SlideShare una empresa de Scribd logo

Lotus Security Part II

Sanjaya K Saxena
Sanjaya K Saxena

Building Rock Solid Lotus Domino Security Part II - Security Policy & Infrastructure Security

Tecnología
1 de 42
Lotus Domino Building Rock Solid Security Part - II © Sanjaya Kumar Saxena
Defining Security Policy Basic Methodology Know Your Business Needs Identify and inventory assets and threats POLICY Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis eleifend ornare nisi, id pellentesque nunc luctus vitae. Proin erat sem, mattis sit amet dapibus pulvinar, tempus id diam. Morbi non nisl ante, vel euismod tortor. Curabitur rhoncus tellus a felis rutrum vel luctus erat laoreet. Nunc non lobortis Develop a policy for Operations, Monitoring & Upgrade turpis. Nam ultrices, nulla in sodales semper, turpis risus cursus orci, ac posuere mauris sapien quis diam. Phasellus gravida dapibus interdum. Aliquam erat volutpat. Donec eget massa vitae tortor faucibus congue sed sed justo. Curabitur elementum enim quis sem fringilla pulvinar. Proin sit amet augue sed urna euismod congue eget id mi. In elit nisi, of Infrastructure from Security perspective posuere non malesuada a, aliquam eget enim. Aenean scelerisque velit ut nisi consectetur a consequat magna viverra. Quisque vel lorem sit amet eros dignissim lobortis. Maece- nas quis nisl tortor, eu bibendum nunc. Fusce vitae felis ut tortor commodo tempus. Curabitur ligula lorem, blandit nec feugiat in, ultricies in nibh. Morbi iaculis eleifend porttitor. Cras eget purus diam. Quisque posuere accumsan felis vel tristique. Communicate Security Policy to Employees, including necessary training Enforce Policy Learn and Improve © Sanjaya Kumar Saxena
Know Your Business Needs Integrity, Accuracy and Safeguarding the Organization's Information Assets Availability of Critical Assets Lowering the Threats and Risks possible to the Information Assets Necessary confidentiality of the Critical Assets Regulatory Compliance as required by the Law of the Land © Sanjaya Kumar Saxena
Identify and Inventory Assets & Threats Assets Servers Applications Data DNSBL Queries DOS Unauthorized Access Risk Analysis Asset Threat Probability Impact Exposure=pxi © Sanjaya Kumar Saxena
Develop Security Policy Risk Analysis helps develop Security Policy Each policy must have a corresponding process POLICY PROCESS High Quality Passwords to Run dictionary attack once every month be used by every user Train new employees on how to create easy-to- remember quality passwords Configure Domino password policy POLICY Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis eleifend ornare nisi, id pellentesque nunc luctus vitae. Proin erat sem, mattis sit amet dapibus pulvinar, tempus id diam. Morbi non nisl ante, vel euismod tortor. Curabitur rhoncus tellus a felis rutrum vel luctus erat laoreet. Nunc non lobortis turpis. Nam ultrices, nulla in sodales semper, turpis risus cursus orci, ac posuere mauris sapien quis diam. Phasellus gravida dapibus interdum. Aliquam erat volutpat. Donec eget massa vitae tortor faucibus congue sed sed justo. Curabitur elementum enim quis sem fringilla pulvinar. Proin sit amet augue sed urna euismod congue eget id mi. In elit nisi, posuere non malesuada a, aliquam eget enim. Aenean scelerisque velit ut nisi consectetur a consequat magna viverra. Quisque vel lorem sit amet eros dignissim lobortis. Maece- nas quis nisl tortor, eu bibendum nunc. Fusce vitae felis ut tortor commodo tempus. Curabitur ligula lorem, blandit nec feugiat in, ultricies in nibh. Morbi iaculis eleifend porttitor. Cras eget purus diam. Quisque posuere accumsan felis vel tristique. © Sanjaya Kumar Saxena
Develop Security Policy Essential Processes: Develop Monitoring Process Develop Incident Develop Configuration Management Process Management Process POLICY Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis eleifend ornare nisi, id pellentesque nunc luctus vitae. Proin erat sem, mattis sit amet dapibus pulvinar, tempus id diam. Morbi non nisl ante, vel euismod tortor. Curabitur rhoncus tellus a felis rutrum vel luctus erat laoreet. Nunc non lobortis turpis. Nam ultrices, nulla in sodales semper, turpis risus cursus orci, ac posuere mauris sapien quis diam. Phasellus gravida dapibus interdum. Aliquam erat volutpat. Donec eget massa vitae tortor faucibus congue sed sed justo. Curabitur elementum enim quis sem fringilla pulvinar. Proin sit amet augue sed urna euismod congue eget id mi. In elit nisi, posuere non malesuada a, aliquam eget enim. Aenean scelerisque velit ut nisi consectetur a consequat magna viverra. Quisque vel lorem sit amet eros dignissim lobortis. Maece- nas quis nisl tortor, eu bibendum nunc. Fusce vitae felis ut tortor commodo tempus. Curabitur ligula lorem, blandit nec feugiat in, ultricies in nibh. Morbi iaculis eleifend porttitor. Cras eget purus diam. Quisque posuere accumsan felis vel tristique. © Sanjaya Kumar Saxena
