I hope you are well. We are dealing with infrastructure issues relating to the World Trade Center disaster. I need your advice, I hope you do not mind.
Currently, we have a Domino Webmail server on our internal network segment. It is accessible from the internet via reverse proxy server (SSL is installed there). The server is running Domino R508 with HTTP, RSA ACE 1.0 for Lotus Notes, and NT4 with SP5.
The security controls that we implemented were dictated by our parent company. We purchased an SSL key, each user has an ACE SecurID, and they are required to supply their Lotus Notes Internet password.
1) We are leaving our parent company soon and our management needs to understand why SSL is not enough security. For example, we use SSL to connect to our financial institutions and shopping sites, yet we require additional security (ACE) to access e-mail. They need to understand why.
2) Personally, I like the fact that the users need to supply a PIN, a randomly generated number, and their Internet password. Considering e-mail is the easiest way to introduce a virus into our infrastructure, I prefer to be as secure as possible.
3) How do you suggest we reconfigure our Webmail service? Do you think it is a good idea to put the server on our DMZ or a private DMZ? Do we drop the reverse proxy server and just install SSL on the Webmail server? Do you have any other advice?
I will apreciate any information you can share with me.
Here is an answer supplied by Frederic Dahm of Lotus, who helps us out from time to time. I hope your family and friends are all OK.
I read this and the comment that I can make is that whether something affords enough security or not is entirely predicated on the Security Policy.
Simply put, the Security Policy outlines two basic things. First, a statement of sensitivity that will outline the sensitivity of the information processed by the information systems (which would point which information requires protection), including costs of disclosure/corruption/destruction of this information. Second, a threat and risk assessment that will outline in what manner this information could potentially be compromised and the possible attacks. The security policy is something that should be supported and signed off by upper management.
This said, to convince their managers, they only have to provide them with the company's security policy.
Specifically to the questions asked:
1) Depending on the security policy, I think that SSL is secure enough. SSL's security varies whether you are implementing client certificates or not. If client certificates are not used, then its security is lessened, because only the server's identity is really accounted for and not the user's. SSL with client certificate is only slightly less secure than server-side SSL with a SecurID token (used in conjunction with RSA Security's ACE/Server for Domino). The extra gain in security comes from the fact that with the SecurID token you are engaging in multifactor authentication, which is basically the need to provide two sets of credentials: user ID/password and the SecurID passcode. This makes it more secure, since it is based on a time-critical shared secret between the client and the server.
Point in case: Royal bank believes that SSL plus a special ID and password are enough to secure the access to my financial information from the Internet. I would tend to agree with that, since all that one can do is transfer money from one account to another and check balances. So the risk is not high (the main risk here is the disclosure of financial information) and consequently, the security is in consequence. Credit Suisse, however, permits me to do more and thus, they have sent me (free of charge) a SecurID token to use when logging on to their systems. I can perform transfers to other bank accounts (at the Credit Suisse or not) while logged in and thus, since the risk is greater, so are the defenses.
2) Authentication will not prevent viruses from being sent inbound to the organization. What is being done is better authentication coupled with session encryption. Given the nature of a mail virus, it can bypass both.
3) I don't have much in terms of details regarding their firewall infrastructure. Seems to me, off the cuff like this, that a good implementation would be to let WebMail traffic through the outside boundary firewall to a Reverse Proxy server in the DMZ (this would protect to a certain degree the Reverse Proxy Server. The WebMail server would then be inside the corporate network. Aside for that, I would refer to the Security Policy to better define what security services to apply in this new configuration.
There are also other solutions, such as VPNs and passthru server for Notes clients. Again, this is determined on the Security Policy and the services they want to provide to their user population needing access to data outside the corporate network.
Dig Deeper on Domino Resources
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.