J. Lotus Domino Servers Technical Specification

IBM Global Services ISCD Implementation Manual for Customer FIAT Group
J. Lotus Domino Servers Technical Specification

© Copyright IBM Corporation, 1997, 2007 - All Rights Reserved
Version 4.3.5 – November 15, 2007
Version - Release Levels:

 Lotus Notes/Domino Release 6.x, 7.x
 This Technical Specification does not cover Domino for Microsoft Internet Server
J.1 System Setup
J.1.1 Initial System Setup
J.1.1.1 System Settings
J.1.1.2 Network Settings
Note for
Setup or
Recommended
System Settings Description Agreed to Setting Health-
Setting
Checking
phase
Configuration: Restrict SMTP mail relaying from This field must list This field must list
Router/SMTP: external internet domains. those DNS domains those DNS domains
Restrictions and (example: (e.g. IBM.COM) for
Controls: SMTP For systems on the Internet which IBM.COM) for which which this server is to
Inbound have inbound SMTP mail this server is to receive SMTP mail.
Controls:Allow enabled, the SMTP Router must receive SMTP mail.
messages to be sent be configured to prohibit mail
only to the following coming from the Internet to be
external internet relayed back out to the internet.
domains This is not required for systems
on the Intranet
J.1.2 System Controls
J.1.2.1 Logging
Note for
Setup or
System Value/ Recommended
Description Agreed to Setting Health-
Parameter Setting
Checking
phase
Domino Server LOG
LOG.NSF Primary repository for logs generated by the Domino Server.
Retention of log  Data in Notes.ini Notes.ini parameter:
data log.nsf is by parameter: Log=log.nsf,LOG_OPTION,0,15,MAX
default kept Log=log.nsf,LOG_ SIZE
for only 7 OPTION,0,60,
days and must MAXSIZE Where:
be increased Where:  LOG_OPTION = 1 or 2 or 4
to 60 days.  LOG_OPTIO determined by administrator -this
 If due to N = 1 or 2 or 4 value is not security related.
storage determined by MAXSIZE = maximum size of log
Appendix J. Lotus Domino Servers for ISCD v4.0 Page 1 / 19

Note for
Setup or
Parameter Setting
Checking
phase
limitations the administrator
required -this value is
duration of not security
logs cannot be related.
kept on the  MAXSIZE =
system it is maximum size
permissible to of log
archive them.
Log_Sessions Log all client In file: notes.ini: In file: notes.ini: Log_Sessions=1
events into log.nsf Log_Sessions=1
Call Logging Log phone calls Only required if Only required if the server has a
for the server. the server has a modem configure to be used in an IES
modem configure gateway
to be used in an Notes.ini parameter: PhoneLog=1 (a
IES gateway value of 2 is also allowed)
Notes.ini
parameter:
PhoneLog=1 (a
value of 2 is also
allowed)
HTTP Web Server Log - This section required only if HTTP is enabled
If the server Logging of HTTP One or both of the One or both of the following options
permits access via activities following options must be set to ENABLED
HTTP must be set to 3. Server document: Internet
ENABLED Protocols: HTTP: Enable Logging
1. Server To: Log files:
document: Server document: Internet Protocols:
Internet HTTP: Enable Logging To:
Protocols: DomLog.nsf
HTTP: Enable
Logging To:
Log files:
2. Server
document:
Internet
Protocols:
HTTP: Enable
Logging To:
DomLog.nsf
DOMLOG.NSF Domino servers Log data must be Log data must be retained for 15 days
running the HTTP retained for 60
service log HTTP days
activity in the
DOMLOG.NSF
database. It is
permitted to
alternatively log
this data directly
to files instead of
Lotus Notes
databases.

Note for
Setup or
Parameter Setting
Checking
phase
HTTP Log Files: If HTTP Log files Log data must be Log data must be retained for 15 days
Access Log are used in retained for 60
addition or instead days
of DOMLOG.NSF
only the Access
Log file contains
required security
data
J.1.2.2 Identify and Authenticate Users
Note for
Setup or
System Value/
Description Recommended Setting Agreed to Setting Health-
Parameter
Checking
phase
Server document: Controls if Notes clients No No
Security Setting: which are not properly
Anonymous Notes certified can access the Exception: Exception
connections server Internet-facing servers Internet-facing servers
which are used to which are used to
publish public publish public
information may permit information may
anonymous access permit anonymous
access
Server document: Compares the password Yes Yes
Security Setting: Check on the client ID file
passwords on Notes IDs against the user's Person Exception: Exception
document Individual user accounts Individual user
( set in the person accounts ( set in the
document of the user) person document of the
may override this setting user) may override this
to No only if smartcards setting to No only if
are used for smartcards are used for
authentication. authentication.
Server document: Server List of Servers, Persons, List of Persons, Groups, List of Persons,
Access: Not access Groups which may not Servers, or hierarchies. Groups, Servers, or
server access the server. hierarchies.
This list may be
maintained as a GROUP This list may be
in the NAB. If so, then maintained as a
the group name should GROUP in the NAB. If
appear in this field. so, then the group
name should appear in
this field.
Server document: List of users who can No General Users No General Users
Security tab: Run run unrestricted agents
unrestricted methods and on the server. Permits
operations agent access to server
without restriction
including system time,
file I/O, and operating
system commands
Server document: Trusted entities that are No General Users No General Users

