Solved

Encrypting Notes ID password

Posted on 2004-08-25
6
211 Views
Last Modified: 2013-12-18
Is there a way to encrypt the Notes ID password? I'd like to prevent someone with a packet sniffer from 'collecting' my Notes users passwords.

also, how can I do same with Domino webmail?...would https help here?
0
Comment
Question by:isltt
6 Comments
 
LVL 19

Expert Comment

by:madheeswar
ID: 11899661
you mean hackers can hack user name and passwords from Domino Directory?

Then hide ($Users) view in Domino Directory(names.nsf).

And use high security pwds.
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 500 total points
ID: 11899833
1. the Notes ID password is encrypted, and is not sent over the wire to the server.  You effectively authenticate against the id file (password is not stored on the server).
2. for the Web password, there is a different story :

- since you do send the password over the wire, it's best to use SSL.  Passwords will not be sniffed then.  You should make your users login to an ssl-enabled database, and also use ssl to access their mailfiles (webmail/inotes)
- since the default encryption on the password field is rather bad (easily crackable using a dictonary attack), you should use the "More secure password format".  Set this in the Directory Profile (in  the names.nsf).  
- it stays vital that you protect your names.nsf : only allow (at max) author access to your own people within your organization (so they can edit their own person document).  Default access should be 'no access', anonmymous access should be 'no access'.  Hiding the ($Users) view will not help, btw - there are enough other views.  
- Also watch out when using LDAP : make sure to protect what anonymous ldap queries can do, and consider using ssl here too.

cheers,

Tom

0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 11903451
>> Is there a way to encrypt the Notes ID password? I'd like to prevent someone with a packet sniffer from 'collecting' my Notes users passwords.
You don't need to. Notes doesn't send plain text passwords.

>> also, how can I do same with Domino webmail?...would https help here?
Use SSL. Easiest and the bestest method.

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 15

Expert Comment

by:Bozzie4
ID: 11910401
And also use session authentication - this also reduces the amount of username-password information sent over the wire.  If you enable SSL (you should) it's still possible you won't enable SSL on all databases.  And if you then switch to a now-ssl database, in basic authentication, your password is again sent as 'almost' clear text over the wire (it's not really clear, but the encryption is so weak everybody can break it)

cheers,

Tom
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 11932464
Hi Bozzie4,
> - Also watch out when using LDAP : make sure to protect what anonymous ldap queries can do, and consider
> using ssl here too.

The default does NOT allow anonymous access to HTTPPassword

Cheers!
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 11932674
Yep, that's true, but you still don't want to make all your usernames etc. public.

tnx

Tom
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now