Domino Security Infrastructure Perspective © Sanjaya Kumar Saxena
Domino Security Model Network Firewalls IPs SSL Work Station Server ECL Work Station Ports Java Applet OS Domino Server Servers Java Script Handling Patches ACL Services Access Privilege ACL Design Elements Documents Forms Encryption Key Views Reader/Author Field Folders Who can read this Fields Doc. © Sanjaya Kumar Saxena
Secure Messaging E-mails by default travel in clear text over the network E-mails are normally transported in plain text over the network including the internet. This makes e- mails vulnerable to packet sniffing. The simple way to protect e-mails being read on over the wire is to encrypt the mail traffic. Any standard sniffer can intercept mail contents By default, contents are also stored in clear text To prevent unauthorized access to e-mails from unauthorized access, it is a good idea to store encrypted e-mails rather then in clear text. © Sanjaya Kumar Saxena
Secure Mail Transmission Network Port Encryption Applicable in Domino Environment SMTP over SSL Transport Layer Security © Sanjaya Kumar Saxena
Network Port Encryption Admin Client > Configuration > Server > Set Up Port By default the communication between domino servers or between the notes client and domino server is in clear and therefore can be easily sniffed. Domino port encryption allows the network traffic to be encrypted. This is the best way to secure all in communication between Domino Servers & Notes Clients. © Sanjaya Kumar Saxena
SMTP over SSL Using SMTP over SSL, you can encrypt traffic between non-Domino servers over the internet using port 465. However, this is not the popular mechanism in use. © Sanjaya Kumar Saxena
Transport Layer Security Transport Layer Security (TLS) is similar to SMTP over SSL except that the encrypted session is initiated over the normal SMTP port i.e. 25. Most mailing server prefer to use TLS. Use ‘Enable’, TLS will be used when other server supports Enable SMTP over SSL © Sanjaya Kumar Saxena
Advanced Secure Mail Transmission Exchange Encrypted Messages Use Custom Solution © Sanjaya Kumar Saxena
Exchange Encrypted Message © Sanjaya Kumar Saxena
Custom Solution Partner Mail Servers Users Mail Server Hosts Partners’ Mailboxes Uses Directory Assistance Separate Domain Uses Partner ID hosted on Partner Mail Server Runs https Leverages New Mail Agent © Sanjaya Kumar Saxena
SMTP Best Practice Access Control & Firewall Firewall Firewall Dedicated SMTP/LPAP Mail Servers Anti-Spam Servers SMTP NRPC INTERNET Enable only SMTP Port SECURE Run only SMTP & NETWORK essential tasks Modify SMTP Server Greeting Use Different Domain Use Extended Directory © Sanjaya Kumar Saxena
What is Spam? An abuse of Electronic Messaging to send Unsolicited Bulk messages (*wikipedia) Various Types: E-mail Spam: Most Popular Search Engine Spam IM Spam Online Ads Forums, Blogs, Wiki, etc. © Sanjaya Kumar Saxena
E-mail Spam Also known as Junk E-mail Unsolicited Bulk E-mail Comes in fancy wrappers Users Say: I can't define it, but I know it when I see it We don’t want it, Users don’t want it … but we still get it … © Sanjaya Kumar Saxena
Some Facts related to Spam Approx 200 billion Spam messages are generated per day About 80% of all spam is sent by fewer than 200 spammers 2008 was one of the Lucky years, One ISP (McColo) shutdown brought the SPAM e-mail down by around 50% Only that this was short lived ! © Sanjaya Kumar Saxena
Spam-related Trends The following tables show the top10 domains Spammers used in 2008 © Sanjaya Kumar Saxena
Spam-related Trends The following tables show the top10 Top Level domains Spammers used in 2008 © Sanjaya Kumar Saxena
Spam-related Trends .CN seems to be on rise Applicable in Domino Environment More than 97% of Spam URLs are up for a week or less Random.com © Sanjaya Kumar Saxena
Spammer Techniques E-Mail Harvesting Mail Sender Spoofing E-Mail Validation Directory Attack Open Relay Friendly ISPs (Remember McColo case) Fake Received Header Phishing © Sanjaya Kumar Saxena
Avoiding Spam Avoiding becoming a target in the first place (best of all) Using an outside mail filtering service (Third Party) Dealing with spam internally at the server and/or user level © Sanjaya Kumar Saxena
Preventing Spam Avoiding Spam User Education through E-mail, Security Policy Prevent “Harvesting” Clear distinction while using Official / Personal e-mail ID Avoid your web pages being indexed by search engines Create Free / Temp e-mail addresses and discard after usage Third Party As Software (Trend Micro, Symantec …) As Hardware (Ironport, Baracuda …) As Service (Postini, Yahoo …) Most appealing but Possible issues Availability, TCO and Control © Sanjaya Kumar Saxena