Note for
Setup or
System Value/
Parameter
Checking
phase
Security tab: Sign agents allowed to sign agents
to run on behalf of that will be executed on
someone else anyone else's behalf
(used to control
$OnBehalf feature
applies to scheduled
agents only).
Security tab: Sign agents allowed to sign agents
to run on behalf of the that will be executed on
invoker of the agent behalf of the invoker
Security tab: Sign script allowed to sign script
libraries to run on behalf libraries in agents
of someone else executed by someone
else.
Server document: Servers listed here are Only those servers Only those servers
Security tab: Trusted trusted to access the which comply with the which comply with the
Servers current server on behalf requirements and requirements and
of someone else. This settings for sections settings for sections
allows agents that run J.1.2.2, J.1.2.3 and J.1.3 J.1.2.2, J.1.2.3, and
on one of these servers of this technical J.1.3 of this technical
to access databases on specification specification
the current server. It
also allows these servers
to do server-to-server
archiving of databases
to the current server.
HTTP passwords Yes Yes
Domino Directory Notes: Notes:
profile: Use more  HTTP passwords  HTTP passwords
secure Internet cannot be used on cannot be used on
passwords Domino releases Domino releases
This panel is located in prior to 4.6 if prior to 4.6 if
the Actions pull-down in general users have general users have
the Domain Public access to the Name access to the Name
Address Book under: and Address Book and Address Book
Actions->Edit Directory containing the containing the
Profile (Domain Public passwords. passwords.
Address Book, Actions-  If HTTP passwords  If HTTP
>Edit Directory Profile) are used with passwords are
Domino 4.6 servers used with Domino
or higher, the 4.6 servers or
enhanced password higher, the
encryption feature enhanced
must be used. This password
must be enabled for encryption feature
each user who is must be used. This
using HTTP must be enabled
passwords, there is for each user who
no single setting is using HTTP
which affects all passwords, there is
users so as to no single setting

Note for
Setup or
System Value/
Parameter
Checking
phase
enforce this, instead which affects all
an agent which is users so as to
available in the enforce this,
Domino 4.6 NAB instead an agent
must be run by an which is available
administrator for in the Domino 4.6
each user using NAB must be run
HTTP passwords to by an
enable this feature. administrator for
each user using
HTTP passwords
to enable this
feature.
Security Policy Permits users to change Yes Yes
document: Allow their internet password
Internet Users to change without the need to use
password over HTTP the Notes Client.
If R6 Security Policy
documents are not used,
then the person
document settings
described above are
required.
This setting is only

required when native
Domino HTTP
authentication is used.
When other
authentication
mechanisms are used,
this setting is not
needed, as the other
authentication
mechanism must meet
password requirements.
Security Policy Forces the client to Yes Yes
document: Check Notes compare a "hash" of the
Password local password to a copy
on the server. Used to
validate password
changes.
Security Policy Causes Notes/Domino "Notes and Internet" "Notes and Internet"
document: Enforce to enforce password
Password Expiration Expiration Note: "Internet" is only Note: "Internet" is only
required when native required when native
Domino HTTP Domino HTTP
authentication is used. authentication is used.
When other When other
authentication authentication
mechanisms are used, mechanisms are used,
this setting is not this setting is not

