SlideShare a Scribd company logo

Best Practices for HCL Notes/Domino Security. Part 2: The Domino Server

panagenda
panagenda

Recording: http://pan.news/20210420 Abstract: Servers are the backbone of your IT environment. Their security is paramount to any IT professional. Particularly with remotely accessible servers this becomes a delicate matter. It is a fine line between making it easy for users to do their job, and making it hard for bad actors to find a way in. Security concerns include the lack of physical security for devices, the use of unsecured networks, the unwanted external availability of internal resources, and unauthorized access from within your own organization. HCL Domino is a powerful and mature server platform with a wide range of functionalities. While this makes it a good choice for many applications, it also means there are many ways to open yourself up to an attack. In this webinar, our experts will help you to look at every aspect of securing your Domino environments: • Learn fundamentals of Domino server security •Fix issues with the default configuration and avoid common pitfalls • Provide safe and secure access via Notes client, HTTP, or SMTP • Set up database access control across your infrastructure • Protect your servers from internal attacks • Avoid vulnerabilities by keeping Domino servers and operating system up-to-date Speaker: Christoph Adler

Software
1 of 32
Download to read offline
Make Your Data Work For You Best Practices for HCL Notes/Domino Security Part 2: The Domino Server 20th April 2021
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Speakers
Agenda 1. Staying current with (security) updates 2. Domino Server Security Fundamentals (DSSF) 3. SMTP Security Settings (quick and dirty faultless) 4. Bonus: HTTP Security or how to get an A+ rating
Make Your Data Work For You 1. Staying current with (security) updates
1. Staying current with (security) updates • Current available and supported releases – Domino 11.0.1 FP3 (April 2021) • No EOL defined yet – Domino 10.0.1 FP6 (September 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697 – Domino 9.0.1 FP10 IF6 (August 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697
1. Staying current with (security) updates (cont.) • Fixes in HCL Notes/Domino 11.0.1 – Fix Pack 1 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0081088 – Fix Pack 2 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085207 – Fix Pack 3 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089555
1. Staying current with (security) updates (cont.) • System requirements for Domino 11.0.1 FP3 (OS) – Microsoft Windows • Windows Server 2012 R2 - 2019 – Linux • Red Hat Enterprise Linux (RHEL) Server 7.4+ & 8.x • SUSE Linux Enterprise Server (SLES) 12.0+ & 15.0+ • CentOS Server 7.4+ (EOL - 2024-06-30) & 8.x (EOL - 2021-12-21) – IBM AIX • AIX 7.2 TL1+ – IBMi • IBM i v7 r2, r3 & r4 (on IBM Power 8 & 9) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077033
Make Your Data Work For You 2. Domino Server Security Fundamentals (DSSF)
2. DSSF - Secure client-server communication • NRPC port settings – NRPC = Notes remote procedure call – Port 1352 – Port settings in notes.ini • Ports=TCPIP • TCPIP = TCP,0,15,0,,45056, → with encryption only • TCPIP = TCP,0,15,0,,45088, → with encryption & compression • TCPIP = TCP,0,15,0,,12288, → DEFAULT - without encryption & compression
2. DSSF - Secure client-server communication (cont.) • Legacy/Default port encryption for Notes/Domino (up to 11.0.1) – RC4 128Bit (Rivest Cipher 4) – Use notes.ini entry LOG_AUTHENTICATION=1 to see this on the console: – Starting with HCL Domino v12 the new default is → AES-GCM 256Bit • Best practice settings for port encryption on Domino server >= 9.0.1 Fix Pack 7 – notes.ini → PORT_ENC_ADV=84 (AES-GCM 128Bit) • See the following Technote for details and read before you use the parameter: – https://help.hcltechsw.com/domino/11.0.1/admin/conf_port_enc_adv_r.html
2. DSSF – Take care about webadmin.nsf • You can either – Remove the webadmin.nsf from all your servers OR – You must take care of the ACL • This DB will no longer be distributed with Domino v12 and higher