Preventing Spam Blocking at Server and User Level Is used even after Third Party, to prevent “False Positives” Prevents Mail Clutter Primarily achieved through Better Architecture Server Configurations Mail Rules Need to understand Load patterns © Sanjaya Kumar Saxena
Preventing Spam Access Control & Firewall Firewall Firewall THE ENTERPRISE Dedicated SMTP/LPAP INTERNET Mail Servers Anti-Spam Servers Users Spam Mail Percentage Reduction © Sanjaya Kumar Saxena
Preventing Spam Server-level Configurations Block Open Relays (Domino does it by default) Additional Relay Controls in Server Configuration Document Use in-bound intended recipients Verify that Local Domain recipient exists in the Domino directory Address Look-up: Full Name only Whitelist and Blacklist Control Inbound Connection Controls (Reverse DNS Look-up), Server Controls Mailbox Configuration - Held/Dead Messages Logging Level Use Extended SMTP Commands SSL is a good option © Sanjaya Kumar Saxena
Preventing Spam Server-level Mail Rules Computers need much more than.. “I can’t define it, but I know when I see it.” You need to define it Identify Patterns Mail and User Behavior Check logs regularly Keep abreast with latest trends © Sanjaya Kumar Saxena
Domino Domain Monitoring Pre-configured monitoring capabilities via Single interface to view multiple servers across domains. © Sanjaya Kumar Saxena
DDM Security Probes A probe is a discrete check, or set of checks, configured to run against one or more servers, databases, and services. The probe returns status and server health information to DDM.NSF SECURITY PROBE DESCRIPTION Compares a set of baseline security configuration settings to the same settings in a domain. This probe is a "Best Practices" security audit of the domain. Best Practices Note To create your own Best Practices probe, modify the security configuration settings on the Specifics tab. Compares settings in a specific Server document to settings in a Configuration specified "good" Server document. Any discrepancy generates an event. Monitors the access control privileges that groups and individuals Database ACL have in specified databases on the server running the probe. You designate the acceptable access levels on the Specifics tab. Reviews the security properties for a specified database and Database Review generates a report on the probe findings. Generates a report on the security settings specified in the Specifics tab of the Probe document. You have the option of Review selecting the "Directory Profile Note" and the "Security settings in my configuration document" options if you want the settings in those documents reviewed by the probe. © Sanjaya Kumar Saxena
DDM Web Probes WEB PROBE NAMES DESCRIPTION Reviews Web server configuration values on specified servers Best Practices against a set of predefined values. Performs a comparison of Web server configuration values on Configuration specified servers against the same values for a known good server or guideline server. © Sanjaya Kumar Saxena
Workstation Security Execution Control List Defines various actions allowed in: Notes Workstation Java Applets Java Script © Sanjaya Kumar Saxena
ECL has has Notes DB Signature User ECL has corresponds to ECL Signature Policy enforces uniform ECL © Sanjaya Kumar Saxena
Sample ECL © Sanjaya Kumar Saxena
Access Control Mechanisms Notes ID File Management ACL and Groups © Sanjaya Kumar Saxena
Notes ID Management Define a Naming Convention Define Storage and Back-up Mechanism Consider Password Recovery Define default password generation method Define ID file distribution mechanism © Sanjaya Kumar Saxena
How is ACL enforced? Direct user entry takes precedence over group membership Always the highest access level right applies All the roles and access flags are added for all matching entries User is listed as author with delete option and listed as editor without delete he will be able to delete all documents © Sanjaya Kumar Saxena
ACL Best Practices Anonymous access to database must be avoided ACL must be enforced consistently on all databases Maximum default rights to address book should be set to author with all other rights and roles removed © Sanjaya Kumar Saxena
Group Best Practices Hierarchical name of the user is always entered in a group Purpose should be clearly defined in the group document Access level code (M-Manager, D-Designer, E-Editor, A-Author, R-Reader, and P-Depositor) must be part of the group name as the first letter of the name While assigning the ACL, the appropriate user type must be selected While creating, moving, or deleting a user, updates in the appropriate groups are always made. Similar care is taken for servers also. Add LocalDomainServers with full access to all databases to ensure correct replication Manager with all roles enabled Add LocalDomainAdmins with full rights and roles for support and troubleshooting © Sanjaya Kumar Saxena
Recommended Groups DenyAccess AllowDBCreationOn<server> Administrator<server> © Sanjaya Kumar Saxena

