Protect your IBM Domino data from leaks with BCC DominoProtect

Protect your IBM Domino data from leaks with BCC DominoProtect

E-Mail: [email protected] Web: www.bcchub.com

Tel.: +44 20 3290 9224 Fax: +44 20 7100 3714

Becket House, 36 Old Jewry London EC2R 8DD

BCC Business Collaboration Company Ltd

Webinar 26th January 2017

@BCC_Ltd #BCCWebinar

Protect your IBM Domino data from leaks

with


Introduction

  Tim Clark •  Director of Services & Support •  Working with Notes/Domino

since 1994 •  Consultant, Project Manager •  IBM Champion 2013-2017 •  @TimsterC


  About BCC

  Housekeeping •  Protect the server ID

  Fort Knox without backdoors •  Protect the ID Vault

  God mode trap •  Protect against misuse of Full Access Administration

  Stealth mode trap •  Prevent & track unauthorised changes in real time

  Who let the dogs out? •  Logging and rollback

  Questions

Agenda



About BCC

  Founded in 1996

  IBM Business Partner

  Locations: Frankfurt (HQ), London & Boston

  800+ customers


BCC Solutions


Does anyone else feel like this?


About BCC

  Housekeeping •  Protect the server ID

Fort Knox without backdoors •  Protect the ID Vault

God mode trap •  Protect against misuse of Full Access Administration

Stealth mode trap •  Prevent & track unauthorised changes in real time

Who let the dogs out? •  Logging and rollback

Questions

Agenda



Why Protect the Server ID?   YES, it makes it easy to reboot the server!   But it IS a dangerous practice to not password protect the Server ID   An unsecured Server ID is your WEAK SPOT!

  But you don’t have to take our word for it…


IBM Says So… “We understand that most Domino servers are not password-protected to make unattended reboots simpler, but the vault server's ID file is a key element in the security of your ID vault” “..a sophisticated attacker with a vault database and one of the corresponding server IDs...would have all of the cryptographic information needed to masquerade as the vault server and decrypt all of the ID files stored in the vault” http://www-10.lotus.com/ldd/dominowiki.nsf/dx/securing-your-notes-id-vault-server


Paul Mooney Says So…

https://twitter.com/SandraCH/status/428268770793381888


BCC DominoProtect   Protect the Server ID with password(s)

•  Assign a random password to the server ID •  Assign multiple passwords fulfilling the “two man rule” •  DominoProtect provides the password at startup •  Facilitates automatic server restart


Demo

Protect the server ID


About BCC

Housekeeping •  Protect the server ID

  Fort Knox without backdoors •  Protect the ID Vault




Questions

Agenda



ID Vault: Why secure the ACL?

Change ACL? • Full Access Admins are able

to do this • Server based Script Agents

Preventing unwanted changes in ID Vault is mandatory!

Anyone with Role Auditor & AdminClient is able to download ID Files from ID Vault


BCC DominoProtect   Protect ACL

•  Prevent ACL Change •  Track ACL Changes •  Change request via approval workflow


Demo

Protect the ID Vault


About BCC



  God mode trap •  Protect against misuse of Full Access Administration



Questions

Agenda



Full Access Administration   Can be used to bypass many IBM Domino restrictions   Directly update ACLs   Access sensitive data   Change configuration documents in the Domino Directory


BCC DominoProtect   Disable Full Access Administration

•  Via the licence   Field level document security

•  Protect specific fields in a document •  Manager, Designer or Editor is not allowed to change secured fields

  Change Management •  Request workflows for controlled changes


About BCC




  Stealth mode trap •  Prevent & track unauthorised changes in real time


Questions

Agenda



Real time tracking & prevention   Domino logging out of the box is quite basic   Someone with malicious intent could

•  Add their name to a group •  Access sensitive data •  Make changes to the data •  Remove themselves from the group


BCC DominoProtect   Protect against unauthorised changes

•  Track access to document •  Track modification •  Prevent modification or deletion •  Trigger an email notification •  Start an approval workflow


Demo

Protect against misuse of Full Access Administration Prevent & track unauthorised changes in real time


About BCC




Stealth mode trap •  Protect against unauthorised changes in real time

  Who let the dogs out? •  Logging and rollback

Questions

Agenda



Logging and Rollback   Changes made by an interim admin   Changes made by mistake   Not easy to track   Reversing the changes a considerable drain on admin time and resources   Systems need to be up and running quickly


BCC DominoProtect   Change Management

•  Request workflows for controlled changes •  Automated change history and roll back

  Detailed monitoring and logging •  Automatic audit proof documentation of all actions related to

protected elements


Demo

Logging and rollback


Demo: Log shows that a request has been received and forwarded to the approvers


Demo: Change request was accepted & the change made in the Domino Directory. It also records old and new values of the field for audit purposes


In summary   An essential extra layer of security for IBM Domino   Prevent and track changes in real time   Protect server IDs with password and start servers

unattended   Safeguard and secure ID Vault & Domino Directory   Prevent misuse of Full Access Admin   Facilitates implementing a “two man rule” via approval

workflow   One click Rollback and recovery   Ensure compliance for corporate governance and legal

regulations


  Tim Clark •  [email protected] •  @TimsterC

  BCC •  www.bcchub.com •  @BCC_Ltd

It’s a wrap!

Thank You!

Date post:	21-Jan-2018
Category:	Software
Upload:	bcc-solutions-for-ibm-collaboration-software
View:	75 times
Download:	1 times

Protect your IBM Domino data from leaks with BCC DominoProtect

Software