SlideShare uma empresa Scribd logo
1 de 15
Baixar para ler offline
© 2014 IBM Corporation
BP103
Ready, Aim, Fire: Mastering
the Latest in the
Administrator’s Arsenal
Kim Greene, Kim Greene Consulting, Inc
Ben Menesi, Ytria
52
Securing Your Servers
ID Vault
Use it!!!
– Customer scenarios:
• Lost ID because PC crashed, had to go back to original ID on network drive, which
was created under different certifier than current certifier
• Forgotten passwords
• Setting up new users / existing users get new PCs/laptops
- Notes client setup simply pulls ID from vault, no manual handling of ID file
Tip:
– If have multiple OUs, easiest to implement from top OU
Gotcha:
– Doesn’t work in Citrix® environments (yet)
53
Domino
8.5
Protected Groups
Prevents accidental deletion of designated “critical” groups
Configured in Directory Profile of the Domino Directory
– Tip: You must edit and save once to become operational
Requires Domino directory to have 9 design
Defaults to LocalDomainAdmins, LocalDomainServers, and OtherDomainServers
54
Domino
9.0
Protected Groups
Open Domino Directory→Actions→Edit Directory Profile
55
Protected Groups
Prevent deletion of these groups
56
Password Checking
Password checking is crucial for securing IDs
Enable in both Server document and Person document
57
+
Internet Password Lockout
Set threshold for Internet password authentication failures for HTTP users
58
Locking down your server’s ACLs
Ensuring that your Domino databases are locked down from the server side can be vital.
– Make sure Anonymous has no access to your databases (especially system databases!)
– Use DominoHunter to gather information from the outside
• You might be surprised what you find!
DominoHunter: open-source PERL script that automates opening and querying standard
databases from the web
– Beware: even if you get satisfying results, you may have databases left open to the web
that this script won’t find!
• It works based on a pre-set list of system databases
• Use syntax: dh.pl –h targetaddress.com –l results.txt
59
Locking down your server’s ACLs
DominoHunter results
60
Locking down your server’s ACLs
Easy to recognize when looking into Domlog.nsf (for v0.9 it records thousands of hits from
the same IP!)
– You can even write an agent to get notified about such attempts / attacks
61
Domino server ports
Make sure not to leave ports open that you do not have to
– This will be the number 1 step for any potential outside attack
– Nmap is a great tool to test for open ports:
62
Domino server ports
Make sure not to leave ports open that you do not have to
– This is the number 1 step for any attacker
– You can use Nmap to scan for open ports
• DomLog records hit when selecting intense scan
63
How to Contact Us
76
@iSeriesDomino
www.linkedin.com/in/kimgreeneconsulting
@BenMenesi
ca.linkedin.com/in/benedekmenesi
Contact – Ben Menesi Contact – Kim Greene
We’d love to hear from you!
kim@kimgreene.comben.menesi@ytria.com
78
Acknowledgements and Disclaimers
© Copyright IBM Corporation 2014. All rights reserved.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM, the IBM logo, ibm.com, and IBM Domino®, IBM Notes Domino®, IBM Notes®, IBM Traveler®, Sametime® LotusScript® are trademarks or registered trademarks of International
Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a
trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be
registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at
www.ibm.com/legal/copytrade.shtml
This slide presentation may contain the following copyrighted, trademarked, and / or restricted terms:
Microsoft®, Windows®, Microsoft Office®, Ytria®, Panagenda®, Visual Basic®, Java®, Perl®, OGSi®, Trust-factory®, Citrix®
Other company, product, or service names may be trademarks or service marks of others.
Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither
intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information
contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise
related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or
its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and
performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you
will result in any specific sales, revenue growth or other results.

