!
Unboxing HCL Notes/Domino v12!
panagenda
 
MES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best PracticesMES102 - Verse on Premises 2.0 Best Practices
MES102 - Verse on Premises 2.0 Best Practices
Dylan Redfield
 
HCL Sametime 11.5 Meetings - A look behind the curtain
HCL Sametime 11.5 Meetings - A look behind the curtainHCL Sametime 11.5 Meetings - A look behind the curtain
HCL Sametime 11.5 Meetings - A look behind the curtain
eschwalb
 
Domino V10 and How to Get There - IBM Think 2019
Domino V10 and How to Get There - IBM Think 2019Domino V10 and How to Get There - IBM Think 2019
Domino V10 and How to Get There - IBM Think 2019
Dylan Redfield
 
HCL Sametime Meetings server upgrade to V11.6
HCL Sametime Meetings server upgrade to V11.6HCL Sametime Meetings server upgrade to V11.6
HCL Sametime Meetings server upgrade to V11.6
Ales Lichtenberg
 
HCL Sametime V11 - ENG
HCL Sametime V11 - ENGHCL Sametime V11 - ENG
HCL Sametime V11 - ENG
Ales Lichtenberg
 
HCL Nomad for Admins - ENG
HCL Nomad for Admins - ENGHCL Nomad for Admins - ENG
HCL Nomad for Admins - ENG
Ales Lichtenberg
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tips
Ales Lichtenberg
 
HCL Domino and Notes v12 are coming!
HCL Domino and Notes v12 are coming!HCL Domino and Notes v12 are coming!
HCL Domino and Notes v12 are coming!
panagenda
 
INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365
Dylan Redfield
 
HCL Sametime V11 - Step by Step
HCL Sametime V11 - Step by StepHCL Sametime V11 - Step by Step
HCL Sametime V11 - Step by Step
Ales Lichtenberg
 
HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021
HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021
HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021
Ales Lichtenberg
 
HCL Sametime V11 - Step by Step v1.1 (include FP2)
HCL Sametime V11 - Step by Step v1.1 (include FP2)HCL Sametime V11 - Step by Step v1.1 (include FP2)
HCL Sametime V11 - Step by Step v1.1 (include FP2)
Ales Lichtenberg
 
HCL Sametime Meetings 11.5 Step-by-Step
HCL Sametime Meetings 11.5 Step-by-StepHCL Sametime Meetings 11.5 Step-by-Step
HCL Sametime Meetings 11.5 Step-by-Step
Ales Lichtenberg
 
Upgrade HCL Sametime server 11.0 to 11.5
Upgrade HCL Sametime server 11.0 to 11.5Upgrade HCL Sametime server 11.0 to 11.5
Upgrade HCL Sametime server 11.0 to 11.5
Ales Lichtenberg
 
Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!
Keith Brooks
 
HCL Sametime Meetings 11.5 Setup Live Stream
HCL Sametime Meetings 11.5 Setup Live StreamHCL Sametime Meetings 11.5 Setup Live Stream
HCL Sametime Meetings 11.5 Setup Live Stream
Ales Lichtenberg
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
Christoph Adler
 
HCL Sametime Meetings 11.5 Pre-Release - Step-by-Step
HCL Sametime Meetings 11.5 Pre-Release - Step-by-StepHCL Sametime Meetings 11.5 Pre-Release - Step-by-Step
HCL Sametime Meetings 11.5 Pre-Release - Step-by-Step
Ales Lichtenberg
 
Ugprade HCL Sametime V11.5 to V11.6 - Step by Step
Ugprade HCL Sametime V11.5 to V11.6 - Step by StepUgprade HCL Sametime V11.5 to V11.6 - Step by Step
Ugprade HCL Sametime V11.5 to V11.6 - Step by Step
Ales Lichtenberg
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
Hidden gems in cf2016
Hidden gems in cf2016Hidden gems in cf2016
Hidden gems in cf2016
ColdFusionConference
 
