SlideShare a Scribd company logo

Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server

panagenda
panagenda

Aufnahme: http://pan.news/20210420de Abstract: Server sind das Rückgrat Ihrer IT-Umgebung. Deren Sicherheit ist für jeden IT-Profi von größter Bedeutung. Besonders bei Servern mit Fernzugriff wird dies zu einer heiklen Angelegenheit. Es ist ein schmaler Grat zwischen der komfortablen Nutzung auf der einen Seite und dem Schutz gegen Angreifer auf der anderen Seite. Zu den Sicherheitsbedenken gehören die mangelnde physische Sicherheit von Geräten, die Verwendung ungesicherter Netzwerke, die ungewollte externe Verfügbarkeit interner Ressourcen und der unbefugte Zugriff aus dem eigenen Unternehmen. HCL Domino ist eine leistungsfähige und ausgereifte Serverplattform mit einem großen Funktionsumfang. Das macht sie zwar zu einer guten Wahl für viele Anwendungen, bedeutet aber auch, dass es viele potenzielle Möglichkeiten gibt, sich angreifbar zu machen. In diesem Webinar helfen Ihnen unsere Experten, jeden Aspekt der Absicherung Ihrer Domino-Umgebungen zu betrachten: • Lernen Sie die Grundlagen der Domino-Server-Sicherheit kennen • Beheben Sie Probleme mit der Standardkonfiguration und vermeiden Sie häufige Fallstricke • Sorgen Sie für einen sicheren Zugriff über Notes-Client, HTTP oder SMTP • Richten Sie eine Datenbank-Zugriffskontrolle für Ihre gesamte Infrastruktur ein • Schützen Sie Ihre Server vor internen Angriffen • Vermeiden Sie Schwachstellen, indem Sie Domino-Server und Betriebssystem auf dem neuesten Stand halten