2. DSSF – ACL (Anonymous & -Default- entries) • ACL (Access Control List) – -Default- access will be granted/used for every authenticated user which is not part of ACL (either directly or using a group or wildcard entry) – Anonymous access will be granted/used for every non-authenticated user (web access) – If there is no Anonymous entry in the ACL, Domino will automatically use the -Default- entry for non- authenticated users – See the following two links to get more information: https://help.hcltechsw.com/domino/11.0.0/conf_anonymousinternetintranetaccess_c.html https://help.hcltechsw.com/domino/11.0.0/conf_validationandauthenticationforinternetintranetclien_c.ht ml?hl=anonymous%2Cacl
2. DSSF – ACL (Anonymous & -Default- entries) (cont.)
2. DSSF – Server Document → Internet Ports • Be aware of open and non-used ports (disable them) – Example: If you don’t want to use the HTTP/LDAP/SMTP/IMAP/POP3/DIIOP service on a server, ensure that those ports are disabled in the Server Document(s)
2. DSSF – Server Document → Internet Ports (cont.)
2. DSSF – SSL/TLS (X.509) is not optional! • Ensure that you always use secured connections from/to your Domino Servers (including internal connections) – The following link will help you to set up SSL on Domino servers: https://help.hcltechsw.com/domino/11.0.1/admin/conf_settingupsslonadominoserver_t.html
2. DSSF – SSL/TLS (X.509) is not optional! (cont.)
POLL Do/Would you use encrypted databases on your Domino Servers?
Make Your Data Work For You 3. SMTP Security Settings (quick and dirty faultless)
3. SMTP Security Settings (quick and dirty faultless) a) SMTP Port settings (Server document) – Inbound → only “Enabled” – Outbound → “Enabled” & “Negotiated TLS/SSL”
3. SMTP Security Settings (quick and dirty faultless) (cont.) b) SMTP Port settings (Configuration document) - Inbound − Inbound → “TLS/SSL negotiated over TCP/IP port” → “Enabled”
3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Relay security (Configuration document)
3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Inbound security (Configuration document)
3. SMTP Security Settings (quick and dirty faultless) (cont.) • What about non-encrypted connections (outbound only)? – You can configure fallback to non-TLS using the following notes.ini entry: RouterFallbackNonTLS=1 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0079251 • Verify if sender == authenticated user (optional) – You can configure this using the following notes.ini entry: SMTPVerifyAuthenticatedSender=1 https://ds_infolib.hcltechsw.com/ldd/dominowiki.nsf/dx/SMTPVerifyAuthenticatedSender
Make Your Data Work For You 4. Bonus: HTTP Security or how to get an A+ rating
4. Bonus: HTTP Security or how to get an A+ rating
4. Bonus: HTTP Security or how to get an A+ rating (cont.) a) Always use the latest available version of Domino (incl. FPs) – Domino 11.0.1 FP3 – Domino 10.0.1 FP6 – Domino 9.0.1 FP10 IF6 b) Disable outdated SSL/TLS protocols using the following notes.ini entries: – SSL_Disable_TLS10=1 → TLS 1.0 will automatically give you a B rating (since Jan. 2020) – DISABLE_SSLV3=1 → this should not be needed any longer, since SSL v3 should be disabled by default
4. Bonus: HTTP Security or how to get an A+ rating (cont.) c) Select only the modern SSL ciphers (see screenshot) in your – Server Document(s) – Web Site Document(s)
4. Bonus: HTTP Security or how to get an A+ rating (cont.) d) Configure the HTTP Strict Transport Security (HSTS) using the following notes.ini entries (or using Web Site Document if used): – HTTP_HSTS_INCLUDE_SUBDOMAINS=1 – HTTP_HSTS_MAX_AGE=31536000 See here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0074868
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Q & A
Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Q & A

Recommended

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdfDe05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdfpanagenda
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...panagenda
 
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...panagenda
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 

