Lotus Notes Incident Response

pts.
Tags:
backdoors
Current threats
Firewalls
Forensics
Hacking
human factors
Incident response
Intrusion management
Lotus Domino
Network security
Spyware
Trojans
Viruses
VPN
Wireless
worms
Hi, I should start by saying that I come from an Exchange background so the Lotus email environment is still a bit new to me...but I've been tasked to put together a checklist for Lotus Notes Incident Response and am wondering if anyone is willing to share incident response guidelines or recommendations for reviewing a Lotus Notes/Domino server? For example, what type of log files or database files to preserve during incident response to a lotus notes server attack or unverified intrusion? (domlog.nsf, etc ?) Thanx

Answer Wiki

Thanks. We'll let you know when a new response is added.

There are five files (other than databases) four that are critical and one that is highly desired to the individual server admin and should be backed up daily and secured close tot eh server should need arise to restore a server or otherwise make a critic response at the console.

File names below are generic but should help you find the files in your server(s).
Critical:
notes.ini, servername.id, log.nsf, names.nsf

desired:
desktop.dsk

If you keep current copies of these files close to the server, the server itself will be quickly restored. However, the databases themselves could fall victim to attack and can be very messy as well especially of there is alot of replication in your environment.

HTH

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following