Software
1 of 32
Download to read offline
Make Your Data Work For You Best Practices for HCL Notes/Domino Security Part 2: The Domino Server 20th April 2021
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Speakers Join the conversation using #NotesDominoSecurity & @panagenda
Agenda 1. Staying current with (security) updates 2. Domino Server Security Fundamentals (DSSF) 3. SMTP Security Settings (quick and dirty faultless) 4. Bonus: HTTP Security or how to get an A+ rating
Make Your Data Work For You 1. Staying current with (security) updates
1. Staying current with (security) updates • Current available and supported releases – Domino 11.0.1 FP3 (April 2021) • No EOL defined yet – Domino 10.0.1 FP6 (September 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697 – Domino 9.0.1 FP10 IF6 (August 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697
1. Staying current with (security) updates (cont.) • Fixes in HCL Notes/Domino 11.0.1 – Fix Pack 1 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0081088 – Fix Pack 2 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085207 – Fix Pack 3 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089555
1. Staying current with (security) updates (cont.) • System requirements for Domino 11.0.1 FP3 (OS) – Microsoft Windows • Windows Server 2012 R2 - 2019 – Linux • Red Hat Enterprise Linux (RHEL) Server 7.4+ & 8.x • SUSE Linux Enterprise Server (SLES) 12.0+ & 15.0+ • CentOS Server 7.4+ (EOL - 2024-06-30) & 8.x (EOL - 2021-12-21) – IBM AIX • AIX 7.2 TL1+ – IBMi • IBM i v7 r2, r3 & r4 (on IBM Power 8 & 9) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077033
Make Your Data Work For You 2. Domino Server Security Fundamentals (DSSF)
2. DSSF - Secure client-server communication • NRPC port settings – NRPC = Notes remote procedure call – Port 1352 – Port settings in notes.ini • Ports=TCPIP • TCPIP = TCP,0,15,0,,45056, → with encryption only • TCPIP = TCP,0,15,0,,45088, → with encryption & compression • TCPIP = TCP,0,15,0,,12288, → DEFAULT - without encryption & compression
2. DSSF - Secure client-server communication (cont.) • Legacy/Default port encryption for Notes/Domino (up to 11.0.1) – RC4 128Bit (Rivest Cipher 4) – Use notes.ini entry LOG_AUTHENTICATION=1 to see this on the console: – Starting with HCL Domino v12 the new default is → AES-GCM 256Bit • Best practice settings for port encryption on Domino server >= 9.0.1 Fix Pack 7 – notes.ini → PORT_ENC_ADV=84 (AES-GCM 128Bit) • See the following Technote for details and read before you use the parameter: – https://help.hcltechsw.com/domino/11.0.1/admin/conf_port_enc_adv_r.html
2. DSSF – Take care about webadmin.nsf • You can either – Remove the webadmin.nsf from all your servers OR – You must take care of the ACL • This DB will no longer be distributed with Domino v12 and higher
2. DSSF – ACL (Anonymous & -Default- entries) • ACL (Access Control List) – -Default- access will be granted/used for every authenticated user which is not part of ACL (either directly or using a group or wildcard entry) – Anonymous access will be granted/used for every non-authenticated user (web access) – If there is no Anonymous entry in the ACL, Domino will automatically use the -Default- entry for non- authenticated users – See the following two links to get more information: https://help.hcltechsw.com/domino/11.0.0/conf_anonymousinternetintranetaccess_c.html https://help.hcltechsw.com/domino/11.0.0/conf_validationandauthenticationforinternetintranetclien_c.ht ml?hl=anonymous%2Cacl
2. DSSF – ACL (Anonymous & -Default- entries) (cont.)
2. DSSF – Server Document → Internet Ports • Be aware of open and non-used ports (disable them) – Example: If you don’t want to use the HTTP/LDAP/SMTP/IMAP/POP3/DIIOP service on a server, ensure that those ports are disabled in the Server Document(s)
2. DSSF – Server Document → Internet Ports (cont.)
2. DSSF – SSL/TLS (X.509) is not optional! • Ensure that you always use secured connections from/to your Domino Servers (including internal connections) – The following link will help you to set up SSL on Domino servers: https://help.hcltechsw.com/domino/11.0.1/admin/conf_settingupsslonadominoserver_t.html
2. DSSF – SSL/TLS (X.509) is not optional! (cont.)
POLL Do/Would you use encrypted databases on your Domino Servers?
Make Your Data Work For You 3. SMTP Security Settings (quick and dirty faultless)
3. SMTP Security Settings (quick and dirty faultless) a) SMTP Port settings (Server document) – Inbound → only “Enabled” – Outbound → “Enabled” & “Negotiated TLS/SSL”
3. SMTP Security Settings (quick and dirty faultless) (cont.) b) SMTP Port settings (Configuration document) - Inbound − Inbound → “TLS/SSL negotiated over TCP/IP port” → “Enabled”
3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Relay security (Configuration document)
3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Inbound security (Configuration document)
3. SMTP Security Settings (quick and dirty faultless) (cont.) • What about non-encrypted connections (outbound only)? – You can configure fallback to non-TLS using the following notes.ini entry: RouterFallbackNonTLS=1 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0079251 • Verify if sender == authenticated user (optional) – You can configure this using the following notes.ini entry: SMTPVerifyAuthenticatedSender=1 https://ds_infolib.hcltechsw.com/ldd/dominowiki.nsf/dx/SMTPVerifyAuthenticatedSender
Make Your Data Work For You 4. Bonus: HTTP Security or how to get an A+ rating
4. Bonus: HTTP Security or how to get an A+ rating
4. Bonus: HTTP Security or how to get an A+ rating (cont.) a) Always use the latest available version of Domino (incl. FPs) – Domino 11.0.1 FP3 – Domino 10.0.1 FP6 – Domino 9.0.1 FP10 IF6 b) Disable outdated SSL/TLS protocols using the following notes.ini entries: – SSL_Disable_TLS10=1 → TLS 1.0 will automatically give you a B rating (since Jan. 2020) – DISABLE_SSLV3=1 → this should not be needed any longer, since SSL v3 should be disabled by default
4. Bonus: HTTP Security or how to get an A+ rating (cont.) c) Select only the modern SSL ciphers (see screenshot) in your – Server Document(s) – Web Site Document(s)
4. Bonus: HTTP Security or how to get an A+ rating (cont.) d) Configure the HTTP Strict Transport Security (HSTS) using the following notes.ini entries (or using Web Site Document if used): – HTTP_HSTS_INCLUDE_SUBDOMAINS=1 – HTTP_HSTS_MAX_AGE=31536000 See here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0074868
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Speakers Join the conversation using #NotesDominoSecurity & @panagenda
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Q & A

Recommended

HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview hemantnaik
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino AdminblastGabriella Davis
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning Vladislav Tatarincev
 
RNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientRNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientChristoph Adler
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
Improving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsImproving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsVinayak Tavargeri
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsAles Lichtenberg
 