Recommended

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdfDe05_panagenda_Prepare-Applications-for-64-bit-Clients.pdf
De05_panagenda_Prepare-Applications-for-64-bit-Clients.pdfpanagenda
 
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...
Co01_panagenda_NotesDomino-Licensing-Understand-and-Optimize-DLAU-results-wit...panagenda
 
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...
Ad01_Navigating-HCL-Notes-14-Upgrades_A-Comprehensive-Guide-for-Conquering-Ch...panagenda
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulpanagenda
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clientspanagenda
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14panagenda
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenpanagenda
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Zpanagenda
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothlypanagenda
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Webpanagenda
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomadpanagenda
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftpanagenda
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltagpanagenda
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomadpanagenda
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenpanagenda
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshootingpanagenda
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummiespanagenda
 
HCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for DummiesHCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
 
The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?panagenda
 
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe NotAre Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Notpanagenda
 
All You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit ClientsAll You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit Clientspanagenda
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenpanagenda
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

More Related Content

More from panagenda

Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulpanagenda
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clientspanagenda
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14panagenda
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenpanagenda
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Zpanagenda
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothlypanagenda
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Webpanagenda
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratorenpanagenda
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomadpanagenda
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftpanagenda
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltagpanagenda
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomadpanagenda
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenpanagenda
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshootingpanagenda
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummiespanagenda
 
HCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for DummiesHCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for Dummiespanagenda
 
The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?panagenda
 
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe NotAre Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Notpanagenda
 
All You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit ClientsAll You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit Clientspanagenda
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenpanagenda
 

More from panagenda (20)

Why you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successfulWhy you need monitoring to keep your Microsoft 365 journey successful
Why you need monitoring to keep your Microsoft 365 journey successful
 
Developer Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit ClientsDeveloper Special: How to Prepare Applications for Notes 64-bit Clients
Developer Special: How to Prepare Applications for Notes 64-bit Clients
 
Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14Everything You Need to Know About HCL Notes 14
Everything You Need to Know About HCL Notes 14
 
Alles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssenAlles was Sie über HCL Notes 14 wissen müssen
Alles was Sie über HCL Notes 14 wissen müssen
 
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis ZWorkshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
Workshop: HCL Notes 14 Upgrades einfach gemacht – von A bis Z
 
How to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades SmoothlyHow to Perform HCL Notes 14 Upgrades Smoothly
How to Perform HCL Notes 14 Upgrades Smoothly
 
The Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad WebThe Ultimate Administrator’s Guide to HCL Nomad Web
The Ultimate Administrator’s Guide to HCL Nomad Web
 
Die ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web AdministratorenDie ultimative Anleitung für HCL Nomad Web Administratoren
Die ultimative Anleitung für HCL Nomad Web Administratoren
 
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
 
Wie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafftWie man HCL Nomad eine moderne User Experience verschafft
Wie man HCL Nomad eine moderne User Experience verschafft
 
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden ArbeitsalltagIm Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
Im Praxistest – Microsoft Teams Performance im hybriden Arbeitsalltag
 
Hybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and NomadHybrid Environments and What They Mean for HCL Notes and Nomad
Hybrid Environments and What They Mean for HCL Notes and Nomad
 
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeutenHybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
Hybride Umgebungen und was sie für HCL Notes und Nomad bedeuten
 
MVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams TroubleshootingMVP vs. MCM: Microsoft Teams Troubleshooting
MVP vs. MCM: Microsoft Teams Troubleshooting
 
HCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für DummiesHCL Notes und Nomad Fehlerbehebung für Dummies
HCL Notes und Nomad Fehlerbehebung für Dummies
 
HCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for DummiesHCL Notes and Nomad Troubleshooting for Dummies
HCL Notes and Nomad Troubleshooting for Dummies
 
The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?The CEO is Having MS Teams Call Quality Issues! Now What?
The CEO is Having MS Teams Call Quality Issues! Now What?
 
