I have a customer who is concerned about the possible security ramifications of leaving the server and configuration documents open to reader access. The customer has no Web or browser access and has tight controls over user ID's. The question is: What, if anything, do most administrators do to hide the server and configuration documents?
The original request from the customer was that I hide the entire configuration view in their Domino 6.5.2 directory. I am trying to write up a document explaining exactly what should be protected and why. Any comments would be greatly appreciated.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Notes users must have reader access to the names.nsf database in order to address their e-mail. In my opinion, allowing a valid internal user to SEE the server and configuration documents is not a problem. Of course, users should not be able to CHANGE names.nsf, but that is a separate question. The only security concern I can see with reading configuration documents is for a very sophisticated user who could use some information from the configuration to create a complex attack. This is possible, but not too likely in my opinion. Is there a particular attack that your customer is trying to prevent? Why doesn't he/she want users to see the configuration documents? If there is an easy attack in this way, please let me know. I'll learn something.
Do you have comments on this Ask the Expert question and response? Let us know.
Dig Deeper on Lotus Notes Domino User Settings
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in.continue reading
Learn how to change authentication timeout interval for Domino Web Access logins.continue reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.