Debugging the Web with Fiddler
Debugging the Web with FiddlerDebugging the Web with Fiddler
Debugging the Web with Fiddler
Ido Flatow
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
LetsConnect
 
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at ExoscaleCoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
Antoine COETSIER
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
panagenda
 

More Related Content

What's hot

HCL Domino and Notes v12 are coming!
HCL Domino and Notes v12 are coming!HCL Domino and Notes v12 are coming!
HCL Domino and Notes v12 are coming!
panagenda
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
Christoph Adler
 

What's hot (20)

HCL Sametime Meetings server upgrade to V11.6
HCL Sametime Meetings server upgrade to V11.6HCL Sametime Meetings server upgrade to V11.6
HCL Sametime Meetings server upgrade to V11.6
 
HCL Sametime V11 - ENG
HCL Sametime V11 - ENGHCL Sametime V11 - ENG
HCL Sametime V11 - ENG
 
HCL Nomad for Admins - ENG
HCL Nomad for Admins - ENGHCL Nomad for Admins - ENG
HCL Nomad for Admins - ENG
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tips
 
HCL Domino and Notes v12 are coming!
HCL Domino and Notes v12 are coming!HCL Domino and Notes v12 are coming!
HCL Domino and Notes v12 are coming!
 
INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365
 
HCL Sametime V11 - Step by Step
HCL Sametime V11 - Step by StepHCL Sametime V11 - Step by Step
HCL Sametime V11 - Step by Step
 
HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021
HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021
HCL Sametime Meetings on Docker - SUTOL Cafe 2/2021
 
HCL Sametime V11 - Step by Step v1.1 (include FP2)
HCL Sametime V11 - Step by Step v1.1 (include FP2)HCL Sametime V11 - Step by Step v1.1 (include FP2)
HCL Sametime V11 - Step by Step v1.1 (include FP2)
 
HCL Sametime Meetings 11.5 Step-by-Step
HCL Sametime Meetings 11.5 Step-by-StepHCL Sametime Meetings 11.5 Step-by-Step
HCL Sametime Meetings 11.5 Step-by-Step
 
Upgrade HCL Sametime server 11.0 to 11.5
Upgrade HCL Sametime server 11.0 to 11.5Upgrade HCL Sametime server 11.0 to 11.5
Upgrade HCL Sametime server 11.0 to 11.5
 
Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!
 
HCL Sametime Meetings 11.5 Setup Live Stream
HCL Sametime Meetings 11.5 Setup Live StreamHCL Sametime Meetings 11.5 Setup Live Stream
HCL Sametime Meetings 11.5 Setup Live Stream
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
 
HCL Sametime Meetings 11.5 Pre-Release - Step-by-Step
HCL Sametime Meetings 11.5 Pre-Release - Step-by-StepHCL Sametime Meetings 11.5 Pre-Release - Step-by-Step
HCL Sametime Meetings 11.5 Pre-Release - Step-by-Step
 
Ugprade HCL Sametime V11.5 to V11.6 - Step by Step
Ugprade HCL Sametime V11.5 to V11.6 - Step by StepUgprade HCL Sametime V11.5 to V11.6 - Step by Step
Ugprade HCL Sametime V11.5 to V11.6 - Step by Step
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
 
Hidden gems in cf2016
Hidden gems in cf2016Hidden gems in cf2016
Hidden gems in cf2016
 
Debugging the Web with Fiddler
Debugging the Web with FiddlerDebugging the Web with Fiddler
Debugging the Web with Fiddler
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 

Similar to Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client

Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
panagenda
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafft
panagenda
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
panagenda
 
HCL Nomad Web 101: Skip the Mistakes and Get on the Fast Track
HCL Nomad Web 101: Skip the Mistakes and Get on the Fast TrackHCL Nomad Web 101: Skip the Mistakes and Get on the Fast Track
HCL Nomad Web 101: Skip the Mistakes and Get on the Fast Track
panagenda
 
CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....
CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....
CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....
Christoph Adler
 
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
panagenda
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
maaz khan
 

Similar to Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client (20)

CoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at ExoscaleCoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafft
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
 
Globus: Beyond File Transfer
Globus: Beyond File TransferGlobus: Beyond File Transfer
Globus: Beyond File Transfer
 
HCL Nomad Web 101: Skip the Mistakes and Get on the Fast Track
HCL Nomad Web 101: Skip the Mistakes and Get on the Fast TrackHCL Nomad Web 101: Skip the Mistakes and Get on the Fast Track
HCL Nomad Web 101: Skip the Mistakes and Get on the Fast Track
 
Andriod - Technical Review
Andriod - Technical ReviewAndriod - Technical Review
Andriod - Technical Review
 
CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....
CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....
CollabSphere 2020 Live - Virtual, Faster, Better! How to deploy HCL Notes 11....
 
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
 
IBM Spectrum Scale Security
IBM Spectrum Scale Security IBM Spectrum Scale Security
IBM Spectrum Scale Security
 
Social Connections 13 - Troubleshooting Connections Pink
Social Connections 13 - Troubleshooting Connections PinkSocial Connections 13 - Troubleshooting Connections Pink
Social Connections 13 - Troubleshooting Connections Pink
 
DevOPS training - Day 1/2
DevOPS training - Day 1/2DevOPS training - Day 1/2
DevOPS training - Day 1/2
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
Tutorial: What's New with Globus
Tutorial: What's New with GlobusTutorial: What's New with Globus
Tutorial: What's New with Globus
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data In
 

More from panagenda

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdfDe05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
panagenda
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
panagenda
 
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
panagenda
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
panagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
panagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
panagenda
 
Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successful
panagenda
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clients
panagenda
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14
panagenda
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssen
panagenda
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
panagenda
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothly
panagenda
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Web
panagenda
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
panagenda
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomad
panagenda
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
panagenda
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshooting
panagenda
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummies
panagenda
 

More from panagenda (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdfDe05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
 
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successful
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clients
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssen
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothly
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Web
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomad
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshooting
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummies
 

Recently uploaded

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 

Recently uploaded (20)