Note for
Setup or
System Value/
Parameter
Checking
phase
needed, as the other needed, as the other
authentication authentication
mechanism must meet mechanism must meet
password requirements. password requirements.
Security Policy Sets the interval after 90 60
document: Required which a password must
Change Interval be changed.
Security Policy Sets the grace period 90 60
document: Allowed after password
Grace Period expiration. Passwords
not changed after
expiration within this
period will have the
accounts locked.
Security Policy Sets the number of old 4 4
document: Password password hashes which
History are stored so that old
passwords cannot be re-
used
Security Policy Sets the minimum 8 8
document: Required permitted password
Password Quality quality, which is
computed from the
length and complexity
of a password.
Security Policy Setting this value to Yes Yes Yes
document: Use Custom permits the use of the
Policy "Custom Password
Policy" tab, which
contains several
required settings.
Security Policy Enable this to require Enabled Enabled
document: Change users to change their
Password on First Use passwords after the first
time they log in using
the Notes client
Security Policy If enabled, permits users Disabled Disabled
document: Allow to incorporate their
common name in name in their passwords.
password
Security Policy Sets the minimum 8 8
document: Password number of characters
Length Minimum that are permitted in
passwords
Resetting Notes ID Administrative Administrative
passwords personnel may send the personnel may send the
user or a manager the user or a manager the
original user ID file and original user ID file
password provided it is and password provided
done in a safe manner. it is done in a safe
(See Notes ID Files in manner. (See Notes ID
section J.3) Files in section J.3)

J.1.2.3 Protecting Resources -OSRs
Note for
Setup or
System Value/
Parameter
Checking
phase
Domino Directories The domain Domino All users may read All users may read
Directory. directories. directories.
(also called Name and
Address Books in older The default (out of box)
releases of template for the Domino
Notes/Domino) Directory has the correct
Domino Directories on access levels set for
the server, including the general user access to all
server's own directory, documents in the
any cascaded Directory.
directories, any Master
Address Book databases
and any directories
which are referenced by
the Master Address
Book database on the
server.
The Domino Directory General users must not
General users must
for a domain. have access above not have access above
"Author" "Author"
The Domino Directory General users may beGeneral users may be
for a domain, "People" allowed to modify fields
allowed to modify
view in their own Person fields in their own
document The fields Person Document The
which they may NOT fields which they may
modify are those found
NOT modify are
in the: those found in the:
1. Certificates tab 1. Certificates tab
2. Administrative tab.
2. Administrative
tab.
The Domino Directory General users may have General users may
for a domain, "Groups" read and write access to have read and write
view any documents for access to any
which they are a group documents for which
Owner they are a group
Owner
Access to the Domino Permitted via Permitted via
Directory, no anonymous HTTP and anonymous HTTP
Confidential data anonymous LDAP and anonymous
available LDAP
Directory Catalog General users may not General users may not
have access above have access above
"READER" "READER"
 LOG.NSF Databases on a typical General users may not General users may not
 CERTLOG.NSF Notes Server which must either have read or either have read or
 DOMLOG.NSF be restricted from write access. write access.
 ADMIN4.NSF General User access. In the ACL dialog for In the ACL dialog for
 STATREP.NSF Note: Not all these the DB apply the the DB apply the
 REPORTS.NSF databases maybe present following settings: following settings:
 Lotus Enterprise on a Notes Server  -DEFAULT-:No  -DEFAULT-:No
Integrator 3.0 and depending on features Access-all access Access-all access
installed and features options unchecked options

Note for
Setup or
System Value/
Parameter
Checking
phase
above enabled.  -Anonymous-No unchecked
 LEILOG.NSF Access-all access  -Anonymous-No
 LEIADM.NSF options unchecked Access-all access
 Lotus Notes Pump Server application options
 LNPLOG.NSF owners may be given unchecked
 LNPADM.NSF unrestricted READ Server application
access to LOG.NSF owners may be given
Web page/application unrestricted READ
owners may be given access to LOG.NSF
unrestricted READ Web page/application
access to owners may be given
DOMLOG.NSF unrestricted READ
access to
DOMLOG.NSF
DOMCFG.NSF Databases which maybe General users inside the General users inside
read by General User's company may have at may have at most
inside the Intranet, but most read access. read access.
which must be restricted General users outside General users outside
from access by General must have No Access. must have No Access
Users on the Internet.
Alternative Web Logs to Typically Domino General users may not General users may not
DOMLOG.NSF servers running the either have read or write either have read or
HTTP service log HTTP access. write access.
activity in the Web page/application Web page/application
DOMLOG.NSF owners may be given owners may be given
database. It is possible to unrestricted READ unrestricted READ
also log this data directly access access
to files instead of Lotus
Notes databases. This is
permitted.
 NOTES.INI Notes server OSRs. General users must not General users must
 DESKTOP.DSK be granted read or not be granted read or
 DESKTOPx.NDK higher access higher access
(x can be a number,
such as 5 or 6)
 CACHE.DSK
 CACHE.NDK
 BOOKMARK.NSF
 The server's ID file
(default is
SERVER.ID)
 The server's
Certifier ID file
(default is
CERTIFIER.ID)
 SMTP.BOX Notes server OSRs. General users may only General users may
 MAIL.BOX have DEPOSITOR only have
 MAILx.BOX on R5 (ability to create new DEPOSITOR
and above Servers documents, but not read (ability to create new
any documents) documents, but not
read any documents)
Notes Server code on Administrators can Except for those files Except for those files
server disks: install Notes Server code and databases listed and databases listed

