Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1673
  • Last Modified:

Securing names.nsf over internet

I'm using Notes webmail over the internet. I've noticed that if I explicitly point to the dominoaddress book <http://mailserver/names.nsf> I can access the names.nsf without having to authenticate.

I've compared my ACL with another internet domino server (which prompts for authentication if I try to access the names.nsf) and the acl settings appear similar ie default access is reader and max. internet user access is 'author'

Is there some other parameter besides the ACL that I need to modify in order to secure my address book?
0
isltt
Asked:
isltt
4 Solutions
 
Sjef BosmanGroupware ConsultantCommented:
This is prolly an R5 server. R6 will by default protect a lot more.

You need to set Anonymous to No Access in the ACL. That'll do. Check for the real differences between the two databases.
0
 
HappyFunBallCommented:
Your ACL settings should be more secured.

Set both your default and anonymous user access to NO ACCESS immediately
0
 
qwaleteeCommented:
Umm, -Default- should NOT be No Access, because that will lock out regular Notes users as well.  If this server is the internal user's mail (or application) server, or the names.nsf on this server replicates with the names.nsf for the mail (or applications) server, then -Default- would normally be Author, or perhaps Reader.

If you are afraid to allow any access under -Default-, then what you need to do is add a mixed group named */CERTNAME with Author (or Reader) access, where CERTNAME is the name of the root Notes certifier that you use.  If you have flat names, you can't do that, and if you have multiple root certifiers, you will need to put each in this way.  Then, you will need to make sure that internet-only users who authenticate but should not have access to names.nsf are registered without the /CERTNAME as their names.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
schubemkCommented:
Check your ACL for a user called "Anonymous".  He should be set to "No Access" on names.nsf.  If he's not there, add him.   Also make sure that entry is in log.nsf.  When we do security audits, the next place we go after names.nsf to harvest user names, database names, and server names  is log.nsf.
0
 
HappyFunBallCommented:
Qwaletee -

Setting -Default- to "No Access" prevents anyone not explicitly included in the ACL from accessing the database.  It doesn't "lock out regular Notes users".  If you then give a group of all company users "Reader" access, you'll be fine.
0
 
RanjeetRainCommented:
I have two recommendations (one worth one cent exactly)

(1) Anonymous
     (a) If you don't already have it, add it.
     (b) Set it to 'No access'
          There is a complete logic behind it. I can explain.

(2) Set the maximum Internet access to 'Read', untill you want your authenticated people to make changes to it from over Internet (a less common scenario).
0
 
RanjeetRainCommented:
Oh, a lot has been said already :)
0
 
RanjeetRainCommented:
May be you can read this and you would come to know most of the things you should do.

http://www-10.lotus.com/ldd/lbytes.nsf/0/f668d51aaa7db800852568480071482f?OpenDocument#Controlling%20Access%20to%20the%20Web%20Ser
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now