Recomendados

SECURITY
SECURITYSECURITY
SECURITYBryan Payne
 
Giaspace Managed Services
Giaspace Managed ServicesGiaspace Managed Services
Giaspace Managed ServicesRobert Giannini
 
SMB Information Protection Portfolio
SMB Information Protection PortfolioSMB Information Protection Portfolio
SMB Information Protection PortfolioSymantec
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
PrivateGSM demo quickstart guide iphone_en
PrivateGSM demo quickstart guide iphone_enPrivateGSM demo quickstart guide iphone_en
PrivateGSM demo quickstart guide iphone_enPrivateWave Italia SpA
 
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...Microsoft Private Cloud
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 

Recomendados

SECURITY
SECURITYSECURITY
SECURITYBryan Payne
 
Giaspace Managed Services
Giaspace Managed ServicesGiaspace Managed Services
Giaspace Managed ServicesRobert Giannini
 
SMB Information Protection Portfolio
SMB Information Protection PortfolioSMB Information Protection Portfolio
SMB Information Protection PortfolioSymantec
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
PrivateGSM demo quickstart guide iphone_en
PrivateGSM demo quickstart guide iphone_enPrivateGSM demo quickstart guide iphone_en
PrivateGSM demo quickstart guide iphone_enPrivateWave Italia SpA
 
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...Microsoft Private Cloud
 
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux[Chaco] Soluciones de Seguridad – Nicolás Pérez, Giux
[Chaco] Soluciones de Seguridad – Nicolás Pérez, GiuxIBMSSA
 
Saravanan_Resume_IBM Updated
Saravanan_Resume_IBM UpdatedSaravanan_Resume_IBM Updated
Saravanan_Resume_IBM UpdatedSaravanan Manickam
 
Ambesh
AmbeshAmbesh
AmbeshAmbesh Sharma
 
Manoj Kumar_CA
Manoj Kumar_CAManoj Kumar_CA
Manoj Kumar_CAManoj Kumar M
 
Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Ahmed
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinhaSomnath Sinha
 
CIO Technical Series - Solving Scan Gun Performance Issues
CIO Technical Series - Solving Scan Gun Performance IssuesCIO Technical Series - Solving Scan Gun Performance Issues
CIO Technical Series - Solving Scan Gun Performance IssuesBruce McCullough
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
Password Management
Password ManagementPassword Management
Password ManagementPortalGuard dba PistolStar, Inc.
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Securing Public Web Servers
Securing Public Web ServersSecuring Public Web Servers
Securing Public Web Serverswebhostingguy
 
Código Seguro
Código SeguroCódigo Seguro
Código SeguroThiago Bertuzzi
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
Chris siteminder
Chris siteminderChris siteminder
Chris siteminderJoseph Christie
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
iSecureCyber (Long Pitch Deck)
iSecureCyber (Long Pitch Deck)iSecureCyber (Long Pitch Deck)
iSecureCyber (Long Pitch Deck)Prabir Saha
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Resume update executive it
Resume update executive itResume update executive it
Resume update executive itAjaya Mohanty
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experiencegaurav sharma
 
Statistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourStatistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourSanjaya K Saxena
 
Lotus Admin Training Part II
Lotus Admin Training Part IILotus Admin Training Part II
Lotus Admin Training Part IISanjaya K Saxena
 

Más contenido relacionado

Similar a Lotus Security Part II

Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Ahmed
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinhaSomnath Sinha
 