Note for
Setup or
System Value/
Parameter
Checking
phase
any place they want. within this OSR section, within this OSR
On AIX these are general users may section, general users
typically: READ and EXECUTE may READ and
 /opt/lotus/notes at the operating system EXECUTE at the
 /opt/lotus/bin level the contents of operating system
On Windows servers these directories. level the contents of
these are typically: these directories.
 c:\lotus\domino
On OS/400
 \NOTES
Template Files (*.NTF Notes templates General users may have General users may
files) in the "root" no higher than have no higher than
directory of the Notes READER access. READER access.
server.
Server document: Master Templates have a No General Users No General Users
Security tab: Server template name in the
Access: Create master design properties -
templates databases which inherit
design properties from a
template will be
refreshed from the
template design on a
scheduled basis ( usually
nightly).
(Notes/Domino 6 and
later)
Operating system The location varies. The General users must not General users must
directories containing location of the base level have OS-level access to not have OS-level
Domino databases data directory is these directories or to access to these
specified in the the files within them. directories or to the
NOTES.INI file. files within them.
(If the server is a single
purpose server with no (If the server is a
user accounts, then no single purpose server
additional action is with no user accounts,
necessary to achieve then no additional
this. If general users can action is necessary to
access operating system achieve this. If
level files, either general users can
directly or through other access operating
applications, then they system level files,
must be prevented from either directly or
accessing these through other
directories.) applications, then
they must be
prevented from
accessing these
directories.)
QNOTES user Public ON OS/400 ONLY If the base operating If the base operating
authority on OS/400 system is OS/400, the system is OS/400, the
QNOTES Must be QNOTES Must be
*Exclude) *Exclude)

J.1.2.4 Protecting Resources - User Resources
Note for
Setup or
System Value/
Recommended Setting Agreed to Setting Health-
Parameter
Checking
phase
Default ACL Settings All newly created databases must All newly created databases must
for New Databases have the following initial access have the following initial access
settings unless explicitly requested settings unless explicitly requested
otherwise by the database owner: otherwise by the database owner:
Individual users or servers listed on Individual users or servers listed on
ACLs or groups used to control ACLs or groups used to control
access must use the user's full name access must use the user's full name
(i.e. Jane User/Site/company). (i.e. Jane User/Site/IBM).
Backup replicas of a database must Backup replicas of a database must
retain the original ACL settings of retain the original ACL settings of
the database. the database.
Note: Database owners may change Note: Database owners may change
the access settings from these the access settings from these
defaults after the database is created defaults after the database is created
or may request changes during or may request changes during
database creation. Any changes done database creation. Any changes done
by users must be in accordance with by users must be in accordance with
company policies regarding the company policies regarding the
protection of information. protection of information.
ACL "Default" "No Access" "No Access"
Note: Database owners may change Note: Database owners may change
the access settings from these the access settings from these
defaults after the database is created defaults after the database is created
or may request changes during or may request changes during
"Maximum Internet "No Access". "No Access".
name and password Note: Database owners may change Note: Database owners may change
access" (In the the access settings from these the access settings from these
Advanced Section of the defaults after the database is created defaults after the database is created
ACL control panel) or may request changes during or may request changes during
User name "No Access" "No Access"
"Anonymous" (If on a Note: Database owners may change Note: Database owners may change
server running the the access settings from these the access settings from these
HTTP server task or defaults after the database is created defaults after the database is created
which permits or may request changes during or may request changes during
anonymous Notes RPC database creation. Any changes done database creation. Any changes done
access) by users must be in accordance with by users must be in accordance with
As an alternative to the above, the As an alternative to the above, the

user name "Anonymous" may be user name "Anonymous" may be
completely omitted from the Access completely omitted from the Access
Control List. Control List.
Access controls May be set by administrators May be set by Administrators

