S 2.492 Integration of the Lotus Notes/Domino environment into the existing security infrastructure
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Administrator
Lotus Notes/Domino provides proprietary security mechanisms and can be complemented by additional security components (e.g. anti-virus programs or spam filters specifically adapted for Lotus Notes/Domino). An organisation planning on using Lotus Notes/Domino for the first time (or planning an update of the Lotus Notes/Domino platform) must integrate the Lotus Notes/Domino security mechanisms into the existing security architecture in order to avoid "security islands".
First and foremost the security components used at the network transitions relevant for the Lotus Notes/Domino environment such as security gateways, content scanners and/or filters, and anti-virus programs require adaptation to the special requirements of the Lotus Domino protocols and services.
By the same token, the Lotus Notes/Domino security mechanisms can be used in order to adapt other security components and to close weaknesses of the perimeter security. Therefore, the interaction of the proprietary Lotus Notes/Domino security mechanisms with the existing security components must be planned before implementing or updating the platform.
Interaction of Lotus Notes/Domino with security gateways
Lotus Domino servers can be placed in a DMZ and protected accordingly by security gateways. Proper positioning of the individual Lotus Notes/Domino server components is part of the security architecture for the Lotus Notes/Domino environment.
Above all, already existing security components also used for the Lotus Notes/Domino environment require the conceptional regulation of the interaction of these components with Lotus Notes/Domino. In this, the technical requirements for the Lotus Notes/Domino services and the technical particularities of the protocols used by Lotus Notes/Domino (e.g. the existing or non-existent option of configuring the protocol for the use via a secure connection) must be taken into consideration.
Interaction of Lotus Notes/Domino with solutions against spam, content scanners/filters, and anti-virus programs
Security components for protecting the Lotus Domino web gateway and the malware protection of Lotus Notes/Domino specifically supporting the Lotus Notes/Domino platform should preferably be used. The solutions used against spam, content scanners, content filters, and malware protection must be adapted to the requirements of the Lotus Domino services and the used protocols.
Interaction of Lotus Notes/Domino with security components for centralised logging and automatic protocol analysis
Amongst other things, logging and protocol analysis on centralised systems offer protection against any manipulation of the proprietary Lotus Notes/Domino security logging function by users with high authorisations, administrators, or successful attackers. Therefore, continuously writing the contents of the security logs to a centralised environment protected against manipulation (e.g. a central logging server) constitutes an important measure against a host of threats, in particular caused by internal attackers with administrative privileges.
If centralised logging and evaluation systems (also called Security Information and Event Monitoring or shortly SIEM solutions) are used, it must be specified which part of the Lotus Notes/Domino logging function runs on these systems and what are the Lotus Notes/Domino-specific evaluation criteria.
Review questions:
- Were the security components used at the network transitions relevant for the Lotus Notes/Domino environment such as security gateways, content scanners and/or filters, and anti-virus programs adapted to the special requirements of the Lotus Domino protocols and services?