CIO Technical Series - Solving Scan Gun Performance Issues
CIO Technical Series - Solving Scan Gun Performance IssuesCIO Technical Series - Solving Scan Gun Performance Issues
CIO Technical Series - Solving Scan Gun Performance IssuesBruce McCullough
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Securing Public Web Servers
Securing Public Web ServersSecuring Public Web Servers
Securing Public Web Serverswebhostingguy
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesNetworkCollaborators
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
iSecureCyber (Long Pitch Deck)
iSecureCyber (Long Pitch Deck)iSecureCyber (Long Pitch Deck)
iSecureCyber (Long Pitch Deck)Prabir Saha
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Resume update executive it
Resume update executive itResume update executive it
Resume update executive itAjaya Mohanty
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experiencegaurav sharma
 

Similar a Lotus Security Part II (20)

Saravanan_Resume_IBM Updated
Saravanan_Resume_IBM UpdatedSaravanan_Resume_IBM Updated
Saravanan_Resume_IBM Updated
 
Ambesh
AmbeshAmbesh
Ambesh
 
Manoj Kumar_CA
Manoj Kumar_CAManoj Kumar_CA
Manoj Kumar_CA
 
Wasib Resume(Information Security)
Wasib Resume(Information Security)Wasib Resume(Information Security)
Wasib Resume(Information Security)
 
Resume somnath sinha
Resume somnath sinhaResume somnath sinha
Resume somnath sinha
 
CIO Technical Series - Solving Scan Gun Performance Issues
CIO Technical Series - Solving Scan Gun Performance IssuesCIO Technical Series - Solving Scan Gun Performance Issues
CIO Technical Series - Solving Scan Gun Performance Issues
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018
 
Password Management
Password ManagementPassword Management
Password Management
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Securing Public Web Servers
Securing Public Web ServersSecuring Public Web Servers
Securing Public Web Servers
 
Código Seguro
Código SeguroCódigo Seguro
Código Seguro
 
Cisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response ServicesCisco Connect 2018 Singapore - Cisco Incident Response Services
Cisco Connect 2018 Singapore - Cisco Incident Response Services
 
Chris siteminder
Chris siteminderChris siteminder
Chris siteminder
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 
iSecureCyber (Long Pitch Deck)
iSecureCyber (Long Pitch Deck)iSecureCyber (Long Pitch Deck)
iSecureCyber (Long Pitch Deck)
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Resume update executive it
Resume update executive itResume update executive it
Resume update executive it
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experience
 

Más de Sanjaya K Saxena

Statistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourStatistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourSanjaya K Saxena
 
Lotus Admin Training Part II
Lotus Admin Training Part IILotus Admin Training Part II
Lotus Admin Training Part IISanjaya K Saxena
 
Lotus Admin Training Part I
Lotus Admin Training Part ILotus Admin Training Part I
Lotus Admin Training Part ISanjaya K Saxena
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information SecuritySanjaya K Saxena
 

Más de Sanjaya K Saxena (6)

Statistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided TourStatistics & Decision Science for Agile - A Guided Tour
Statistics & Decision Science for Agile - A Guided Tour
 
Lotus Admin Training Part II
Lotus Admin Training Part IILotus Admin Training Part II
Lotus Admin Training Part II
 
Lotus Admin Training Part I
Lotus Admin Training Part ILotus Admin Training Part I
Lotus Admin Training Part I
 
Lotus Security Part I
Lotus Security Part ILotus Security Part I
Lotus Security Part I
 
Understanding Information Security
Understanding Information SecurityUnderstanding Information Security
Understanding Information Security
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 

Último

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Último (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