Note for
Setup or
System Value/
Recommended Setting Agreed to Setting Health-
Parameter
Checking
phase
according to the requirements according to the requirements
determined by the database owner. determined by the database owner.
Note: Users may change the access Note: Users may change the access
settings from these defaults. settings from these defaults.
J.1.2.5 Business Use Notice
Note for
Setup or
Recommended Setting Initial Setting Agreed to Setting Health-
Checking
phase
Not Applicable Not Applicable
J.1.2.6 Encryption
This table contains encryption facilities that are available to supply the encryption requirements documented in the
recommended requirements in ISCD. There may be other products/facilities that provide that level of encryption.
Note for
Setup or
Encryption Type Encryption facility Recommended Setting Agreed to Setting Health-
Checking
phase
Data Transmission Network Port Encryption, See tables below As requested in ISCD:
SSL, S/MIME Password and
confidential or personal
data must not be
trasmitted in clear text
form over the internet,
public networks or
wireless devices .
See tables below
File/Database Storage Database Properties - Medium or Strong N/A
Encryption Settings encryption must be used
on databases which
require encryption per
Section 2.2.5
Storage of passwords HTTP Passwords - Yes See section J.1.2.2 Must be encrypted if
Domino Directory Identify and Authenticate possible when stored in
Profile: Use more secure Users files or databases. If
Internet Passwords above for more encryption is not
Notes client passwords - information) possible, access must be
password is used to restricted to only
create the key which No specific setting system security
encrypts the contents of needed. administrators
the ID file.
Note: If an encryption product is selected that is not a current product supported for Customer, a discussion on the
responsibility for obtaining the product will be held.

Note for
Setup or
System
Value/Parameter
Checking
phase
Network Port Encryption Notes RPC traffic Using the Domino Using the Domino
(typically TCP/IP port Administrator, choose Administrator, choose
1352) must be encrypted the server to encrypt the the server to encrypt
on all Notes servers. network port for: the network port for:
1. Click. Server-Status 1. Click. Server-
tab Status tab
2. On the tool bar, 2. On the tool bar,
choose Setup Ports choose Setup
3. Select each enabled Ports
network port in the 3. Select each
Communications enabled network
Ports box port in the
4. Select Encrypt Communications
network data Ports box
4. Select Encrypt
network data
HTTP - This section required only if HTTP is enabled
Use SSL session Confidential information Required on all servers Required on all
encryption for accessed using HTTP with Confidential servers with
Confidential Information must be encrypted using Information accessible Confidential
accessed using HTTP SSL. via HTTP. Information accessible
X.509 Certificates to 1. Obtain SSL X.509 via HTTP.
enable SSL on Domino Certificate 1. Obtain SSL
Servers are to be 2. Install on Notes X.509 Certificate
obtained from a Server 2. Install on Notes
designated Certificate 3. Enable: Server Server
Authority. document: Ports: 3. Enable: Server
Internet Ports: Web: Document: Ports:
SSL Port Status: Internet Ports:
Enabled Web: SSL Port
4. All DBs which Status: Enabled
permit access to 4. All DBs which
Confidential data via permit access to
http must also enable Confidential data
"Database: Database via http must also
Basics: Web access: enable "Database:
Require SSL Database Basics:
connection" Web access:
Require SSL
connection"
Database enforcement of Databases which contain This is set in the This is set in the
use of SSL for Web Confidential information Database Properties Database Properties
Access to Confidential and which are accessible Box by selecting the Box by selecting the
Data via the Web (HTTP) Web Access: Require Web Access: Require
must be configured to SSL Connection option. SSL Connection
require SSL for Web option
Access
LDAP - This section required only if LDAP is enabled
Server document: Ports: Permits authentication Disabled is required for Disabled is required
Internet Ports: Directory: of connections via LDAP access to for LDAP access to
Authentication Options: LDAP using Name and Confidential data over Confidential data over
Name & Password Password the Internet. (Use LDAP the Internet. (Use
over SSL instead.) LDAP over SSL

