Administrators who took a recent survey on SearchDomino.com ranked security as the biggest benefit of Domino s...
That comes as no surprise to Jens Bruntt, a senior consultant at Convergens and a long-time developer and infrastructure advisor of Notes/Domino projects, who says, "The way that Domino was made originally -- and then the way that foundation was built on -- has been very much superior to the somewhat comparable Microsoft products. It is my impression that the security model that is built into Domino is still much more robust than what is offered elsewhere."
Nevertheless, Domino servers are under attack every day. For instance, one problem that companies may face is the unauthorized use of their Domino SMTP servers as a launching pad for spam campaigns. If that kind of attack is successful, the company's mail relay servers will bog down, and, perhaps worse, the company may gain the reputation as a spammer, notes Alex Hernandez, director of advanced product development at CipherTrust, Inc. a provider of e-mail security and spam protection software.
Fortunately, such attacks are relatively easy to block. All an administrator needs to do is require authorization on the outgoing mail server. But even when a Domino server is set not to relay, it still has to generate bounced e-mail messages. "Notes routers are not very efficient on SMTP retries, which tend to bog down the services quite a bit," Hernandez said. CipherTrust's IronMail product line, he notes, validates the e-mail messages and recipients before even patching the message into Domino, enabling the server to perform at its peak.
Misunderstanding the settings in the server configuration doc is another way that some Domino administrators may leave themselves open to attacks. For instance, in the process of performing environmental health checks on Domino servers, Tim Speed, a certified senior IT architect with IBM Lotus, says he has come across "a surprising number" of systems that have been set to allow anonymous Notes access. That this happens so often is troublesome, he says, because the default settings are not set for anonymous access. In other words, allowing such access requires a deliberate act of changing the settings.
Domino servers used for remote computing also create problems. Although allowing remote workers to access their e-mail from a Web front end may be convenient, companies that do so open themselves to several kinds of attacks. How does a company avoid such security holes?
Chuck Connell, president of CHC-3 Consulting, a consulting firm specializing in software development, security and system management for Notes/Domino, has this piece of advice: "Do not put the Domino e-mail server on the web. In other words, do not enable webmail/iNotes at all. When webmail is enabled, you are inviting the whole world to try to read each mail file. If you must enable webmail, use a really good password for each webmail account. Each password should be unique and known only to that one user."
Another kind of attack directed at Web servers and iNotes-style webmail is directory traversal. Hackers get into the Web server and key in new links in an effort to find a back door into mail services and secure data, without having to go through an authorization page. To prevent this type of attack, administrators should configure their gateway so that users can only come in to certain directories from specified access and authorization pages.
Yet another precaution Domino administrators can take is giving only qualified security personnel the ability to make security changes. "Take advantage of the ND6 feature that lets you give Editor access to users rather than Manager access," says Andrew Pedisich, president of Technotics, Inc., a consulting firm specializing in Notes/Domino. "That way they won't be meddling in Access Control Lists (ACLs) and accidentally open their mail files to everyone."
Administrators may also want to minimize the amount of information a hacker can glean from exploring your e-mail system, says Kevin Beaver, founder and president of Principle Logic, LLC, an information security consulting firm. For example, he recommends that administrators disable the SMTP banner information, which means setting the notes.ini variable called SMTPGREETING to something very generic. He also suggests disabling the information available from the server in case it becomes compromised, such as minimizing the services/applications running and specifically securing the Domino Directory to contain the minimal amount of replica and object information to be functional.
It is also a good idea to limit the kinds of commands that can be executed, Beaver says, noting, "Administrators can also disable the EXPN and VRFY commands to prevent gleaning of user, group and mailing list information. These SMTP commands are disabled by default but could have been set inadvertently, leaving the system open to attack."
Beaver's final recommendation was that all Domino security personnel read the Lotus Security Handbook.
George Lawton is a freelance writer based in Brisbane, Calif.