Lotus Security Part II

  • 1. Lotus Domino Building Rock Solid Security Part - II © Sanjaya Kumar Saxena
  • 2. Defining Security Policy Basic Methodology Know Your Business Needs Identify and inventory assets and threats POLICY Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis eleifend ornare nisi, id pellentesque nunc luctus vitae. Proin erat sem, mattis sit amet dapibus pulvinar, tempus id diam. Morbi non nisl ante, vel euismod tortor. Curabitur rhoncus tellus a felis rutrum vel luctus erat laoreet. Nunc non lobortis Develop a policy for Operations, Monitoring & Upgrade turpis. Nam ultrices, nulla in sodales semper, turpis risus cursus orci, ac posuere mauris sapien quis diam. Phasellus gravida dapibus interdum. Aliquam erat volutpat. Donec eget massa vitae tortor faucibus congue sed sed justo. Curabitur elementum enim quis sem fringilla pulvinar. Proin sit amet augue sed urna euismod congue eget id mi. In elit nisi, of Infrastructure from Security perspective posuere non malesuada a, aliquam eget enim. Aenean scelerisque velit ut nisi consectetur a consequat magna viverra. Quisque vel lorem sit amet eros dignissim lobortis. Maece- nas quis nisl tortor, eu bibendum nunc. Fusce vitae felis ut tortor commodo tempus. Curabitur ligula lorem, blandit nec feugiat in, ultricies in nibh. Morbi iaculis eleifend porttitor. Cras eget purus diam. Quisque posuere accumsan felis vel tristique. Communicate Security Policy to Employees, including necessary training Enforce Policy Learn and Improve © Sanjaya Kumar Saxena
  • 3. Know Your Business Needs Integrity, Accuracy and Safeguarding the Organization's Information Assets Availability of Critical Assets Lowering the Threats and Risks possible to the Information Assets Necessary confidentiality of the Critical Assets Regulatory Compliance as required by the Law of the Land © Sanjaya Kumar Saxena
  • 4. Identify and Inventory Assets & Threats Assets Servers Applications Data DNSBL Queries DOS Unauthorized Access Risk Analysis Asset Threat Probability Impact Exposure=pxi © Sanjaya Kumar Saxena
  • 5. Develop Security Policy Risk Analysis helps develop Security Policy Each policy must have a corresponding process POLICY PROCESS High Quality Passwords to Run dictionary attack once every month be used by every user Train new employees on how to create easy-to- remember quality passwords Configure Domino password policy POLICY Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis eleifend ornare nisi, id pellentesque nunc luctus vitae. Proin erat sem, mattis sit amet dapibus pulvinar, tempus id diam. Morbi non nisl ante, vel euismod tortor. Curabitur rhoncus tellus a felis rutrum vel luctus erat laoreet. Nunc non lobortis turpis. Nam ultrices, nulla in sodales semper, turpis risus cursus orci, ac posuere mauris sapien quis diam. Phasellus gravida dapibus interdum. Aliquam erat volutpat. Donec eget massa vitae tortor faucibus congue sed sed justo. Curabitur elementum enim quis sem fringilla pulvinar. Proin sit amet augue sed urna euismod congue eget id mi. In elit nisi, posuere non malesuada a, aliquam eget enim. Aenean scelerisque velit ut nisi consectetur a consequat magna viverra. Quisque vel lorem sit amet eros dignissim lobortis. Maece- nas quis nisl tortor, eu bibendum nunc. Fusce vitae felis ut tortor commodo tempus. Curabitur ligula lorem, blandit nec feugiat in, ultricies in nibh. Morbi iaculis eleifend porttitor. Cras eget purus diam. Quisque posuere accumsan felis vel tristique. © Sanjaya Kumar Saxena
  • 6. Develop Security Policy Essential Processes: Develop Monitoring Process Develop Incident Develop Configuration Management Process Management Process POLICY Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis eleifend ornare nisi, id pellentesque nunc luctus vitae. Proin erat sem, mattis sit amet dapibus pulvinar, tempus id diam. Morbi non nisl ante, vel euismod tortor. Curabitur rhoncus tellus a felis rutrum vel luctus erat laoreet. Nunc non lobortis turpis. Nam ultrices, nulla in sodales semper, turpis risus cursus orci, ac posuere mauris sapien quis diam. Phasellus gravida dapibus interdum. Aliquam erat volutpat. Donec eget massa vitae tortor faucibus congue sed sed justo. Curabitur elementum enim quis sem fringilla pulvinar. Proin sit amet augue sed urna euismod congue eget id mi. In elit nisi, posuere non malesuada a, aliquam eget enim. Aenean scelerisque velit ut nisi consectetur a consequat magna viverra. Quisque vel lorem sit amet eros dignissim lobortis. Maece- nas quis nisl tortor, eu bibendum nunc. Fusce vitae felis ut tortor commodo tempus. Curabitur ligula lorem, blandit nec feugiat in, ultricies in nibh. Morbi iaculis eleifend porttitor. Cras eget purus diam. Quisque posuere accumsan felis vel tristique. © Sanjaya Kumar Saxena