Note for
Setup or
System
Value/Parameter
Checking
phase
instead.)
Server document: Ports: Permits anonymous No is required when No is required when
Internet Ports: Directory: connections via LDAP. anonymous LDAP anonymous LDAP
Authentication Options: Note: Anonymous access would provide access would provide
Anonymous LDAP connections are access to Confidential access to Confidential
limited in the data data
information they can
access. Consult the
Lotus Domino Product
Documentation.
Server document: Ports: Enables access via Enabled is required for Enabled is required
Internet Ports: Directory: LDAP over SSL LDAP access to for LDAP access to
SSL Port Status Confidential data over Confidential data over
the Internet the Internet
Server document: Ports: Permits anonymous No is required when No is required when
Internet Ports: Directory:
connections via LDAP anonymous LDAP anonymous LDAP
SSL: Authentication over SSL. access would provide access would provide
Options: Anonymous Note: Anonymous access to Confidential access to Confidential
LDAP connections are data data
limited in the
information they can
access. Consult the
Lotus Domino Product
Documentation.
News (NNTP) - This section required only if NNTP is enabled
Server document: Ports: Allows anonymous No is required if such No is required if such
Internet Ports: News: connections to NNTP access would permit access would permit
Authentication Options: (News) access to Confidential access to Confidential
Anonymous data. data.
Server document: Ports: Permits use of NNTP Enabled is required for Enabled is required
Internet Ports: News: over SSL. access to Confidential for access to
Authentication Options: data over the Internet. Confidential data over
SSL Port Status the Internet.
Server document: Ports: Allows anonymous No is required if such No is required if such
Internet Ports: News: connections to NNTP access would permit access would permit
SSL: Authentication (News) over SSL access to Confidential access to Confidential
Options: Anonymous data. data.
Mail: IMAP
Server document: Ports: Permits connections via Enabled is required for Enabled is required
Internet Ports: Mail: IMAP over SSL. access to Confidential for access to
IMAP: SSL Port Status data over the Internet Confidential data over
the Internet
Mail: POP
Internet Ports: Mail: POP over SSL. access to Confidential for access to
POP: SSL Port Status data over the Internet Confidential data over
the Internet
Mail: SMTP Inbound
Server document: Ports: Permits connections via Enabled is a valid Enabled is a valid
Internet Ports: Mail: inbound SMTP over option for receiving option for receiving
SMTP Inbound: SSL SSL. Confidential data over Confidential data over
Port Status Many mail systems do the Internet. the Internet.
not support this option

Note for
Setup or
System
Value/Parameter
Checking
phase
yet. Message encryption
maybe a better option.
(PGP/S-MIME)
Mail: SMTP Outbound
Server document: Ports: Permits connections via Enabled is a valid Enabled is a valid
Internet Ports: Mail: outbound SMTP over option for sending option for sending
SMTP Outbound: SSL SSL. Confidential data over Confidential data over
Port Status Many mail systems do the Internet. the Internet.
not support this option
yet. Message encryption
maybe a better option.
(PGP/S-MIME)
IIOP - This section required only if IIOP is enabled
Server document: Ports: Permits anonymous No is required if such No is required if such
Internet Ports: IIOP: connections via IIOP. access would permit access would permit
Authentication Options: access to Confidential access to Confidential
Internet Ports: IIOP: SSL IIOP over SSL. access to Confidential for access to
Port Status data over the Internet Confidential data over
the Internet
Server document: Ports: Permits anonymous No is required if such No is required if such
Internet Ports: IIOP: connections via IIOP access would permit access would permit
Authentication Options: over SSL. access to Confidential access to Confidential
Encryption of Confidential information sent over the internet
The S/MIME implementation in Notes/Domino 6.0 and higher meets the corporate requirement for encryption of
Confidential Information when transmitted over the Internet. Users should reference the Network Computing Guide
for directions for setting up and using encryption of Internet mail.
In the cases where two Domino servers are set up to communicate directly over the Internet using the Notes RPC
protocol (i.e. Notes encryption), both Port Encryption and individual mail encryption must be used to meet Corporate
requirements for the encryption of Internet mail. The setup of such servers must be done as part of an approved IES
Gateway.
J.1.2.7 Harmful code
Note for
Setup or
System Value/ Parameter Recommended Setting Agreed to Setting Health-
Checking
phase
Install anti-virus programs to detect and block Yes Yes
viral email on all mail servers
Note: If an anti-virus product is selected that is not a current product supported for Customer, a discussion on the
responsibility for obtaining the product will be held.

J.1.3 System and Security Administrative Authority

Note for
Setup or
System Settings Description Recommended Setting Agreed to Setting Health-
Checking
phase
The following have System and Security Administrative Authority:
Server document: Who can administer the List of administrators or List of Administrators
Security tab: server Administrator-Groups or Administrator-
Administrators Groups
Server document: Same rights as List of administrators or List of Administrators
Security tab: Full Access administrators, plus can administrator-Groups or Administrator-
administrators bypass the ACL of all Groups
databases on the server. (
Cannot bypass
encryption)
Server document: Same access to server List of administrators or List of Administrators
Security tab: Database databases as administrator-Groups or Administrator-
administrators administrators, with the Groups
exception of the Web
administrator database
(WEBADMIN.NSF).
They are not allowed to
issue remote console
commands.
Server document: Allowed to issue any List of administrators or List of Administrators
Security tab: Full remote server commands Administrator-Groups or Administrator-
Remote Console Groups
administrators
Server document: Permitted to issue a List of administrators or List of Administrators
Security tab: View-Only subset of console Administrator-Groups or Administrator-
administrators commands ( cannot issue Groups
commands that change
operation of the server)
Server document: Allowed to issue List of administrators or List of Administrators
Security tab: System operating system Administrator-Groups or Administrator-
administrator commands to the server Groups
Server document: Allow to issue List of administrators or List of Administrators
Security tab: Restricted commands which are Administrator-Groups or Administrator-
administrator itemized in the field Groups
"Restricted System
Commands"

