Lotus' Booth answers your ND6 security questions

SearchDomino.com featured Lotus' Pat Booth, security and directory product manager, in our recent Lotus Live! Series webcast "Security Directions: Notes/Domino 6 and beyond." ND6 offers a whole slew of new security features such as cryptography, security dialog, online certificate authority, password management and more. Here are some questions that Pat answered offline after the hour-long presentation. You can click here to view the entire webcast archive.

What kind of antivirus solution do you recommend for scanning attachments, and where do you recommend installing it? We have antivirus software on the server and the client, but we are concerned about users in kiosks.
We do not recommend a specific vendor. I suggest you look at the Lotus partners and see who offers antivirus products. Since they are partners, they have tested with our products and do have access to technical help from the Lotus development team. Does the NRPC protocol now support 128-bit encryption after the initial authentication or do we have to use port encryption?
Yes, it does support 128-bit encryption, but it is not automatic. You must check the box for 128-bit encryption. Are you going to have a deployment tool in ND6?
There are many tools in Notes/Domino 6. There is a Redbook, best practice information and migration information within the documentation, etc. There are additional tools within each of the feature sets. I would suggest you download the code and then look at the specific area for the new features within that area. Where is the feature for password synch between Notes and Internet passwords?
Admins can set it via policy Why doesn't the smart card allow roaming user access?
Roaming user access is not supported at this time. When Roaming user rolls out, and we begin to see how our customers use this feature, then we can prioritize features that will be added to follow on releases. This is our first step in the implementation of PKCS#11 (smart card support), and we plan to provide broader feature support. Are you considering using a multi-user password strategy for a "Super Admin" account, so that it would take two people to activate it, thus ensuring appropriate management approval?
Today, you can configure an ID that has two or more approvals, so this would be a way to do what you ask. We also recommend that the "super admin" have a separate ID that is different from the standard ID that the admin uses. All actions are being logged, so it would track to the specific "super admin" ID. Also can you speak on how to prevent system admins from having access to read users' mail? How can we administer IDs and passwords so admins can do their job but not be able to read user mail files?
If the admin group is added to the ACL of the user's mail, then they can read the mail. A way to prevent the admin from reading the mail would be to have the users encrypt their mail. Does ND6 handle two-character organization/certifiers? For instance, the government of Canada is represented as GC (i.e. GC/CA or GC.CA).
No, we do not support this.


The Best Web Links on Notes security

Discuss other related issues with your peers in Chuck Connell's Notes/Domino security forum

Dig Deeper on Lotus Notes Domino Administration Tools

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...