  • 8. Domino Security Model Network Firewalls IPs SSL Work Station Server ECL Work Station Ports Java Applet OS Domino Server Servers Java Script Handling Patches ACL Services Access Privilege ACL Design Elements Documents Forms Encryption Key Views Reader/Author Field Folders Who can read this Fields Doc. © Sanjaya Kumar Saxena
  • 9. Secure Messaging E-mails by default travel in clear text over the network E-mails are normally transported in plain text over the network including the internet. This makes e- mails vulnerable to packet sniffing. The simple way to protect e-mails being read on over the wire is to encrypt the mail traffic. Any standard sniffer can intercept mail contents By default, contents are also stored in clear text To prevent unauthorized access to e-mails from unauthorized access, it is a good idea to store encrypted e-mails rather then in clear text. © Sanjaya Kumar Saxena
  • 10. Secure Mail Transmission Network Port Encryption Applicable in Domino Environment SMTP over SSL Transport Layer Security © Sanjaya Kumar Saxena
  • 11. Network Port Encryption Admin Client > Configuration > Server > Set Up Port By default the communication between domino servers or between the notes client and domino server is in clear and therefore can be easily sniffed. Domino port encryption allows the network traffic to be encrypted. This is the best way to secure all in communication between Domino Servers & Notes Clients. © Sanjaya Kumar Saxena
  • 12. SMTP over SSL Using SMTP over SSL, you can encrypt traffic between non-Domino servers over the internet using port 465. However, this is not the popular mechanism in use. © Sanjaya Kumar Saxena
  • 13. Transport Layer Security Transport Layer Security (TLS) is similar to SMTP over SSL except that the encrypted session is initiated over the normal SMTP port i.e. 25. Most mailing server prefer to use TLS. Use ‘Enable’, TLS will be used when other server supports Enable SMTP over SSL © Sanjaya Kumar Saxena
  • 14. Advanced Secure Mail Transmission Exchange Encrypted Messages Use Custom Solution © Sanjaya Kumar Saxena
  • 15. Exchange Encrypted Message © Sanjaya Kumar Saxena
  • 16. Custom Solution Partner Mail Servers Users Mail Server Hosts Partners’ Mailboxes Uses Directory Assistance Separate Domain Uses Partner ID hosted on Partner Mail Server Runs https Leverages New Mail Agent © Sanjaya Kumar Saxena
  • 17. SMTP Best Practice Access Control & Firewall Firewall Firewall Dedicated SMTP/LPAP Mail Servers Anti-Spam Servers SMTP NRPC INTERNET Enable only SMTP Port SECURE Run only SMTP & NETWORK essential tasks Modify SMTP Server Greeting Use Different Domain Use Extended Directory © Sanjaya Kumar Saxena
  • 18. What is Spam? An abuse of Electronic Messaging to send Unsolicited Bulk messages (*wikipedia) Various Types: E-mail Spam: Most Popular Search Engine Spam IM Spam Online Ads Forums, Blogs, Wiki, etc. © Sanjaya Kumar Saxena
  • 19. E-mail Spam Also known as Junk E-mail Unsolicited Bulk E-mail Comes in fancy wrappers Users Say: I can't define it, but I know it when I see it We don’t want it, Users don’t want it … but we still get it … © Sanjaya Kumar Saxena
  • 20. Some Facts related to Spam Approx 200 billion Spam messages are generated per day About 80% of all spam is sent by fewer than 200 spammers 2008 was one of the Lucky years, One ISP (McColo) shutdown brought the SPAM e-mail down by around 50% Only that this was short lived ! © Sanjaya Kumar Saxena
  • 21. Spam-related Trends The following tables show the top10 domains Spammers used in 2008 © Sanjaya Kumar Saxena
  • 22. Spam-related Trends The following tables show the top10 Top Level domains Spammers used in 2008 © Sanjaya Kumar Saxena
  • 23. Spam-related Trends .CN seems to be on rise Applicable in Domino Environment More than 97% of Spam URLs are up for a week or less Random.com © Sanjaya Kumar Saxena
  • 24. Spammer Techniques E-Mail Harvesting Mail Sender Spoofing E-Mail Validation Directory Attack Open Relay Friendly ISPs (Remember McColo case) Fake Received Header Phishing © Sanjaya Kumar Saxena
  • 25. Avoiding Spam Avoiding becoming a target in the first place (best of all) Using an outside mail filtering service (Third Party) Dealing with spam internally at the server and/or user level © Sanjaya Kumar Saxena
  • 26. Preventing Spam Avoiding Spam User Education through E-mail, Security Policy Prevent “Harvesting” Clear distinction while using Official / Personal e-mail ID Avoid your web pages being indexed by search engines Create Free / Temp e-mail addresses and discard after usage Third Party As Software (Trend Micro, Symantec …) As Hardware (Ironport, Baracuda …) As Service (Postini, Yahoo …) Most appealing but Possible issues Availability, TCO and Control © Sanjaya Kumar Saxena
  • 27. Preventing Spam Blocking at Server and User Level Is used even after Third Party, to prevent “False Positives” Prevents Mail Clutter Primarily achieved through Better Architecture Server Configurations Mail Rules Need to understand Load patterns © Sanjaya Kumar Saxena
