DominoSecurity.org
(Brought to you by
CHC-3 Consulting
and
DominoAdministration.com
)
This web site helps you understand and implement the security features in Lotus Domino and Notes. If you have made any attempt to use these features, you know they can be complicated -- groups, roles, Reader/Author fields, execution control, certificate authority, certifiers, S/MIME, SSL, etc. Sometimes the security features overlap and/or negate each other.
(Note: I am looking for someone to help me maintain this site. I will continue to pay for the domain name and web hosting, but I need help with updates. Time estimate is about one hour per week. In exchange, you will keep up with security info about Notes/Domino and you can place a tasteful ad on this site for your company/service. Contact me at
www.chc-3.com
.)
Our most recent links, acro
ss all topic
s, are...
If you are working with Domino 8 and using the db2 backend then read the security considerations
here
.
Buffer overflow vulnerability in Lotus Notes file viewer for Lotus 1-2-3 attachments. IBM has listed the technote
here
. A fix for 7 is available from support. For 5 & 6, all you can do is disable the viewer on the client.
SameTime 7.5.1 critical fix 1 is available
here
.
Lotus has posted five security advisories this month. Several have potentially serious consequences. I suggest reading all of them
here
and upgrading your installed Notes/Domino software as Lotus recommends. March 2007.
Notes/Domino Best Practice Checklists
. This document is a set of checklists for Notes and Domino best practices. Categories covered include performance, sizing, administration, security, upgrade & migration, groups & directories, DWA, C&S, transaction logging, and testing of applications.
Domino Security Jumpstart
.
A presentation from Lotusphere 2007.
New Security Features in Domino 8
.
A presentation from Lotusphere 2007.
Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Redbook
. The title is self-explanatory. April 2006.
The main pages of this site, which include the new links, are organized thusly...
Alerts
about security bugs, vulnerabilities and fixes for Domino/Notes.
Articles and books
about Domino/Notes security topics. There is a great deal of information here. Subtopics include:
ND8
,
General Administration
,
Security Principles
,
Application Security
,
Email
,
SSL
,
LDAP
,
Wireless
,
Java
,
Websphere
,
Sametime
,
Quickplace
,
Workplace
,
Public key cryptography
,
Operating system security
, and
Backups
.
Mailing list
for DominoSecurity. The list will be used only for security alerts and news about important new postings to this site. Use the link to sign up. (Here are
archives
of previous newsletters and similar
admin/security tips
I write for SearchDomino.com.)
Products
and
services
related to Domino/Notes security. Some of these companies specialize in Domino security, while others work with general network security.
Other security web sites
. These sites are generally wider in scope than just Domino/Notes but can be valuable. For example, you can go to many of the sites and search for
Domino
or
Notes
to find useful information.
Also, please help make this site better.
Click to
send me links
to books and articles that should be added to this web site. Click to
send me comments
and suggestions to improve the site.
This web site is owned and operated by Chuck Connell and
CHC-3 Consulting
, which provides consulting services related to Domino/Notes security.