Solved

Securing names.nsf over internet

Posted on 2004-09-28
8
1,583 Views
Last Modified: 2013-12-18
I'm using Notes webmail over the internet. I've noticed that if I explicitly point to the dominoaddress book <http://mailserver/names.nsf> I can access the names.nsf without having to authenticate.

I've compared my ACL with another internet domino server (which prompts for authentication if I try to access the names.nsf) and the acl settings appear similar ie default access is reader and max. internet user access is 'author'

Is there some other parameter besides the ACL that I need to modify in order to secure my address book?
0
Comment
Question by:isltt
8 Comments
 
LVL 46

Assisted Solution

by:Sjef Bosman
Sjef Bosman earned 100 total points
ID: 12171038
This is prolly an R5 server. R6 will by default protect a lot more.

You need to set Anonymous to No Access in the ACL. That'll do. Check for the real differences between the two databases.
0
 
LVL 9

Assisted Solution

by:HappyFunBall
HappyFunBall earned 150 total points
ID: 12171044
Your ACL settings should be more secured.

Set both your default and anonymous user access to NO ACCESS immediately
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 12172249
Umm, -Default- should NOT be No Access, because that will lock out regular Notes users as well.  If this server is the internal user's mail (or application) server, or the names.nsf on this server replicates with the names.nsf for the mail (or applications) server, then -Default- would normally be Author, or perhaps Reader.

If you are afraid to allow any access under -Default-, then what you need to do is add a mixed group named */CERTNAME with Author (or Reader) access, where CERTNAME is the name of the root Notes certifier that you use.  If you have flat names, you can't do that, and if you have multiple root certifiers, you will need to put each in this way.  Then, you will need to make sure that internet-only users who authenticate but should not have access to names.nsf are registered without the /CERTNAME as their names.
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 1

Assisted Solution

by:schubemk
schubemk earned 150 total points
ID: 12172988
Check your ACL for a user called "Anonymous".  He should be set to "No Access" on names.nsf.  If he's not there, add him.   Also make sure that entry is in log.nsf.  When we do security audits, the next place we go after names.nsf to harvest user names, database names, and server names  is log.nsf.
0
 
LVL 9

Expert Comment

by:HappyFunBall
ID: 12173112
Qwaletee -

Setting -Default- to "No Access" prevents anyone not explicitly included in the ACL from accessing the database.  It doesn't "lock out regular Notes users".  If you then give a group of all company users "Reader" access, you'll be fine.
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12173253
I have two recommendations (one worth one cent exactly)

(1) Anonymous
     (a) If you don't already have it, add it.
     (b) Set it to 'No access'
          There is a complete logic behind it. I can explain.

(2) Set the maximum Internet access to 'Read', untill you want your authenticated people to make changes to it from over Internet (a less common scenario).
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12173275
Oh, a lot has been said already :)
0
 
LVL 19

Accepted Solution

by:
RanjeetRain earned 100 total points
ID: 12173440
May be you can read this and you would come to know most of the things you should do.

http://www-10.lotus.com/ldd/lbytes.nsf/0/f668d51aaa7db800852568480071482f?OpenDocument#Controlling%20Access%20to%20the%20Web%20Ser
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question