Lotus security handbook / William Tworek ... [et al.].

Format:

Book

Contributor:

Tworek, William.

International Business Machines Corporation. International Technical Support Organization.

Series:

IBM redbooks.

IBM redbooks

Language:

English

Subjects (All):

Business enterprises--Computer networks--Security measures.

Business enterprises.

Lotus Notes.

Lotus Domino.

Physical Description:

xviii, 698 p. : ill.

Edition:

1st ed.

Place of Publication:

[S.l.] : IBM, International Technical Support Organization, 2004.

Language Note:

English

Contents:

Front cover

Contents

Notices

Trademarks

Preface

The team that wrote this redbook

Become a published author

Comments welcome

Part 1 Security concepts introduced

Chapter 1. Fundamentals of IT security

1.1 Introduction

1.1.1 Knowledge capital

1.1.2 The CSI/FBI Computer Crime and Security Survey

1.1.3 CERT figures

1.2 Important terminology

1.2.1 Computer system

1.2.2 Computer network

1.2.3 IT infrastructure

1.2.4 Computer security

1.2.5 Information classification

1.2.6 Information classification caveat

1.3 Computer security services

1.3.1 Data integrity

1.3.2 Confidentiality

1.3.3 Identification and authentication

1.3.4 Access control

1.3.5 Non-repudiation

1.4 Cryptographic techniques

1.4.1 Cryptography

1.4.2 Symmetric key algorithms

1.4.3 Asymmetric key algorithms

1.4.4 The hybrid algorithm

1.4.5 Digital signatures

1.4.6 Public key certificates

1.4.7 Public key cryptographic standard

1.5 Summary

Chapter 2. Security methodologies

2.1 Approaches to IT security

2.1.1 Some definitions

2.1.2 Risk mitigation

2.1.3 The human element

2.1.4 Selecting a methodology

2.2 ISO17799

2.2.1 Some history

2.2.2 What ISO 17799 contains

2.2.3 What ISO 17799 doesn't contain

2.3 Common Criteria (International Standard 15408)

2.4 Method for Architecting Secure Solutions (MASS)

2.4.1 Problem statement

2.4.2 Analysis

2.4.3 System model for security

2.4.4 Security subsystems

2.4.5 Developing security architectures

2.4.6 Business process model

2.4.7 Selection and enumeration of subsystems

2.4.8 Documenting a conceptual security architecture

2.4.9 Integrating security into the overall solution architecture

2.4.10 Use cases

2.4.11 MAAS Conclusions

2.5 The ISSL methodology.

2.5.1 Brief introduction to the methodology

2.5.2 Phase 1: Assess

2.5.3 Phase 2: Build

2.5.4 Phase 3: Manage

2.6 Summary

Part 2 Building a secure infrastructure

Chapter 3. Secure infrastructure requirements

3.1 The need for secure infrastructures

3.2 Infrastructure security requirements

3.2.1 Data confidentiality assurance

3.2.2 Data integrity assurance

3.3 Summary

Chapter 4. Security components and layers

4.1 Infrastructure components

4.1.1 Firewall overview

4.1.2 Firewall products

4.1.3 Routers, switches, and hubs

4.1.4 Proxy servers

4.1.5 Intrusion detection systems

4.1.6 Enterprise access management and identity management systems

4.1.7 Application servers

4.2 Security architecture model

4.2.1 The DMZ model: a retrospective

4.2.2 The four zone model

4.2.3 Zone boundaries

4.2.4 Interzone connectivity: Data flow policies

4.2.5 Data access models

4.2.6 Data flow policies

4.3 Design validation

4.3.1 Data flow example

4.4 Summary

Chapter 5. Proxies

5.1 Proxies defined

5.2 The proxy process

5.3 Types of proxies

5.3.1 Forward proxies

5.3.2 Transparent proxies

5.3.3 Caching proxies

5.3.4 Security proxies

5.3.5 Reverse proxies

5.4 Reverse proxies and Lotus technologies

5.4.1 Domino caching considerations

5.4.2 HTTP Methods required for Domino

5.4.3 URL mappings required for Domino and Domino-based products

5.5 Lotus Sametime 3.1 proxy support

5.5.1 Overview of Sametime 3.1 proxy support

5.5.2 Reverse proxy server requirements

5.5.3 Sametime limitations when using reverse proxy servers

5.5.4 SSL and client certification considerations and issues

5.5.5 Mapping rules on the reverse proxy server to support Sametime

5.5.6 Configuring Sametime 3.1 for reverse proxy support

5.6 General reverse proxy tips.

5.7 Summary

Chapter 6. Public key infrastructures

6.1 The Notes PKI

6.1.1 Registration and certification

6.1.2 Certification hierarchies

6.1.3 Notes IDs

6.1.4 Notes passwords

6.1.5 The Domino Directory

6.1.6 The Domino domain

6.1.7 Certification hierarchies

6.1.8 Notes cross-certification

6.1.9 Authentication

6.1.10 Notes authentication

6.1.11 Data integrity with digital signatures

6.1.12 Confidentiality with encryption

6.1.13 Notes PKI summary

6.2 The Internet PKI

6.2.1 Internet standards

6.2.2 Components of a PKI

6.2.3 X.509 certificates

6.2.4 Web client authentication

6.2.5 Secure Sockets Layer

6.2.6 The Domino Certificate Authority

