Lotus Notes Incident Response
backdoors, Current threats, Firewalls, Forensics, Hacking, human factors, Incident response, Intrusion management, Lotus Domino, Network security, Spyware, Trojans, Viruses, VPN, Wireless, worms
Hi,
I should start by saying that I come from an Exchange background so the Lotus email environment is still a bit new to me...but I've been tasked to put together a checklist for Lotus Notes Incident Response and am wondering if anyone is willing to share incident response guidelines or recommendations for reviewing a Lotus Notes/Domino server? For example, what type of log files or database files to preserve during incident response to a lotus notes server attack or unverified intrusion?
(domlog.nsf, etc ?)
Thanx
Software/Hardware used:
Software/Hardware used:
ASKED:
January 15, 2007 3:17 PM
UPDATED:
January 16, 2007 3:42 PM
Answer Wiki:
There are five files (other than databases) four that are critical and one that is highly desired to the individual server admin and should be backed up daily and secured close tot eh server should need arise to restore a server or otherwise make a critic response at the console.
File names below are generic but should help you find the files in your server(s).
Critical:
notes.ini, servername.id, log.nsf, names.nsf
desired:
desktop.dsk
If you keep current copies of these files close to the server, the server itself will be quickly restored. However, the databases themselves could fall victim to attack and can be very messy as well especially of there is alot of replication in your environment.
HTH
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
