Recommendations on protecting a Microsoft 2003 server with Lotus Domino 6.5
Application security, Compliance, CRM, Database, Desktops, Disaster Recovery, Encryption, Exchange, Firewalls, Forensics, Incident response, Instant Messaging, Intrusion management, Lotus Domino, Management, Microsoft Windows, Network security, OS, Policies, Risk management, Secure Coding, Security, Security Program Management, Servers, SQL Server, VPN, Wireless
I need advice on where I can find information on how to secure a Domino web server on the internet. We are running on a Windows 2003 server.
Is there a checklist or script I can work through to lock down my Domino configurations?
Is there some way to know what I can uninstall or remove from the Microsoft server to secure it from unauthorized use?
Advice or references would be greatly appreciated.
Jim
Software/Hardware used:
Software/Hardware used:
ASKED:
October 26, 2005 10:45 PM
UPDATED:
October 31, 2005 12:03 AM
Answer Wiki:
Hi Jim!!
Refer to the following article:
http://www-128.ibm.com/developerworks/lotus/library/dominowebserver-security/
It will help you.
Regards,
Nilesh Roy.
To see all answers submitted to the Answer Wiki: View Answer History.
There are check lists for windows security however you need to be careful, because no checklist works for everyone.
here is the link to microsfts own hardening IIS documentation.
http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx
the best resource for securing windows though is the SANS reading room.
http://www.sans.org/rr
hi
securing a 2000 box or even 2003 was not easy
even though 2003 comes with a different concept (out of the box) that everything is closed except what you open yourself
you can fins on the site pages and pages of hardening manuals….
but very suprising microsoft has released a SP1 for 2003 which has a hardening work flow (as we say “wizard”) making it very easy
i think you should split in your mind to 2 questions:
a. hardening the 2003 box
b. attend vulnerabilities of lotus domino 6.5
in respect to a – try and use 2003 SP1
in respect to b – just keep an eye on vulnerabilities on the internet for lotus domino, and keep you sofware updated at all times
thanks
moti
On the Windows 2003 front – the security checklists are really useful, but as bouncybrit said, don’t just assume that you should implement every setting.
Some of the recommended security settings can cause application issues (says the voice of bitter experience!) so you shouldn’t just apply Microsoft’s security templates out of the box. We usually look at the template settings and apply them a few at a time, testing in between, then create our own template from the test machine.
I’ve always liked the idea of getting an independant view of setting up the product. Here is a good ‘free’ benchmarking tool that allows you to see where problems with your setup may exist. http://www.cisecurity.org/ The have a benchmarking tool for just about every OS in wide use.
Peace
“He that would make his own liberty secure must guard even his enemy from oppression;
for if he violates this duty he establishes a precedent that will reach to himself.” –Thomas Paine
I’ll second secGeek’s recommendation for cisecurity.org.
I’m a member, and have helped some of the standards development. I’ve also used their tools in multiple instances. Good stuff, and the price is right – as long as you don’t re-distribute.
Bob