6.2.7 Secure Internet messaging

6.2.8 Secure messaging with PGP

6.2.9 Secure messaging with S/MIME

6.2.10 Using Lotus Notes 6 as an S/MIME client

6.3 Summary

Chapter 7. Single sign-on

7.1 SSO methods

7.1.1 Single password or SSO

7.2 LTPA

7.2.1 Authentication

7.2.2 Access control

7.2.3 Troubleshooting LTPA issues

7.3 X.509 certificates

7.3.1 Authentication

7.3.2 Access control

7.4 DSAPI

7.4.1 Authentication

7.4.2 Access control

7.5 HTTP headers

7.5.1 Authentication

7.5.2 Access control

7.6 A single sign-on scenario

7.7 Summary

Chapter 8. Directory strategies

8.1 Directory fundamentals

8.1.1 LDAP directories

8.2 Multiple directories

8.2.1 Authoritative sources

8.2.2 Points of control

8.2.3 Data management

8.3 Directory synchronization

8.3.1 Data sources

8.3.2 Object classes

8.3.3 Attributes

8.3.4 Attribute and record mapping

8.3.5 Data flows

8.3.6 Event-driven synchronization

8.3.7 Tools

8.4 Unified directory service

8.4.1 Account provisioning

8.4.2 Enterprise access controls

8.5 Summary

Chapter 9. Server hardening.

9.1 Hardening fundamentals

9.1.1 Starting with the operating system

9.1.2 Protection and prevention tools

9.1.3 Hardening fundamentals summary

9.2 Operating system security

9.2.1 Operating system overview

9.2.2 Windows operating system weaknesses

9.2.3 Linux weaknesses

9.3 Hardening Windows (NT kernel-based) systems

9.3.1 Hardening Windows NT 4.0

9.3.2 Hardening Windows 2000

9.3.3 Windows workstation hardening

9.3.4 Further reading

9.4 Hardening UNIX systems

9.4.1 Common steps for hardening UNIX and Linux servers

9.4.2 Partitioning for protection

9.4.3 Disabling the extraneous inetd service

9.4.4 Installing and configuring tcp_wrappers

9.4.5 Tighten sendmail default options

9.4.6 Linux-specific tasks

9.4.7 Solaris-specific tasks

9.4.8 Tweaking the network configurations for security

9.4.9 Remote log server

9.5 Hardening the AIX operating system

9.5.1 Removing information from login screens

9.5.2 Strengthening user security

9.5.3 Defining access to the trusted communication path

9.5.4 Dealing with special situations

9.5.5 Enabling system auditing

9.5.6 Monitoring files, directories, and programs

9.5.7 Managing X11 and CDE concerns

9.5.8 Disabling unnecessary services

9.6 Summary

Part 3 Security features of Lotus products

Chapter 10. The Notes/Domino security model

10.1 Components of the Notes/Domino security model

10.2 Physical security

10.3 Logical security

10.3.1 Network security

10.3.2 Notes security

10.4 Conclusion

Chapter 11. Domino/Notes 6 security features

11.1 Domino server security

11.1.1 User and server access to Domino servers

11.1.2 Administrator access

11.1.3 Web Administrator

11.1.4 Programmability restrictions

11.1.5 Policies and policy documents

11.1.6 Internet Site security.

11.1.7 Physical server security

11.2 HTTP server security

11.2.1 Domino Web Server API

11.2.2 HTTP server plug-ins

11.3 Service provider environment (xSP)

11.4 Roaming users

11.5 Domino certificate authority

11.5.1 Domino server-based certification authority

11.6 Directory services

11.6.1 Directory administration servers

11.6.2 Dedicated directory servers

11.6.3 Directory assistance

11.6.4 Extended access control lists

11.6.5 LDAP directories

11.7 Internet and Notes password synchronization

11.8 Notes ID recovery

11.9 Web client authentication

11.9.1 Name variation considerations

11.9.2 Multi-server session-based authentication (SSO)

11.9.3 Web users from secondary Domino and LDAP directories

11.9.4 Domino name mapping

11.10 Domino Password Checking

11.10.1 The Notes and Domino password checking system

11.10.2 Gaining access to a server and the process flow

11.10.3 Password checking events

11.10.4 More details

11.10.5 iNotes and password checking

11.11 Database access control lists (ACLs)

11.12 Mail security

11.12.1 Controlling spam

11.12.2 Mail policy management

11.13 Domino Off-Line Services

11.14 Notes client security

11.14.1 Smartcards

11.14.2 Execution Control Lists

Chapter 12. Security features of other Lotus products

12.1 Lotus Team Workplace (QuickPlace)

12.1.1 QuickPlace and SSL

12.1.2 User directories

12.1.3 QuickPlace authentication

12.1.4 QuickPlace access control

12.1.5 Server settings in the administration place

12.2 Lotus Sametime

12.2.1 Securing the Sametime Connect client for desktops

12.2.2 Proxy support for Sametime clients

12.2.3 Securing the Sametime Java connect client

12.2.4 Securing the Sametime Meeting Room client

12.2.5 Securing the meeting server

12.3 Domino Web Access (iNotes).

12.3.1 Authentication.

Notes:

"April 2004."

"SG24-7017-00."

Includes bibliographical references and index.

OCLC:

61447608