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 

Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client

  • 1. Make Your Data Work For You Best Practices for HCL Notes/Domino Security Part 1: The Notes Client 16th March 2021
  • 2. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Speakers Join the conversation using #NotesDominoSecurity & @panagenda
  • 3. Agenda 1. Introduction 2. Secure client-server communication over any port (with and without SafeLinx) 3. Safeguarding data in local replicas/databases 4. Protecting the client environment from running untrusted code 5. Staying current with security updates 6. Authentication security
  • 4.
  • 5. 1. Introduction – Available clients • Available clients – HCL Notes – Basic configuration – HCL Notes – Standard (incl. Eclipse) – HCL Notes – Standard (incl. Eclipse + Admin and/or Designer client) – HCL Client Application Access – aka HCAA – HCL Nomad – mobile app for Android – HCL Nomad – mobile app for iOS/iPadOS – HCL Nomad Web (beta) – via Browser – HCL Verse – via Browser
  • 6. 2. Secure client-server communication – Client • NRPC port settings – NRPC = Notes remote procedure call – Port 1352 – Legacy • LAN0 / COM(.*) / DisabledPorts → Should be removed – Port settings in notes.ini • Ports=TCPIP • TCPIP = TCP,0,15,0,,45056, → with encryption only • TCPIP = TCP,0,15,0,,45088, → with encryption & compression • TCPIP = TCP,0,15,0,,12288, → DEFAULT - without encryption & compression
  • 7. 2. Secure client-server communication – Server • Legacy/Default port encryption for Notes/Domino – RC4 128Bit (Rivest Cipher 4) • Best practice settings for port encryption on Domino server >= 9.0.1 Fix Pack 7 – AES-GCM 128Bit (Advanced Encryption Standard) – notes.ini → PORT_ENC_ADV=84 • See the following Technote for details and read before you use the parameter: – https://help.hcltechsw.com/domino/11.0.1/admin/conf_port_enc_adv_r.html
  • 8. 2. Secure client-server communication – mobile app • HCL Nomad mobile app – Classic → NRPC (direct using VPN/Passthrough) – New → SSL Tunneling (port 443) using Nomad Proxy aka HCL SafeLinx
  • 9. 3. Safeguarding data in local replicas/databases • Local replicas of (Domino) server databases – One of the most powerful features of Notes/Domino is “Replication” – Almost every customer has local replicas on some or on all Notes clients (managed and/or unmanaged) – Local replicas in general should always be encrypted – Use “Strong Encryption” or even better “128 bit AES”
  • 10. 3. Safeguarding data in local replicas/databases (cont.) • Access Control List (ACL) of local replicas – Use the option “Enforce a consistent Access Control List” in the ACL’s of your server Application Databases to ensure ACL is identical on all replicas (incl. local).
  • 11. 4. Protecting the client environment from running untrusted code • Execution Control List (ECL) – The ECL takes care that code only gets executed if the “code signer” is trusted – Either a user or admins can put “signers/users” on the ECL – Using an Administration-ECL or manage the ECL (incl. lock down) is highly recommended and also ensures that a user cannot add users/Signers to the list • If a user then gets an “Execution Security Alert” → it is a security alert!
  • 12. 5. Staying current with security updates • Do you remember our first slide? • Available clients – HCL Notes – Basic configuration – HCL Notes – Standard (incl. Eclipse) – HCL Notes – Standard (incl. Eclipse + Admin and/or Designer client) – HCL Client Application Access – aka HCAA – HCL Nomad – mobile app for Android – HCL Nomad – mobile app for iOS/iPadOS – HCL Nomad Web (beta) – via Browser – HCL Verse – via Browser
  • 13. 5. Staying current with security updates (cont.) • Do you remember our first slide? • Available clients and latest releases – HCL Notes 11.0.1 FP2 SHF46 – Basic configuration – HCL Notes 11.0.1 FP2 SHF46 – Standard (incl. Eclipse) – HCL Notes 11.0.1 FP2 SHF46 – Standard (incl. Eclipse + Admin and/or Designer client) – HCL Client Application Access 3.0.3 – aka HCAA – HCL Nomad 1.0.15 20210219-1541 – mobile app for Android – HCL Nomad 1.0.11– mobile app for iOS/iPadOS – HCL Nomad Web (beta) – via Browser – HCL Verse 2.0.1 – via Browser
  • 14. 5. Staying current with security updates (cont.) • More security options – The newer the version, the more modern and better the security options and features • Vulnerability – The older the version, the higher the risk of being vulnerable – Check out this link (sorted in ascending order by date): https://support.hcltechsw.com/csm?id=kb_search&spa=1&language=en&u_document_type=Security%20B ulletin&kb_category=1ec026dc1b45730083cb86e9cd4bcb24
  • 15. 6. Authentication security • The following may sound silly, but – PLEASE use ID files protected with passwords – Use a Security-Policy to force password • expiration after xx days • complexity • Single Sign-On (SSO) may help here – Comfort combined with security – Notes Shared Login (NSL) • https://help.hcltechsw.com/domino/11.0.1/admin/conf_usingnotessharedlogintosuppresspasswordpr ompts_c.html – Notes Federated Login (NFL) • https://help.hcltechsw.com/domino/11.0.1/admin/secu_using_security_assertion_markup_language_saml _to_configure_federated_identity_authentication_t.html?hl=federated%2Clogin
  • 16. - Commercial break - All the 6 topics and more can be easily covered/solved/managed by
  • 17. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Q & A Join the conversation using #NotesDominoSecurity & @panagenda
  • 18. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Thank you! Join the conversation using #NotesDominoSecurity & @panagenda
  • 19. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Thank you! Join the conversation using #NotesDominoSecurity & @panagenda