J.2 Health Checking

Requirement Description
Verify that mandatory access control system options Verify the settings of section J.1.2.2
are as specified
Verify that all OSR access controls are set Verify the settings of section J.1.2.3
Verify that only approved users are included in the Verify the OSRs in J.1.2.3
access lists of OSRs beyond that allowed to general
users.
Verify that Harmful code detection programs are Harmful code detection programs are required for Domino
installed and operational Mail servers and gateways per section J.1.2.7 Harmful Code
Verify that the required access and activity logs exist. Check the logs and settings in section J.1.2.1 Logging are
correct for:
 log.nsf
 domlog.nsf or HTTP access log (if web server (http)
access is enabled)
J.3 Process Controls

Notes ID  Single sign-on Creation:
files integration of the When the Notes user ID file is created during the User Registration process,
Notes user ID 1. Notes ID files when issued, or recertified by R5 and above servers
password and must have the Password Quality level set to 8. This is set for an ID
Windows when it is generated, or when it is recertified. There is no
NT/2000/XP login requirement to recertify existing Notes ID's solely for the purpose of
is permitted. setting the Password Quality level on them.
 Lotus Notes 2. Administrators normally set an initial password, when the user ID is
Server ID files created, which is then communicated to the user. This password must
may be configured comply with the password rules.
without a
password to Notes:
permit unattended  Notes/Domino contains an option to use only password length
booting of Notes instead of password quality when creating or recertifying IDs. Use of
Servers this option is NOT permitted. IDs must be created using the
password quality feature, with a level set to 8 or higher.
 ID files and passwords must not be attached to the Domino
Directory.
 Delivery of user ID files and passwords by electronic means is
permitted provided there are provisions for the positive identification
of the recipient.
 Delivery of the user ID and password is permitted to either the owner
or a manager.
 Delivery of the user ID file, but not the password, to system
installation/helpdesk staff is permitted for the purpose of client
system installation and configuration.
 When a Lotus Notes user ID file id generated and issued to a user,
the user's manager must be notified.
Note: It is not necessary to notify the user's manager when access to servers is
granted to this user ID.
Resetting Administrative personnel may send the user or a manager the original user ID
Notes ID file and password provided it is done in a safe manner. (See Notes ID Files
passwords above)
Sharing Notes ID’s
A Notes ID can be shared by a team of people if it meets all of the these requirements

1. It is used for a specific business purpose only.

 This is meant to be a specific business task such as collecting electronic forms at a central source,
or receiving e-mail at a central ID (e.g. Home Page Comments), or responding to e-mail from a
central source (e.g. Ideas Program, mail room, receptionists, maintenance)
 It is NOT to be used as a cost avoidance measure in place of personal Notes IDs.
2. It does not have any system or security administrative authorities assigned to it.
 The ID cannot execute any privileges beyond those of a 'general user' nor can the ID execute any
program(s) or transactions that will provide privileges.
3. No personal or confidential data is associated with the ID.
 The ID cannot have access to Confidential information. If IConfidential information is
inadvertently received, it must not be stored under the ID.
 No personal data can be stored under the ID.
4. The ID is not associated with any individual in Company directories, such as the Directory on Notes.
 The ID is not to have any corresponding individual's name available in the Domino Directory.
User ID Creation / Granting Access to Servers
When a Lotus Notes user ID file id generated and issued to a user, the user's manager must be notified. It is not
necessary to notify the user's manager when access to servers is granted to this user ID.
Removal of Access
1. Adding the user's full name (Jane User/Site/company) to the Terminations section in the Name and Address
Book (or equivalent Terminations Group) or the Deny_Access setting in the NOTES.INI file, if this field is
empty in the NAB.
2. Deletion of the person document in the Domino Directory is not necessary.
3. If Web access is enabled then the HTTP password field in the user's person document in the NAB must be
cleared.
4. If X.509 certificates are used for access to the server, then the X.509 certificate in the Public Keys section of
person document must be cleared.
Annual Revalidations
1. Revalidation need only be done for those users with Person documents in the Domino Directory.