Mais conteúdo relacionado

Destaque

Email Etiquette
Email EtiquetteEmail Etiquette
Email EtiquetteRIU6
 
Etiquette and good manners
Etiquette and good mannersEtiquette and good manners
Etiquette and good mannersNadine Daher
 
Good and bad manners
Good and bad mannersGood and bad manners
Good and bad mannersAynur Bekeeva
 
Effective emailing ppt
Effective emailing pptEffective emailing ppt
Effective emailing pptSameer Gupta
 
Office Etiquette PowerPoint Presentation
Office Etiquette PowerPoint PresentationOffice Etiquette PowerPoint Presentation
Office Etiquette PowerPoint PresentationAndrew Schwartz
 
Business policy & strategic management
Business policy & strategic managementBusiness policy & strategic management
Business policy & strategic managementShashankdiv
 

Destaque (12)

Office Layout
Office LayoutOffice Layout
Office Layout
 
Email Etiquette at work
Email Etiquette at workEmail Etiquette at work
Email Etiquette at work
 
Good manners
Good mannersGood manners
Good manners
 
Email Etiquette
Email EtiquetteEmail Etiquette
Email Etiquette
 
Office Etiquette
Office EtiquetteOffice Etiquette
Office Etiquette
 
Etiquette and good manners
Etiquette and good mannersEtiquette and good manners
Etiquette and good manners
 
Workplace etiquette & manners
Workplace etiquette & mannersWorkplace etiquette & manners
Workplace etiquette & manners
 
Good and bad manners
Good and bad mannersGood and bad manners
Good and bad manners
 
Email Writing Skills
Email Writing SkillsEmail Writing Skills
Email Writing Skills
 
Effective emailing ppt
Effective emailing pptEffective emailing ppt
Effective emailing ppt
 
Office Etiquette PowerPoint Presentation
Office Etiquette PowerPoint PresentationOffice Etiquette PowerPoint Presentation
Office Etiquette PowerPoint Presentation
 
Business policy & strategic management
Business policy & strategic managementBusiness policy & strategic management
Business policy & strategic management
 

Semelhante a Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x

Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...SocialBiz UserGroup
 
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...SocialBiz UserGroup
 
What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9sreeJk
 
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...panagenda
 
Sunny Days, (Smart)Cloud-y Users
Sunny Days, (Smart)Cloud-y UsersSunny Days, (Smart)Cloud-y Users
Sunny Days, (Smart)Cloud-y UsersMitch Cohen
 
DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017panagenda
 
IBM Connections Adminblast - Connect17 (DEV 1268)
IBM Connections Adminblast - Connect17 (DEV 1268)IBM Connections Adminblast - Connect17 (DEV 1268)
IBM Connections Adminblast - Connect17 (DEV 1268)Nico Meisenzahl
 
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour RightBP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour RightGabriella Davis
 
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...SocialBiz UserGroup
 
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...Chris Miller
 
Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...
Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...
Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...SocialBiz UserGroup
 
Tip from IBM Connect2014: XPages Accessibility
Tip from IBM Connect2014: XPages AccessibilityTip from IBM Connect2014: XPages Accessibility
Tip from IBM Connect2014: XPages AccessibilitySocialBiz UserGroup
 
Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts Benedek Menesi
 
AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...
AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...
AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...William Holmes
 
DESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA IIIDESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA IIIUlf Troppens
 
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM ConnectionsTip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM ConnectionsSocialBiz UserGroup
 
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARInterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARDevOps for Enterprise Systems
 
IBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep DiveIBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep DiveDavid Currie
 
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017panagenda
 

Semelhante a Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x (20)

Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
Tip from IBM Connect 2014: Extend Your Security into the Cloud with IBM Smart...
 
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
Tip from ConnectED 2015: An intro to IBM Security Directory Integrator for IB...
 
What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9What's new in notes domino 901 feature pack 9
What's new in notes domino 901 feature pack 9
 
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...DEV-1269: Best and Worst Practices for Deploying IBM Connections  – IBM Conne...
DEV-1269: Best and Worst Practices for Deploying IBM Connections – IBM Conne...
 
Sunny Days, (Smart)Cloud-y Users
Sunny Days, (Smart)Cloud-y UsersSunny Days, (Smart)Cloud-y Users
Sunny Days, (Smart)Cloud-y Users
 
DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017DEV-1268: IBM Connections Adminblast – IBM Connect 2017
DEV-1268: IBM Connections Adminblast – IBM Connect 2017
 
IBM Connections Adminblast - Connect17 (DEV 1268)
IBM Connections Adminblast - Connect17 (DEV 1268)IBM Connections Adminblast - Connect17 (DEV 1268)
IBM Connections Adminblast - Connect17 (DEV 1268)
 
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour RightBP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
 
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
Tip from ConnectED 2015: IBM Sametime - Design and Implementation of a Full H...
 
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...
 
Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...
Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...
Tip from ConnectED: Notes Goes Cloud: The IBM Notes Browser Plug-in Integrate...
 