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe NotAre Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
Are Those End-User Hardware Upgrades Necessary Right Now? Maybe Not
 
All You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit ClientsAll You Need to Know About HCL Notes 64-Bit Clients
All You Need to Know About HCL Notes 64-Bit Clients
 
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessenAlles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
Alles, was Sie ueber HCL Notes 64-Bit Clients wissen muessen
 

Recently uploaded

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 

Recently uploaded (20)

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 

Best Practices for HCL Notes/Domino Security. Part 2: The Domino Server

  • 1. Make Your Data Work For You Best Practices for HCL Notes/Domino Security Part 2: The Domino Server 20th April 2021
  • 2. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Speakers
  • 3. Agenda 1. Staying current with (security) updates 2. Domino Server Security Fundamentals (DSSF) 3. SMTP Security Settings (quick and dirty faultless) 4. Bonus: HTTP Security or how to get an A+ rating
  • 4. Make Your Data Work For You 1. Staying current with (security) updates
  • 5. 1. Staying current with (security) updates • Current available and supported releases – Domino 11.0.1 FP3 (April 2021) • No EOL defined yet – Domino 10.0.1 FP6 (September 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697 – Domino 9.0.1 FP10 IF6 (August 2020) • No EOL defined yet, BUT “Support Update - List of Exceptions Starting 12/31/2021” here https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085697
  • 6.
  • 7. 1. Staying current with (security) updates (cont.) • Fixes in HCL Notes/Domino 11.0.1 – Fix Pack 1 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0081088 – Fix Pack 2 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085207 – Fix Pack 3 • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089555
  • 8. 1. Staying current with (security) updates (cont.) • System requirements for Domino 11.0.1 FP3 (OS) – Microsoft Windows • Windows Server 2012 R2 - 2019 – Linux • Red Hat Enterprise Linux (RHEL) Server 7.4+ & 8.x • SUSE Linux Enterprise Server (SLES) 12.0+ & 15.0+ • CentOS Server 7.4+ (EOL - 2024-06-30) & 8.x (EOL - 2021-12-21) – IBM AIX • AIX 7.2 TL1+ – IBMi • IBM i v7 r2, r3 & r4 (on IBM Power 8 & 9) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077033
  • 9. Make Your Data Work For You 2. Domino Server Security Fundamentals (DSSF)
  • 10. 2. DSSF - Secure client-server communication • NRPC port settings – NRPC = Notes remote procedure call – Port 1352 – Port settings in notes.ini • Ports=TCPIP • TCPIP = TCP,0,15,0,,45056, → with encryption only • TCPIP = TCP,0,15,0,,45088, → with encryption & compression • TCPIP = TCP,0,15,0,,12288, → DEFAULT - without encryption & compression
  • 11. 2. DSSF - Secure client-server communication (cont.) • Legacy/Default port encryption for Notes/Domino (up to 11.0.1) – RC4 128Bit (Rivest Cipher 4) – Use notes.ini entry LOG_AUTHENTICATION=1 to see this on the console: – Starting with HCL Domino v12 the new default is → AES-GCM 256Bit • Best practice settings for port encryption on Domino server >= 9.0.1 Fix Pack 7 – notes.ini → PORT_ENC_ADV=84 (AES-GCM 128Bit) • See the following Technote for details and read before you use the parameter: – https://help.hcltechsw.com/domino/11.0.1/admin/conf_port_enc_adv_r.html
  • 12. 2. DSSF – Take care about webadmin.nsf • You can either – Remove the webadmin.nsf from all your servers OR – You must take care of the ACL • This DB will no longer be distributed with Domino v12 and higher
