This article is aimed at readers who are new to Lotus Notes Domino and provides an overview of the encryption and privacy features within these products, with some links to further information at the end. All configuration information refers to the R6 version of Lotus Notes Domino. R7 is similar.
IBM Lotus has designed a variety of data-hiding features in Notes/Domino. Most of the features are arranged in a clean hierarchy, but a few overlap and offer competing alternatives. I will begin at the networking level, and then narrow in on individual data fields within a database.
Network traffic
If the data passed back and forth over your network is sensitive, you should encrypt data packets so that unwanted listeners cannot read the information as it zips by on the wire (or in the air).
For Notes-to-Domino sessions, you can use native network port encryption, which does exactly that. See Domino Administrator -> Server -> Status -> Tools -> Ports -> Setup.
For browser-to-Domino sessions, Domino supports the industry-standard HTTPS protocol, which achieves the same goal. See Domino Administrator -> Configuration -> Server -> All Server Documents -> server-name -> Ports \-> Internet Ports -> Web.
Server access
Once someone gains access to your network, you want to control access to individual servers. You might want to authorize a user to be able to read everything on Server A, but nothing on Server B. You can accomplish this through the Domino server access settings. See Domino Administrator -> Configuration -> Server -> All Server Documents -> server-name -> Security.
Database access
After a person gains valid access to a particular server, you can control which databases on that server a user can see, and what that person can do within those databases. The central mechanisms to control database access are access control lists (ACLs), which can be found within each database itself.
Open a database with Lotus Notes, then see File -> Database -> Access Control -> Basics. You also can see the same settings from Domino Administrator -> Files -> database-name -> Tools -> Database -> Manage ACL.
Database encryption
This is an additional layer of encryption that hides the text within a database (such as a mail file), in case someone gains access to your computer. A common situation is when users lose their laptops. The new owner has physical possession of a user's mail file, allowing him or her to read it easily.
Database encryption uses your Notes ID to encrypt the data, so the person holding a laptop would need to know the user's Notes ID password to read any mail. Open a database with Notes or Domino Administrator, and see File -> Database -> Properties -> Basic (first tab) -> Encryption Settings.
Document encryption
This is logically similar to database encryption, except it works per document. You choose which documents to encrypt out of a larger database that may not itself be encrypted. You must specify which fields within the documents receive the encryption (since you usually want some basic fields to say unencrypted).
You can encrypt documents either with a Notes ID or with separate secret encryption keys. To create secret encryption keys (from Notes) see File -> Security -> User Security -> Notes Data -> Documents. To encrypt documents see (from Notes) database-name -> select document -> File -> Document Properties -> Security (fourth tab).
Encrypted and signed mail
These two options deal specifically with mail messages. The first ensures that only intended recipient(s) can actually read mail . Someone else might gain access to a message, but he or she will not be able to read it without the Notes ID of the true recipient.
Signing a mail message assures the receiver that the message is not tampered with during transmission. Just like an ink signature, electronic mail signing proves you were the only person who edited the message. While composing an e-mail message, see Delivery Options -> Basic -> Sign & Encrypt.
For more information
Overview of Notes/Domino Security
Using Document/Field Encryption
Designing a Secure Domino Application
Enhancing e-mail Security with S/MIME
The official Notes 6 Help
The official Administrator 6 Help with a chapter on security
DominoSecurity.org
About the author: Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our tip contest and you could win a prize.