Recommended

HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview hemantnaik
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostChristoph Adler
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino AdminblastGabriella Davis
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning Vladislav Tatarincev
 
RNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientRNUG - Dirty Secrets of the Notes Client
RNUG - Dirty Secrets of the Notes ClientChristoph Adler
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesHoward Greenberg
 
Improving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsImproving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsVinayak Tavargeri
 
HCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsHCL Sametime V11 installation - tips
HCL Sametime V11 installation - tipsAles Lichtenberg
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin TipsGabriella Davis
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingjayeshpar2006
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf Ales Lichtenberg
 
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtsZusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtspanagenda
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsGabriella Davis
 
dominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptxdominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptxUlrich Krause
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012BCC - Solutions for IBM Collaboration Software
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
June OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerJune OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerHoward Greenberg
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and ManagingGabriella Davis
 
JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!NerdGirlJess
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
 
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notesHow to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notesandrewscott01
 
Daos
DaosDaos
DaosUlrich Krause
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...Ales Lichtenberg
 
HCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for DummiesHCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenpanagenda
 
HTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoHTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoGabriella Davis
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideRapidSSLOnline.com
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientChristoph Adler
 

More Related Content

What's hot

Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingjayeshpar2006
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf Ales Lichtenberg
 
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtsZusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtspanagenda
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsGabriella Davis
 
dominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptxdominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptxUlrich Krause
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM DominoJared Roberts
 
June OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerJune OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerHoward Greenberg
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesChristoph Adler
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and ManagingGabriella Davis
 
JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!NerdGirlJess
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...Howard Greenberg
 
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notesHow to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notesandrewscott01
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...Ales Lichtenberg
 
HCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for DummiesHCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenpanagenda
 
HTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoHTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoGabriella Davis
 

What's hot (20)

60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routing
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
 
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehtsZusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
Zusammenführung von HCL Nomad Web und Domino ohne SafeLinx - So gehts
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
 
dominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptxdominocamp2022.t1s1.dde.pptx
dominocamp2022.t1s1.dde.pptx
 
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
Deep Dive AdminP Process - Admin and Infrastructure Track at UKLUG 2012
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
 
June OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerJune OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification Manager
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
 
Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
 
JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!JMP105 - "How Stuff Works" - Domino Style!
JMP105 - "How Stuff Works" - Domino Style!
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
 
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notesHow to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
How to fix ‘database is corrupt: cannot allocate space’ error in lotus notes
 
Daos
DaosDaos
Daos
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
 
HCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for DummiesHCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for Dummies
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
 
HTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoHTTP - The Other Face Of Domino
HTTP - The Other Face Of Domino
 

Similar to Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server

Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideRapidSSLOnline.com
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientChristoph Adler
 
I notes and sametime integration open mic_2013
I notes and sametime integration open mic_2013I notes and sametime integration open mic_2013
I notes and sametime integration open mic_2013Ranjit Rai
 
Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...
Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...
Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...panagenda
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share.Gastón. .Bx.
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open micRahul Kumar
 
From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...
From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...
From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...panagenda
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client
Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-ClientBewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client
Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Clientpanagenda
 
Engage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance BoostEngage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance BoostChristoph Adler
 
Engage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance BoostEngage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance Boostpanagenda
 
engage 2019 Workshop - Dirty Secrets of the Notes Client
engage 2019 Workshop - Dirty Secrets of the Notes Clientengage 2019 Workshop - Dirty Secrets of the Notes Client
engage 2019 Workshop - Dirty Secrets of the Notes ClientChristoph Adler
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostChristoph Adler
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailrinnocente
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...Luis Benitez
 
Windows 2012 server
Windows 2012 serverWindows 2012 server
Windows 2012 serverJaffer Haadi
 
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...panagenda
 

Similar to Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server (20)

Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
 
CollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes ClientCollabSphere 2019 - Dirty Secrets of the Notes Client
CollabSphere 2019 - Dirty Secrets of the Notes Client
 
I notes and sametime integration open mic_2013
I notes and sametime integration open mic_2013I notes and sametime integration open mic_2013
I notes and sametime integration open mic_2013
 
Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...
Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...
Von A bis Z-itrix: Installieren Sie den stabilsten und schnellsten HCL Notes-...
 
