Date post: | 21-Jan-2018 |
Category: |
Software |
Upload: | bcc-solutions-for-ibm-collaboration-software |
View: | 75 times |
Download: | 1 times |
Protect your IBM Domino data from leaks with BCC DominoProtect
E-Mail: [email protected] Web: www.bcchub.com
Tel.: +44 20 3290 9224 Fax: +44 20 7100 3714
Becket House, 36 Old Jewry London EC2R 8DD
BCC Business Collaboration Company Ltd
Webinar 26th January 2017
@BCC_Ltd #BCCWebinar
Protect your IBM Domino data from leaks
with
Protect your IBM Domino data from leaks with BCC DominoProtect
Introduction
Tim Clark • Director of Services & Support • Working with Notes/Domino
since 1994 • Consultant, Project Manager • IBM Champion 2013-2017 • @TimsterC
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Housekeeping • Protect the server ID
Fort Knox without backdoors • Protect the ID Vault
God mode trap • Protect against misuse of Full Access Administration
Stealth mode trap • Prevent & track unauthorised changes in real time
Who let the dogs out? • Logging and rollback
Questions
Agenda
Protect your IBM Domino data from leaks with BCC DominoProtect
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Founded in 1996
IBM Business Partner
Locations: Frankfurt (HQ), London & Boston
800+ customers
Protect your IBM Domino data from leaks with BCC DominoProtect
BCC Solutions
Protect your IBM Domino data from leaks with BCC DominoProtect
Does anyone else feel like this?
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Housekeeping • Protect the server ID
Fort Knox without backdoors • Protect the ID Vault
God mode trap • Protect against misuse of Full Access Administration
Stealth mode trap • Prevent & track unauthorised changes in real time
Who let the dogs out? • Logging and rollback
Questions
Agenda
Protect your IBM Domino data from leaks with BCC DominoProtect
Protect your IBM Domino data from leaks with BCC DominoProtect
Why Protect the Server ID? YES, it makes it easy to reboot the server! But it IS a dangerous practice to not password protect the Server ID An unsecured Server ID is your WEAK SPOT!
But you don’t have to take our word for it…
Protect your IBM Domino data from leaks with BCC DominoProtect
IBM Says So… “We understand that most Domino servers are not password-protected to make unattended reboots simpler, but the vault server's ID file is a key element in the security of your ID vault” “..a sophisticated attacker with a vault database and one of the corresponding server IDs...would have all of the cryptographic information needed to masquerade as the vault server and decrypt all of the ID files stored in the vault” http://www-10.lotus.com/ldd/dominowiki.nsf/dx/securing-your-notes-id-vault-server
Protect your IBM Domino data from leaks with BCC DominoProtect
Paul Mooney Says So…
https://twitter.com/SandraCH/status/428268770793381888
Protect your IBM Domino data from leaks with BCC DominoProtect
BCC DominoProtect Protect the Server ID with password(s)
• Assign a random password to the server ID • Assign multiple passwords fulfilling the “two man rule” • DominoProtect provides the password at startup • Facilitates automatic server restart
Protect your IBM Domino data from leaks with BCC DominoProtect
Demo
Protect the server ID
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Housekeeping • Protect the server ID
Fort Knox without backdoors • Protect the ID Vault
God mode trap • Protect against misuse of Full Access Administration
Stealth mode trap • Prevent & track unauthorised changes in real time
Who let the dogs out? • Logging and rollback
Questions
Agenda
Protect your IBM Domino data from leaks with BCC DominoProtect
Protect your IBM Domino data from leaks with BCC DominoProtect
ID Vault: Why secure the ACL?
Change ACL? • Full Access Admins are able
to do this • Server based Script Agents
Preventing unwanted changes in ID Vault is mandatory!
