Configuration documents and security risk
I have a customer who is concerned about the possible security ramifications of leaving the server and configuration documents open to reader access. The customer has no Web or browser access and has tight controls over user ID's. The question is: What, if anything, do most administrators do to hide the server and configuration documents?
The original request from the customer was that I hide the entire configuration view in their Domino 6.5.2 directory. I am trying to write up a document explaining exactly what should be protected and why. Any comments would be greatly appreciated.
Notes users must have reader access to the names.nsf database in order to address their e-mail. In my opinion, allowing a valid internal user to SEE the server and configuration documents is not a problem. Of course, users should not be able to CHANGE names.nsf, but that is a separate question. The only security concern I can see with reading configuration documents is for a very sophisticated user who could use some information from the configuration to create a complex attack. This is possible, but not too likely in my opinion. Is there a particular attack that your customer is trying to prevent? Why doesn't he/she want users to see the configuration documents? If there is an easy attack in this way, please let me know. I'll learn something.
Do you have comments on this Ask the Expert question and response? Let us know.
This was first published in November 2004