J.4 Process Exception

 Notes can not enforce revoking/locking an id after five invalid access attempts via the Notes Client, HTTP
password, or X.509 certificate.
 Notes does not have a logon inductor, but Notes does delay the password entry sequence on the client
several seconds with each attempt to a maximum of 30 seconds
 Logon inductors for HTTP passwords, or X.509 certificates are not supported.
 Domino does not provide any mechanism to detect systematic attacks by the following: Notes RPC (Notes
clients/servers), HTTP, LDAP, IMAP, POP3, NNTP, IIOP.
Special Considerations for this section:
Legend:
1) to be used to fill out the “Current Setting” Column (appendix) in case of MANUAL HC:
Compilazione richiesta al sistemista

Se il valore rilevato corrisponde a quanto richiesto <valore rilevato>
OK
Se il valore rilevato non corrisponde a quanto richiesto <valore rilevato>
KO
Se non è possibile rilevare quanto richiesto <spiegazione del motivo>
NO TE CONTROL
Se quanto richiesto non è corretto, nel senso che non ha <spiegazione del motivo>
significato per la piattaforma in oggetto, o non è comprensibile NA
2) to be used to fill out the “Feedback on Exceptions” Column (xls) for both Manual or Automatic HCs:
Testo da inserire Stato Spiegazione

della
deviazion
e
NO Fixed La deviazione è stata chiusa.
Y Not fixed La deviazione non può essere chiusa a causa di ragioni tecniche (da
specificare) – RICHIESTA DI EXCEPTION IBM PER CAUSE
TECNICHE
Y/CUST Not fixed La deviazione può essere chiusa ma sarebbero impattate risorse ed
applicazioni del Cliente, e quindi nessuna azione è implementata
senza esplicita richiesta del Cliente – RICHIESTA DI EXCEPTION
IBM PER CAUSE CLIENTE
Y/DOM Not fixed La deviazione può essere chiusa localmente, ma il sistema eredita i
settaggi non compliant da un dominio sotto la responsabilità Cliente
Y/APP Not fixed La deviazione può essere risolta al livello della piattaforma in
questione (sistema o sottosistema), ma l’applicazione (da specificare)
ne sarà impattata
POL Not fixed Vi è stato un errore da parte del tool di HC automatico, errore che
(only for automatic viene in questo modo segnalato all’amministratore del tool.
tool)
IBM Global Services – Compiled section owner: IBM

Summary of changes on compiled section for customer FIAT Group
Date Compiled Compiled Section Review Comments and change number with date
Reviewed section Authors (if successfully executed)
Release/Status
31/05/06 1.0 Approved Di Muro Risk Analysis and agreed definition for ISCD 3.1
Mauro/Technical

Environment/Winte
l & Mail
27/11/07 1.1 Approved Luigi Nava/IT Agreed values for ISCD 3.2
Security
23/11/09 2.0 Approved Leonardo Agreed values for ISCD 4.0
Castellaneta/IT
Security –
Alessandro
Sechi/SSO

J. Lotus Domino Servers Technical Specification

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

J. Lotus Domino Servers Technical Specification

Uploaded by

Copyright:

Available Formats

IBM Global Services ISCD Implementation Manual for Customer FIAT Group

J. Lotus Domino Servers Technical Specification

Version - Release Levels:

J.1 System Setup

J.1.1 Initial System Setup

J.1.1.1 System Settings

J.1.1.2 Network Settings

J.1.2 System Controls

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 1 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 2 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 3 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 4 / 19

This setting is only

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 5 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 6 / 19

J.1.2.3 Protecting Resources -OSRs

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 7 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 8 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 9 / 19

J.1.2.4 Protecting Resources - User Resources

As an alternative to the above, the As an alternative to the above, the

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 10 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 11 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 12 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 13 / 19

Encryption of Confidential information sent over the internet

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 14 / 19

J.1.3 System and Security Administrative Authority

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 15 / 19

J.2 Health Checking

J.3 Process Controls

Sharing Notes ID’s

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 16 / 19

1. It is used for a specific business purpose only.

User ID Creation / Granting Access to Servers

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 17 / 19

J.4 Process Exception

Special Considerations for this section:

Compilazione richiesta al sistemista

Testo da inserire Stato Spiegazione

IBM Global Services – Compiled section owner: IBM

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 18 / 19

Appendix J. Lotus Domino Servers for ISCD v4.0 Page 19 / 19

You might also like