  • 13. 2. DSSF – ACL (Anonymous & -Default- entries) • ACL (Access Control List) – -Default- access will be granted/used for every authenticated user which is not part of ACL (either directly or using a group or wildcard entry) – Anonymous access will be granted/used for every non-authenticated user (web access) – If there is no Anonymous entry in the ACL, Domino will automatically use the -Default- entry for non- authenticated users – See the following two links to get more information: https://help.hcltechsw.com/domino/11.0.0/conf_anonymousinternetintranetaccess_c.html https://help.hcltechsw.com/domino/11.0.0/conf_validationandauthenticationforinternetintranetclien_c.ht ml?hl=anonymous%2Cacl
  • 14. 2. DSSF – ACL (Anonymous & -Default- entries) (cont.)
  • 15. 2. DSSF – Server Document → Internet Ports • Be aware of open and non-used ports (disable them) – Example: If you don’t want to use the HTTP/LDAP/SMTP/IMAP/POP3/DIIOP service on a server, ensure that those ports are disabled in the Server Document(s)
  • 16. 2. DSSF – Server Document → Internet Ports (cont.)
  • 17. 2. DSSF – SSL/TLS (X.509) is not optional! • Ensure that you always use secured connections from/to your Domino Servers (including internal connections) – The following link will help you to set up SSL on Domino servers: https://help.hcltechsw.com/domino/11.0.1/admin/conf_settingupsslonadominoserver_t.html
  • 18. 2. DSSF – SSL/TLS (X.509) is not optional! (cont.)
  • 19. POLL Do/Would you use encrypted databases on your Domino Servers?
  • 20. Make Your Data Work For You 3. SMTP Security Settings (quick and dirty faultless)
  • 21. 3. SMTP Security Settings (quick and dirty faultless) a) SMTP Port settings (Server document) – Inbound → only “Enabled” – Outbound → “Enabled” & “Negotiated TLS/SSL”
  • 22. 3. SMTP Security Settings (quick and dirty faultless) (cont.) b) SMTP Port settings (Configuration document) - Inbound − Inbound → “TLS/SSL negotiated over TCP/IP port” → “Enabled”
  • 23. 3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Relay security (Configuration document)
  • 24. 3. SMTP Security Settings (quick and dirty faultless) (cont.) c) SMTP Inbound security (Configuration document)
  • 25. 3. SMTP Security Settings (quick and dirty faultless) (cont.) • What about non-encrypted connections (outbound only)? – You can configure fallback to non-TLS using the following notes.ini entry: RouterFallbackNonTLS=1 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0079251 • Verify if sender == authenticated user (optional) – You can configure this using the following notes.ini entry: SMTPVerifyAuthenticatedSender=1 https://ds_infolib.hcltechsw.com/ldd/dominowiki.nsf/dx/SMTPVerifyAuthenticatedSender
  • 26. Make Your Data Work For You 4. Bonus: HTTP Security or how to get an A+ rating
  • 27. 4. Bonus: HTTP Security or how to get an A+ rating
  • 28. 4. Bonus: HTTP Security or how to get an A+ rating (cont.) a) Always use the latest available version of Domino (incl. FPs) – Domino 11.0.1 FP3 – Domino 10.0.1 FP6 – Domino 9.0.1 FP10 IF6 b) Disable outdated SSL/TLS protocols using the following notes.ini entries: – SSL_Disable_TLS10=1 → TLS 1.0 will automatically give you a B rating (since Jan. 2020) – DISABLE_SSLV3=1 → this should not be needed any longer, since SSL v3 should be disabled by default
  • 29. 4. Bonus: HTTP Security or how to get an A+ rating (cont.) c) Select only the modern SSL ciphers (see screenshot) in your – Server Document(s) – Web Site Document(s)
  • 30. 4. Bonus: HTTP Security or how to get an A+ rating (cont.) d) Configure the HTTP Strict Transport Security (HSTS) using the following notes.ini entries (or using Web Site Document if used): – HTTP_HSTS_INCLUDE_SUBDOMAINS=1 – HTTP_HSTS_MAX_AGE=31536000 See here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0074868
  • 31. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Q & A
  • 32. Daniel Klas @panagenda Inbound Marketing Coordinator panagenda Christoph Adler @cadler80 Senior Consultant panagenda Join the conversation using #NotesDominoSecurity & @panagenda Q & A