Anyone with Role Auditor & AdminClient is able to download ID Files from ID Vault
Protect your IBM Domino data from leaks with BCC DominoProtect
BCC DominoProtect Protect ACL
• Prevent ACL Change • Track ACL Changes • Change request via approval workflow
Protect your IBM Domino data from leaks with BCC DominoProtect
Demo
Protect the ID Vault
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Housekeeping • Protect the server ID
Fort Knox without backdoors • Protect the ID Vault
God mode trap • Protect against misuse of Full Access Administration
Stealth mode trap • Prevent & track unauthorised changes in real time
Who let the dogs out? • Logging and rollback
Questions
Agenda
Protect your IBM Domino data from leaks with BCC DominoProtect
Protect your IBM Domino data from leaks with BCC DominoProtect
Full Access Administration Can be used to bypass many IBM Domino restrictions Directly update ACLs Access sensitive data Change configuration documents in the Domino Directory
Protect your IBM Domino data from leaks with BCC DominoProtect
BCC DominoProtect Disable Full Access Administration
• Via the licence Field level document security
• Protect specific fields in a document • Manager, Designer or Editor is not allowed to change secured fields
Change Management • Request workflows for controlled changes
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Housekeeping • Protect the server ID
Fort Knox without backdoors • Protect the ID Vault
God mode trap • Protect against misuse of Full Access Administration
Stealth mode trap • Prevent & track unauthorised changes in real time
Who let the dogs out? • Logging and rollback
Questions
Agenda
Protect your IBM Domino data from leaks with BCC DominoProtect
Protect your IBM Domino data from leaks with BCC DominoProtect
Real time tracking & prevention Domino logging out of the box is quite basic Someone with malicious intent could
• Add their name to a group • Access sensitive data • Make changes to the data • Remove themselves from the group
Protect your IBM Domino data from leaks with BCC DominoProtect
BCC DominoProtect Protect against unauthorised changes
• Track access to document • Track modification • Prevent modification or deletion • Trigger an email notification • Start an approval workflow
Protect your IBM Domino data from leaks with BCC DominoProtect
Demo
Protect against misuse of Full Access Administration Prevent & track unauthorised changes in real time
Protect your IBM Domino data from leaks with BCC DominoProtect
About BCC
Housekeeping • Protect the server ID
Fort Knox without backdoors • Protect the ID Vault
God mode trap • Protect against misuse of Full Access Administration
Stealth mode trap • Protect against unauthorised changes in real time
Who let the dogs out? • Logging and rollback
Questions
Agenda
Protect your IBM Domino data from leaks with BCC DominoProtect
Protect your IBM Domino data from leaks with BCC DominoProtect
Logging and Rollback Changes made by an interim admin Changes made by mistake Not easy to track Reversing the changes a considerable drain on admin time and resources Systems need to be up and running quickly
Protect your IBM Domino data from leaks with BCC DominoProtect
BCC DominoProtect Change Management
• Request workflows for controlled changes • Automated change history and roll back
Detailed monitoring and logging • Automatic audit proof documentation of all actions related to
protected elements
Protect your IBM Domino data from leaks with BCC DominoProtect
Demo
Logging and rollback
Protect your IBM Domino data from leaks with BCC DominoProtect
Demo: Log shows that a request has been received and forwarded to the approvers
Protect your IBM Domino data from leaks with BCC DominoProtect
Demo: Change request was accepted & the change made in the Domino Directory. It also records old and new values of the field for audit purposes
Protect your IBM Domino data from leaks with BCC DominoProtect
In summary An essential extra layer of security for IBM Domino Prevent and track changes in real time Protect server IDs with password and start servers
unattended Safeguard and secure ID Vault & Domino Directory Prevent misuse of Full Access Admin Facilitates implementing a “two man rule” via approval
workflow One click Rollback and recovery Ensure compliance for corporate governance and legal
regulations
Protect your IBM Domino data from leaks with BCC DominoProtect
Tim Clark • [email protected] • @TimsterC
BCC • www.bcchub.com • @BCC_Ltd
It’s a wrap!
Thank You!