SecureDomino: Authentication and Intrusion Prevention for Lotus Domino

SecureDomino is the universal authentication and security tool for Domino web servers.

By extending authentication options beyond the Domino Directory, SecureDomino allows a broader usage of Domino servers.

SecureDomino enhances data security and helps to enforce Sarbanes-Oxley compliance. Domino servers with activated HTTP task are protected by preventing unauthorized users from gaining access.

Authentication

Lotus Domino authentication has several shortcomings:

• Even with the Domino Directory Assistance and the Active Directory Synchronization users must still handle multiple passwords.
• Domino does not log authentication successfully and failed attempts efficiently.
• Domino does not support IP-based authentication.
• Domino does not allow the definition of log-on hours

SecureDomino Authentication Features

• Designated (SPNEGO) Authentication Server (new in R7!)
  Use one central SPNGEO activated server to handle automated authentication even on non-SPNEGO supported Platforms and Domino-Versions like Linux or Solaris.
• LDAP Authentication
  Authenticate against Microsoft or any other LDAP directory and thus eliminate the need for users to remember multiple passwords.
• Authentication Logging
  Log sign-in attempts (either all, successful only or failed attempts only) for analysis, documentation and user-information.
• IP-based Authentication
  Identify and authenticate users (and proxies) through their IP-address automatically.
• Log-on Hours Definition
  Restrict signing in, e.g.: restrict log-in to business days and hours from 8am to 5pm.

Intrusion Prevention

Lotus Notes and Domino offer extensive and mature security architecture. Nevertheless, a Domino server in the Intra-, Extra- or Internet is exposed to many risks:

• Browser clients can endlessly attempt to sign in to a Domino Server. Retrieving a user's password is just a matter of time.
• Hackers can access sensitive data or cause a heavy server load by simply using hacking tools provided in the internet (Brute Force Attacks, Denial-of-Service).
• URL´s like $DefaultNav and $DefaultView often reveal much more information than intended.
• Loading the HTTP-server task makes all database accessible through browser-clients, not just the desired ones.

SecureDomino Intrusion Prevention Features

Prevent Brute-Force Hacking and Password Guessing Attempts
Effective protection against hacking and denial of service-attacks through HTTP lockout. IPs and user accounts are locked after a number of failed attempts. Unlock on a scheduled interval or have administrators unlock manually.

• Forgotten Password Handling
  Users may request new http passwords and have them send to their Notes-mail accounts.
• Access Restrictions
  Restrict http-access with white- and black-lists to directories and databases. Have all other databases accessed through Lotus Notes clients only.
• Redirection
  Create redirections for custom and unwanted URL-commands like $$DefaultNav, $$DefaultView, %%Source%%. Works even with unicode characters.

SecureDomino benefits

is widely tested and implemented by corporations (including IBM) and governments around the world.

is a DSAPI-filter and can simply be plugged into any Domino server

can be installed within minutes

does not does require any modifications to the Domino directory or even a new Domino directory

does not slow down the Domino server

does not write into the Domino directory

even works with strong password encryption

is available on all relevant Domino platforms (Windows, Linux, AIX, Sun OS, others on request)

Platforms
SecureDomino is available for the following platforms:

• Windows NT/2000/2003
• Linux
• AIX
• Sun Solaris / Risc on request
• iSeries and zSeries on request

SecureDomino R7 requires a Domino R6 (or higher) server.

Screenshot: SecureDomino Administration and Logging Database