  • 28. Preventing Spam Access Control & Firewall Firewall Firewall THE ENTERPRISE Dedicated SMTP/LPAP INTERNET Mail Servers Anti-Spam Servers Users Spam Mail Percentage Reduction © Sanjaya Kumar Saxena
  • 29. Preventing Spam Server-level Configurations Block Open Relays (Domino does it by default) Additional Relay Controls in Server Configuration Document Use in-bound intended recipients Verify that Local Domain recipient exists in the Domino directory Address Look-up: Full Name only Whitelist and Blacklist Control Inbound Connection Controls (Reverse DNS Look-up), Server Controls Mailbox Configuration - Held/Dead Messages Logging Level Use Extended SMTP Commands SSL is a good option © Sanjaya Kumar Saxena
  • 30. Preventing Spam Server-level Mail Rules Computers need much more than.. “I can’t define it, but I know when I see it.” You need to define it Identify Patterns Mail and User Behavior Check logs regularly Keep abreast with latest trends © Sanjaya Kumar Saxena
  • 31. Domino Domain Monitoring Pre-configured monitoring capabilities via Single interface to view multiple servers across domains. © Sanjaya Kumar Saxena
  • 32. DDM Security Probes A probe is a discrete check, or set of checks, configured to run against one or more servers, databases, and services. The probe returns status and server health information to DDM.NSF SECURITY PROBE DESCRIPTION Compares a set of baseline security configuration settings to the same settings in a domain. This probe is a "Best Practices" security audit of the domain. Best Practices Note To create your own Best Practices probe, modify the security configuration settings on the Specifics tab. Compares settings in a specific Server document to settings in a Configuration specified "good" Server document. Any discrepancy generates an event. Monitors the access control privileges that groups and individuals Database ACL have in specified databases on the server running the probe. You designate the acceptable access levels on the Specifics tab. Reviews the security properties for a specified database and Database Review generates a report on the probe findings. Generates a report on the security settings specified in the Specifics tab of the Probe document. You have the option of Review selecting the "Directory Profile Note" and the "Security settings in my configuration document" options if you want the settings in those documents reviewed by the probe. © Sanjaya Kumar Saxena
  • 33. DDM Web Probes WEB PROBE NAMES DESCRIPTION Reviews Web server configuration values on specified servers Best Practices against a set of predefined values. Performs a comparison of Web server configuration values on Configuration specified servers against the same values for a known good server or guideline server. © Sanjaya Kumar Saxena
  • 34. Workstation Security Execution Control List Defines various actions allowed in: Notes Workstation Java Applets Java Script © Sanjaya Kumar Saxena
  • 35. ECL has has Notes DB Signature User ECL has corresponds to ECL Signature Policy enforces uniform ECL © Sanjaya Kumar Saxena
  • 36. Sample ECL © Sanjaya Kumar Saxena
  • 37. Access Control Mechanisms Notes ID File Management ACL and Groups © Sanjaya Kumar Saxena
  • 38. Notes ID Management Define a Naming Convention Define Storage and Back-up Mechanism Consider Password Recovery Define default password generation method Define ID file distribution mechanism © Sanjaya Kumar Saxena
  • 39. How is ACL enforced? Direct user entry takes precedence over group membership Always the highest access level right applies All the roles and access flags are added for all matching entries User is listed as author with delete option and listed as editor without delete he will be able to delete all documents © Sanjaya Kumar Saxena
  • 40. ACL Best Practices Anonymous access to database must be avoided ACL must be enforced consistently on all databases Maximum default rights to address book should be set to author with all other rights and roles removed © Sanjaya Kumar Saxena
  • 41. Group Best Practices Hierarchical name of the user is always entered in a group Purpose should be clearly defined in the group document Access level code (M-Manager, D-Designer, E-Editor, A-Author, R-Reader, and P-Depositor) must be part of the group name as the first letter of the name While assigning the ACL, the appropriate user type must be selected While creating, moving, or deleting a user, updates in the appropriate groups are always made. Similar care is taken for servers also. Add LocalDomainServers with full access to all databases to ensure correct replication Manager with all roles enabled Add LocalDomainAdmins with full rights and roles for support and troubleshooting © Sanjaya Kumar Saxena
  • 42. Recommended Groups DenyAccess AllowDBCreationOn<server> Administrator<server> © Sanjaya Kumar Saxena