Lab08Email
Lab08EmailLab08Email
Lab08Email
 
AIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge ShareAIX Advanced Administration Knowledge Share
AIX Advanced Administration Knowledge Share
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open mic
 
From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...
From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...
From A to Z-itrix: Setting up the most stable and fastest HCL Notes client on...
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client
Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-ClientBewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client
Bewährte Praktiken für HCL Notes/Domino-Sicherheit Teil 1: Der Notes-Client
 
Engage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance BoostEngage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance Boost
 
Engage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance BoostEngage 2020 - HCL Notes V11 Performance Boost
Engage 2020 - HCL Notes V11 Performance Boost
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
engage 2019 Workshop - Dirty Secrets of the Notes Client
engage 2019 Workshop - Dirty Secrets of the Notes Clientengage 2019 Workshop - Dirty Secrets of the Notes Client
engage 2019 Workshop - Dirty Secrets of the Notes Client
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated email
 
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What...
 
Windows 2012 server
Windows 2012 serverWindows 2012 server
Windows 2012 server
 
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
CollabSphere 2020: INF111 - Virtual, Faster, Better! How to deploy HCL Notes ...
 

More from panagenda

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulpanagenda
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clientspanagenda
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14panagenda
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenpanagenda
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Zpanagenda
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothlypanagenda
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Webpanagenda
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomadpanagenda
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftpanagenda
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltagpanagenda
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomadpanagenda
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenpanagenda
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshootingpanagenda
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummiespanagenda
 
The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?panagenda
 
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe NotAre Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Notpanagenda
 
All You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit ClientsAll You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit Clientspanagenda
 

More from panagenda (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successful
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clients
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssen
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothly
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Web
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafft
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomad
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshooting
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummies
 
The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?
 
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe NotAre Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
 
All You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit ClientsAll You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit Clients
 

Recently uploaded

Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 

Recently uploaded (20)

Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 

Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server

  • 1. Make Your Data Work For You Best Practices for HCL Notes/Domino Security Part 2: The Domino Server 20th April 2021
  • 2. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Speakers Join the conversation using #NotesDominoSecurity & @panagenda
  • 3. Agenda 1. Staying current with (security) updates 2. Domino Server Security Fundamentals (DSSF) 3. SMTP Security Settings (quick and dirty faultless) 4. Bonus: HTTP Security or how to get an A+ rating
  • 4. Make Your Data Work For You 1. Staying current with (security) updates
  • 5. 1. Staying current with (security) updates • Current available and supported releases – Domino 11.0.1 FP3 (April 2021) • No EOL defined yet – Domino 10.0.1 FP6 (September 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697 – Domino 9.0.1 FP10 IF6 (August 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697
  • 6.
  • 7. 1. Staying current with (security) updates (cont.) • Fixes in HCL Notes/Domino 11.0.1 – Fix Pack 1 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0081088 – Fix Pack 2 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085207 – Fix Pack 3 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089555
  • 8. 1. Staying current with (security) updates (cont.) • System requirements for Domino 11.0.1 FP3 (OS) – Microsoft Windows • Windows Server 2012 R2 - 2019 – Linux • Red Hat Enterprise Linux (RHEL) Server 7.4+ & 8.x • SUSE Linux Enterprise Server (SLES) 12.0+ & 15.0+ • CentOS Server 7.4+ (EOL - 2024-06-30) & 8.x (EOL - 2021-12-21) – IBM AIX • AIX 7.2 TL1+ – IBMi • IBM i v7 r2, r3 & r4 (on IBM Power 8 & 9) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077033
  • 9. Make Your Data Work For You 2. Domino Server Security Fundamentals (DSSF)
  • 10. 2. DSSF - Secure client-server communication • NRPC port settings – NRPC = Notes remote procedure call – Port 1352 – Port settings in notes.ini • Ports=TCPIP • TCPIP = TCP,0,15,0,,45056, → with encryption only • TCPIP = TCP,0,15,0,,45088, → with encryption & compression • TCPIP = TCP,0,15,0,,12288, → DEFAULT - without encryption & compression
  • 11. 2. DSSF - Secure client-server communication (cont.) • Legacy/Default port encryption for Notes/Domino (up to 11.0.1) – RC4 128Bit (Rivest Cipher 4) – Use notes.ini entry LOG_AUTHENTICATION=1 to see this on the console: – Starting with HCL Domino v12 the new default is → AES-GCM 256Bit • Best practice settings for port encryption on Domino server >= 9.0.1 Fix Pack 7 – notes.ini → PORT_ENC_ADV=84 (AES-GCM 128Bit) • See the following Technote for details and read before you use the parameter: – https://help.hcltechsw.com/domino/11.0.1/admin/conf_port_enc_adv_r.html
  • 12. 2. DSSF – Take care about webadmin.nsf • You can either – Remove the webadmin.nsf from all your servers OR – You must take care of the ACL • This DB will no longer be distributed with Domino v12 and higher
  • 13. 2. DSSF – ACL (Anonymous & -Default- entries) • ACL (Access Control List) – -Default- access will be granted/used for every authenticated user which is not part of ACL (either directly or using a group or wildcard entry) – Anonymous access will be granted/used for every non-authenticated user (web access) – If there is no Anonymous entry in the ACL, Domino will automatically use the -Default- entry for non- authenticated users – See the following two links to get more information: https://help.hcltechsw.com/domino/11.0.0/conf_anonymousinternetintranetaccess_c.html https://help.hcltechsw.com/domino/11.0.0/conf_validationandauthenticationforinternetintranetclien_c.ht ml?hl=anonymous%2Cacl
  • 14. 2. DSSF – ACL (Anonymous & -Default- entries) (cont.)
  • 15. 2. DSSF – Server Document → Internet Ports • Be aware of open and non-used ports (disable them) – Example: If you don’t want to use the HTTP/LDAP/SMTP/IMAP/POP3/DIIOP service on a server, ensure that those ports are disabled in the Server Document(s)
  • 16. 2. DSSF – Server Document → Internet Ports (cont.)
  • 17. 2. DSSF – SSL/TLS (X.509) is not optional! • Ensure that you always use secured connections from/to your Domino Servers (including internal connections) – The following link will help you to set up SSL on Domino servers: https://help.hcltechsw.com/domino/11.0.1/admin/conf_settingupsslonadominoserver_t.html
  • 18. 2. DSSF – SSL/TLS (X.509) is not optional! (cont.)
  • 19. POLL Do/Would you use encrypted databases on your Domino Servers?
  • 20. Make Your Data Work For You 3. SMTP Security Settings (quick and dirty faultless)
  • 21. 3. SMTP Security Settings (quick and dirty faultless) a) SMTP Port settings (Server document) – Inbound → only “Enabled” – Outbound → “Enabled” & “Negotiated TLS/SSL”
  • 22. 3. SMTP Security Settings (quick and dirty faultless) (cont.) b) SMTP Port settings (Configuration document) - Inbound − Inbound → “TLS/SSL negotiated over TCP/IP port” → “Enabled”
  • 23. 3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Relay security (Configuration document)
  • 24. 3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Inbound security (Configuration document)
  • 25. 3. SMTP Security Settings (quick and dirty faultless) (cont.) • What about non-encrypted connections (outbound only)? – You can configure fallback to non-TLS using the following notes.ini entry: RouterFallbackNonTLS=1 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0079251 • Verify if sender == authenticated user (optional) – You can configure this using the following notes.ini entry: SMTPVerifyAuthenticatedSender=1 https://ds_infolib.hcltechsw.com/ldd/dominowiki.nsf/dx/SMTPVerifyAuthenticatedSender
  • 26. Make Your Data Work For You 4. Bonus: HTTP Security or how to get an A+ rating
  • 27. 4. Bonus: HTTP Security or how to get an A+ rating
  • 28. 4. Bonus: HTTP Security or how to get an A+ rating (cont.) a) Always use the latest available version of Domino (incl. FPs) – Domino 11.0.1 FP3 – Domino 10.0.1 FP6 – Domino 9.0.1 FP10 IF6 b) Disable outdated SSL/TLS protocols using the following notes.ini entries: – SSL_Disable_TLS10=1 → TLS 1.0 will automatically give you a B rating (since Jan. 2020) – DISABLE_SSLV3=1 → this should not be needed any longer, since SSL v3 should be disabled by default
  • 29. 4. Bonus: HTTP Security or how to get an A+ rating (cont.) c) Select only the modern SSL ciphers (see screenshot) in your – Server Document(s) – Web Site Document(s)
  • 30. 4. Bonus: HTTP Security or how to get an A+ rating (cont.) d) Configure the HTTP Strict Transport Security (HSTS) using the following notes.ini entries (or using Web Site Document if used): – HTTP_HSTS_INCLUDE_SUBDOMAINS=1 – HTTP_HSTS_MAX_AGE=31536000 See here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0074868
  • 31. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Marc Thomas @IAM_Mthomas Senior Consultant panagenda Speakers Join the conversation using #NotesDominoSecurity & @panagenda
  • 32. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Q & A