S 4.116 Secure installation of Lotus Notes

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrator

Already during the process of installing a Lotus Domino system, some security-relevant aspects must be considered. Usually a standard installation will not be sufficient for the security requirements, so that the installation process cannot be regarded as complete until directly after the software installation the software is securely configured. The following steps must be carried out during or directly after installation.

During installation:

• Three important Notes IDs are created: the certifier ID (file "cert.id"), the server ID (file "server.id") and the Administrator ID (file "user.id"). Appropriate passwords must be specified for all Notes IDs. The Notes IDs should not be stored in the Name and Address Book, but in files which are held protected.

• Lotus Notes offers the option of setting up an additional Access Control List (ACL) entry for databases for the "Anonymous" group with access level "No Access". If this entry is missing, then generally the "-Default-" entry will be used instead. This option should therefore be used in order to be able to register explicit access rights for anonymous users for all databases.

After installation:

• The certifier ID should be given a multiple password so that the ID can only be used applying the two-person rule. High quality passwords should be used. At least one copy of the certifier ID with the associated passwords should be held in a secure place.

1. The password-protected copy of the server ID should be held with the associated password in a secure location. If Domino Server is automatically booted up, the password of the server ID must be removed (password length needs to be set to "0"). The "server.id" file, which is generally stored in the "data" directory of the server, must be protected with appropriate file access rights against unauthorised access. The file must not be held in a directory with a network share.

• For all directories and files in the Domino system access restrictions should be configured so that only authorised Administrators can access files directly at operating system level.

• Access to the server should be restricted so that only the Administrators entrusted with configuration of the server can access it (see S 4.119 Instituting restrictions on access to Lotus Notes servers).

• The ACL settings must be checked for all databases. All entries in the ACL need to be checked here, especially the "-Default-" authorisation (see S 4.120 Configuration of access control lists for Lotus Notes databases).

For every Domino Server module used steps must be taken to ensure that no unauthorised access is possible during or after installation until the configuration work has been finished and secure operation can be guaranteed (on this point see also S 4.117 Secure configuration of a Lotus Notes server).

The installation of all Domino Server modules must be documented, especially the configuration of the databases and system files.

Additional controls:

• Are all the parameters that will be needed during the installation known prior to the installation?

• Are the tasks that need to be carried out after installation known?

• Have the installation, creation and configuration of the database and system files been documented?