Tip from IBM Connect2014: XPages Accessibility
Tip from IBM Connect2014: XPages AccessibilityTip from IBM Connect2014: XPages Accessibility
Tip from IBM Connect2014: XPages Accessibility
 
Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts Logging Wars: A Cross-Product Tech Clash Between Experts
Logging Wars: A Cross-Product Tech Clash Between Experts
 
AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...
AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...
AD506: IBM Connect 2014. IBM Sametime Proxy 9: A fuller, richer customizable ...
 
DESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA IIIDESY's new data taking and analysis infrastructure for PETRA III
DESY's new data taking and analysis infrastructure for PETRA III
 
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM ConnectionsTip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
Tip from ConnectED 2015: Best and Worst Practices Deploying IBM Connections
 
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARInterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
 
2829 liberty
2829 liberty2829 liberty
2829 liberty
 
IBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep DiveIBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep Dive
 
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
DEV-1185: IBM Notes Performance Boost - Reloaded – IBM Connect 2017
 

Mais de SocialBiz UserGroup

Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...
Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...
Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...SocialBiz UserGroup
 
Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...
Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...
Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...SocialBiz UserGroup
 
Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...
Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...
Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...SocialBiz UserGroup
 
Tip from ConnectED 2015: Considerations for the cloud
Tip from ConnectED 2015: Considerations for the cloudTip from ConnectED 2015: Considerations for the cloud
Tip from ConnectED 2015: Considerations for the cloudSocialBiz UserGroup
 
Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...
Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...
Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...SocialBiz UserGroup
 
Tip from IBM Connect 2014: Mobile security roundup
Tip from IBM Connect 2014: Mobile security roundupTip from IBM Connect 2014: Mobile security roundup
Tip from IBM Connect 2014: Mobile security roundupSocialBiz UserGroup
 
Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...
Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...
Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...SocialBiz UserGroup
 
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...SocialBiz UserGroup
 
Tip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your Options
Tip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your OptionsTip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your Options
Tip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your OptionsSocialBiz UserGroup
 
Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...
Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...
Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...SocialBiz UserGroup
 
Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...
Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...
Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...SocialBiz UserGroup
 
Tip from IBM Connect 2014: IBM Domino 64-bit: All you need to know
Tip from IBM Connect 2014: IBM Domino 64-bit: All you need to knowTip from IBM Connect 2014: IBM Domino 64-bit: All you need to know
Tip from IBM Connect 2014: IBM Domino 64-bit: All you need to knowSocialBiz UserGroup
 
IBM Domino Designer: Tips and tricks for maximum productivity
IBM Domino Designer: Tips and tricks for maximum productivityIBM Domino Designer: Tips and tricks for maximum productivity
IBM Domino Designer: Tips and tricks for maximum productivitySocialBiz UserGroup
 
I've Installed Connections Now What?
I've Installed Connections Now What?I've Installed Connections Now What?
I've Installed Connections Now What?SocialBiz UserGroup
 

Mais de SocialBiz UserGroup (14)

Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...
Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...
Tip from ConnectED 2015: Using Bootstrap and Ratchet frameworks in Domino mob...
 
Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...
Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...
Tip from ConnectED 2015: How to Use Those Cool New Frameworks in Mobile Domin...
 
Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...
Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...
Tip from ConnectED 2015: Managing your Enterprise Data in the Cloud – Securit...
 
Tip from ConnectED 2015: Considerations for the cloud
Tip from ConnectED 2015: Considerations for the cloudTip from ConnectED 2015: Considerations for the cloud
Tip from ConnectED 2015: Considerations for the cloud
 
Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...
Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...
Tip from IBM Connect 2014: Rapid XPages Developing Using the Application Layo...
 
Tip from IBM Connect 2014: Mobile security roundup
Tip from IBM Connect 2014: Mobile security roundupTip from IBM Connect 2014: Mobile security roundup
Tip from IBM Connect 2014: Mobile security roundup
 
Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...
Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...
Tip from IBM Connect 2014: Socialytics = Social Business, Big Social Data and...
 
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
Tip from IBM Connect 2014: IBM Notes Goes Cloud: How GAD Created an Integrate...
 
Tip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your Options
Tip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your OptionsTip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your Options
Tip from IBM Connect 2014: Stepping into the Cloud and Evaluating Your Options
 
Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...
Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...
Tip from IBM Connect 2014: What You Shouldn't Care About With Cloud, But Do A...
 
Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...
Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...
Tip from IBM Connect 2014: XPages Mobile Development in IBM Domino 9.0.1 and ...
 
Tip from IBM Connect 2014: IBM Domino 64-bit: All you need to know
Tip from IBM Connect 2014: IBM Domino 64-bit: All you need to knowTip from IBM Connect 2014: IBM Domino 64-bit: All you need to know
Tip from IBM Connect 2014: IBM Domino 64-bit: All you need to know
 
IBM Domino Designer: Tips and tricks for maximum productivity
IBM Domino Designer: Tips and tricks for maximum productivityIBM Domino Designer: Tips and tricks for maximum productivity
IBM Domino Designer: Tips and tricks for maximum productivity
 
I've Installed Connections Now What?
I've Installed Connections Now What?I've Installed Connections Now What?
I've Installed Connections Now What?
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Tip from IBM Connect 2014: New security features in IBM Domino 8.5.x-9.x

  • 1. © 2014 IBM Corporation BP103 Ready, Aim, Fire: Mastering the Latest in the Administrator’s Arsenal Kim Greene, Kim Greene Consulting, Inc Ben Menesi, Ytria
  • 3. ID Vault Use it!!! – Customer scenarios: • Lost ID because PC crashed, had to go back to original ID on network drive, which was created under different certifier than current certifier • Forgotten passwords • Setting up new users / existing users get new PCs/laptops - Notes client setup simply pulls ID from vault, no manual handling of ID file Tip: – If have multiple OUs, easiest to implement from top OU Gotcha: – Doesn’t work in Citrix® environments (yet) 53 Domino 8.5
  • 4. Protected Groups Prevents accidental deletion of designated “critical” groups Configured in Directory Profile of the Domino Directory – Tip: You must edit and save once to become operational Requires Domino directory to have 9 design Defaults to LocalDomainAdmins, LocalDomainServers, and OtherDomainServers 54 Domino 9.0
  • 5. Protected Groups Open Domino Directory→Actions→Edit Directory Profile 55
  • 7. Password Checking Password checking is crucial for securing IDs Enable in both Server document and Person document 57 +
  • 8. Internet Password Lockout Set threshold for Internet password authentication failures for HTTP users 58
  • 9. Locking down your server’s ACLs Ensuring that your Domino databases are locked down from the server side can be vital. – Make sure Anonymous has no access to your databases (especially system databases!) – Use DominoHunter to gather information from the outside • You might be surprised what you find! DominoHunter: open-source PERL script that automates opening and querying standard databases from the web – Beware: even if you get satisfying results, you may have databases left open to the web that this script won’t find! • It works based on a pre-set list of system databases • Use syntax: dh.pl –h targetaddress.com –l results.txt 59
  • 10. Locking down your server’s ACLs DominoHunter results 60
  • 11. Locking down your server’s ACLs Easy to recognize when looking into Domlog.nsf (for v0.9 it records thousands of hits from the same IP!) – You can even write an agent to get notified about such attempts / attacks 61
  • 12. Domino server ports Make sure not to leave ports open that you do not have to – This will be the number 1 step for any potential outside attack – Nmap is a great tool to test for open ports: 62
  • 13. Domino server ports Make sure not to leave ports open that you do not have to – This is the number 1 step for any attacker – You can use Nmap to scan for open ports • DomLog records hit when selecting intense scan 63
  • 14. How to Contact Us 76 @iSeriesDomino www.linkedin.com/in/kimgreeneconsulting @BenMenesi ca.linkedin.com/in/benedekmenesi Contact – Ben Menesi Contact – Kim Greene We’d love to hear from you! kim@kimgreene.comben.menesi@ytria.com
  • 15. 78 Acknowledgements and Disclaimers © Copyright IBM Corporation 2014. All rights reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo, ibm.com, and IBM Domino®, IBM Notes Domino®, IBM Notes®, IBM Traveler®, Sametime® LotusScript® are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml This slide presentation may contain the following copyrighted, trademarked, and / or restricted terms: Microsoft®, Windows®, Microsoft Office®, Ytria®, Panagenda®, Visual Basic®, Java®, Perl®, OGSi®, Trust-factory®, Citrix® Other company, product, or service names may be trademarks or service marks of others. Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.