S 2.209 Planning the use of Lotus Notes in an intranet

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: IT Security Management, Administrator

Lotus Domino is primarily designed for use in an intranet, which is further supported through the integration of Internet technologies. If a Notes system is used, then an operational concept must be drawn up. Without a fixed concept, IT security cannot be guaranteed. When planning a Notes system the following factors must be considered from a security viewpoint:

• The security provisions to be implemented must be planned (see S 2.207 Defining security guidelines for Lotus Notes).

• The use of domains and the certificate hierarchy must be planned (see S 2.208 Planning of the domains and certificate hierarchy of Lotus Notes).

• The locations of the Notes servers must be specified. All Notes servers should be set up in server rooms. The appropriate safeguards are described in Section 4.3.2. Alternatively, if no server room is available, the Notes server can be set up in a server cabinet (see Section 4.4 "Protective Cabinets").

• As well as the Notes-specific security measures, the modules in Chapter 6 that apply to servers should also be implemented.

• The distribution of databases to servers must be planned. Load sharing should also be considered here, the starting point being the question of which clients access which server.

• Access to the server and any access restrictions that are necessary must be planned. Only privileges that are really needed should be granted.

• Control of access to the databases on a server must be planned: which users (or user groups) should access databases with which privileges?

• A Notes-specific group concept should be developed so as to enable group-based access control.

• A single Notes server is integrated into many applications (e.g. e-mail, news, Web) through the function modules available and can consequently play a central role in every system. However, this also makes a Notes server a critical resource. If such a server fails, then it is possible that all these applications could cease to function in whole or in part. The possibility of assigning dedicated roles to different Notes servers should therefore be considered.

• For every server it is necessary to specify which function modules are to be enabled. Any modules that are not necessary should be disabled.

• Every function module requires separate planning that considers integration into the local network (e.g. e-mail system with Domino Mail servers, Notes server as LDAP server or LDAP client, mixed news system with Notes NNTP servers and UNIX NNTP servers).

The security of the Notes system depends on many factors, the most important of which are:

• the security of each Notes server,

• the security of each of the Notes clients,

• the security of every communication link between Notes servers and clients.

Detailed safeguards for the protection of these main components will be found in the Notes-specific safeguards in safeguards catalogues 4 "Hardware/Software" and 5 "Communication".