View
232
Download
0
Tags:
Embed Size (px)
Citation preview
Boost Your Domino Security with BCC DominoProtect
E-Mail: [email protected]
Web: www.bcc.biz
Tel.: +44 20 3290 9224
Fax: +44 20 7100 3714
Becket House, 36 Old Jewry
London EC2R 8DD
BCC Business Collaboration
Company Ltd
Webinar 30th Oct 2014
@BCC_Ltd #BCCWebinar
Boost Your Domino Security
with
Boost Your Domino Security with BCC DominoProtect
Introduction
Arshad Khalid • Director of Technical Services
• Working with Notes/Domino since
1998
• Consultant, Project Manager
• IBM Lotus Top Achiever 2009
• IBM Champion 2014
• @arshad101
Boost Your Domino Security with BCC DominoProtect
About BCC
Housekeeping
• Protect the server ID
Fort Knox without backdoors
• Protect the ID Vault
God mode trap
• Protect against misuse of Full Access Administration
Stealth mode trap
• Prevent & track unauthorised changes in real time
Who let the dogs out?
• Logging and rollback
Questions
Agenda
Boost Your Domino Security with BCC DominoProtect
Boost Your Domino Security with BCC DominoProtect
About BCC
Founded in 1996
IBM Business Partner
Locations: Frankfurt (HQ), Vienna and London
Implementation Partner: Maarga Systems, NJ, US
800+ customers
Boost Your Domino Security with BCC DominoProtect
About BCC
Housekeeping
• Protect the server ID
Fort Knox without backdoors
• Protect the ID Vault
God mode trap
• Protect against misuse of Full Access Administration
Stealth mode trap
• Prevent & track unauthorised changes in real time
Who let the dogs out?
• Logging and rollback
Questions
Agenda
Boost Your Domino Security with BCC DominoProtect
Boost Your Domino Security with BCC DominoProtect
Why Protect the Server ID?
YES, it makes it easy to reboot the server!
But it IS a dangerous practice to not password protect the Server
ID
An unsecured Server ID is your WEAK SPOT!
But you don’t have to take our word for it…
Boost Your Domino Security with BCC DominoProtect
IBM Says So…
“We understand that most Domino servers are not password-protected to make
unattended reboots simpler, but the vault server's ID file is a key element in the
security of your ID vault”
“..a sophisticated attacker with a vault database and one of the corresponding
server IDs...would have all of the cryptographic information needed to
masquerade as the vault server and decrypt all of the ID files stored in the vault”
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/securing-your-notes-id-vault-server
Boost Your Domino Security with BCC DominoProtect
Paul Mooney Says So…
https://twitter.com/SandraCH/status/428268770793381888
Boost Your Domino Security with BCC DominoProtect
BCC DominoProtect
Protect the Server ID with password(s)
• Assign a random password to the server ID
• Assign multiple passwords fulfilling the “two man rule”
• DominoProtect provides the password at startup
• Facilitates automatic server restart
Boost Your Domino Security with BCC DominoProtect
About BCC
Housekeeping
• Protect the server ID
Fort Knox without backdoors
• Protect the ID Vault
God mode trap
• Protect against misuse of Full Access Administration
Stealth mode trap
• Prevent & track unauthorised changes in real time
Who let the dogs out?
• Logging and rollback
Questions
Agenda
Boost Your Domino Security with BCC DominoProtect
Boost Your Domino Security with BCC DominoProtect
ID Vault: Why secure the ACL?
Change ACL?
• Full Access Admins are able to do this
• Server based Script Agents
Preventing unwanted changes in ID Vault is mandatory!
Anyone with Role Auditor & AdminClient is able to download ID Files from ID Vault
Boost Your Domino Security with BCC DominoProtect
BCC DominoProtect
Protect ACL
• Prevent ACL Change
• Track ACL Changes
• Change request via approval workflow
Boost Your Domino Security with BCC DominoProtect
About BCC
Housekeeping
• Protect the server ID
Fort Knox without backdoors
• Protect the ID Vault
God mode trap
• Protect against misuse of Full Access Administration
Stealth mode trap
• Prevent & track unauthorised changes in real time
Who let the dogs out?
• Logging and rollback
Questions
Agenda
Boost Your Domino Security with BCC DominoProtect
Boost Your Domino Security with BCC DominoProtect
Full Access Administration
Can be used to bypass many IBM Domino restrictions
Directly update ACLs
Access sensitive data
Change configuration documents in the Domino Directory
Boost Your Domino Security with BCC DominoProtect
BCC DominoProtect
Disable Full Access Administration
• Via the licence
Field level document security
• Protect specific fields in a document
• Manager, Designer or Editor is not allowed to change secured fields
Change Management
• Request workflows for controlled changes
Boost Your Domino Security with BCC DominoProtect
About BCC
Housekeeping
• Protect the server ID
Fort Knox without backdoors
• Protect the ID Vault
God mode trap
• Protect against misuse of Full Access Administration
Stealth mode trap
• Prevent & track unauthorised changes in real time
Who let the dogs out?
• Logging and rollback
Questions
Agenda
Boost Your Domino Security with BCC DominoProtect
Boost Your Domino Security with BCC DominoProtect
Real time tracking & prevention
Domino logging out of the box is quite basic
Someone with malicious intent could
• Add their name to a group
• Access sensitive data
• Make changes to the data
• Remove themselves from the group
Boost Your Domino Security with BCC DominoProtect
BCC DominoProtect
Protect against unauthorised changes
• Track access to document
• Track modification
• Prevent modification or deletion
• Trigger an email notification
• Start an approval workflow
Boost Your Domino Security with BCC DominoProtect
Demo
Protect against misuse of Full Access Administration
Prevent & track unauthorised changes in real time
Boost Your Domino Security with BCC DominoProtect
About BCC
Housekeeping
• Protect the server ID
Fort Knox without backdoors
• Protect the ID Vault
God mode trap
• Protect against misuse of Full Access Administration
Stealth mode trap
• Protect against unauthorised changes in real time
Who let the dogs out?
• Logging and rollback
Questions
Agenda
Boost Your Domino Security with BCC DominoProtect
Boost Your Domino Security with BCC DominoProtect
Logging and Rollback
Changes made by an interim admin
Changes made by mistake
Not easy to track
Reversing the changes a considerable drain on admin time and
resources
Systems need to be up and running quickly
Boost Your Domino Security with BCC DominoProtect
BCC DominoProtect
Change Management
• Request workflows for controlled changes
• Automated change history and roll back
Detailed monitoring and logging
• Automatic audit proof documentation of all actions related to protected
elements
Boost Your Domino Security with BCC DominoProtect
Demo: Log shows that a request has been received and forwarded to the approvers
Boost Your Domino Security with BCC DominoProtect
Demo: Change request was accepted & the change made in the Domino Directory. It also records old and new values of the field
for audit purposes
Boost Your Domino Security with BCC DominoProtect
In summary
An essential extra layer of security for IBM Domino
Prevent and track changes in real time
Protect server IDs with password and start servers unattended
Safeguard and secure ID Vault & Domino Directory
Prevent misuse of Full Access Admin
Facilitates implementing a “two man rule” via approval workflow
One click Rollback and recovery
Ensure compliance for corporate governance and legal regulations
Boost Your Domino Security with BCC DominoProtect
Arshad Khalid
• @arshad101
BCC
• www.bcc.biz
• @BCC_Ltd
It’s a wrap!
Thank You!
Boost Your Domino Security with BCC DominoProtect
Register to watch the video:
http://www.bcc.biz/hp/bcc_hp.nsf/id
/EN_NotesCode_Webinar_10-2014
Webinar replay online