I would like to bullet proof the NAB(Domino Directory) to keep unauthorized users from accessing it and making changes. What steps would you recommend to address this?
The standard approach is to set Default=NoAccess, Anonymous=NoAccess, allow Reader access only to groups of known employees, allow Editor access only to a small group of people who must make changes to the NAB, and allow Manager access only to a VERY small group of people (and servers) whom you trust.
Also use high-quality passwords, enable server-side password checking, enable server-side public key checking, and force people to change passwords every 90 days or so.
This was first published in September 2001