SecureDomino:
Authentication and Intrusion Prevention for Lotus Domino

SecureDomino is the universal authentication and security tool for Domino HTTP servers. It is an add-in module that extends and secures IBM Lotus Domino.

SecureDomino creates new authentication options and flexebility and removes the dependency on Domino directory for authentication.

SecureDomino enhances data security and helps to enforce Sarbanes-Oxley compliance. It protects Domino servers by preventing unauthorized users from gaining access.

Authentication
Lotus Domino authentication has several shortcomings:
  • Even with the Domino Directory Assistance and the Active Directory Synchronization users must still handle multiple passwords.
  • Domino does not log authentication succesful and failed attemps efficiently.
  • Domino does not support IP-based authentication.
  • Domino does not allow the definition of "Logon Hours"
SecureDomino Authentication Features:
  • LDAP Authentication (new in R6!)
    Authenticate against Microsoft or any other LDAP directory and thus eliminate the need for users to remebmer multiple passwords.
  • Authentication Logging (new in R6!)
    Log sign-in attempts (either all, successful only or failed attempts only) for analysis, documentation and user-information.
  • IP-Based Authentication
    Identify and authenticate users (and proxies) through their IP-address automatically.
  • Logon Hours Definition
    Restrict signing in, e.g.: restrict loging on to business days and hours from 8am to 5pm.

Intrusion Prevention
Lotus Notes and Domino offer extensive and mature security architecture (see background info). Nevertheless, a Domino server in the Intra-, Extra- or Internet is exposed to many risks:
  • Browser clients can endlessly attempt to sign in to a Domino Server. Retrieving a user's password is just a matter of time.
  • Hackers can access sensitive data or cause a heavy server load by simply using hacking tools provided in the internet (Brute Force Attacs, Denial-of-Service).
  • URL´s like $DefaultNav and $DefaultView often reveal much more information than intended.
  • Loading the HTTP-server task makes all database accessible through browser-clients, not just the desired ones.
SecureDomino Intrusion Prevention Features:
  • Prevent Brute-Force Hacking and Password Guessing Attempts
    Effective protection against hacking and denial of service-attacks through HTTP lockout. IPs and user accounts are locked after a number of failed attempts. Unlock on a scheduled interval or have administrators unlock manually.
  • Forgotten Password Handling
    Users may request new http passwords and have them send to their Notes-mail accounts.
  • Access Restrictions
    Restrict http-access with white- and black-lists to directories and databases. Have all other databases accessed through Lotus Notes clients only.
  • Redirection
    Create redirections for custom and unwanted URL-comands like $$DefaultNav, $$DefaultView, %%Source%%. Works even with unicode characters.

SecureDomino benefits
  • is widely tested and implemented by corporations (including IBM) and goverments around the world.
  • is a DSAPI-filter and can simply be plugged into any Domino server
  • can be installed within minutes
  • does not does require any modifications to the Domino directory or even a new Domino directory
  • does not slow down the Domino server
  • does not write into the Domino directory
  • even works with strong password encryption
  • is available on all relevant Domino platforms (Windows, Linux, AIX, Sun OS, others on request)
Platforms
SecureDomino is available for the following platforms:
  • Windows NT/2000
  • Linux
  • AIX
  • Sun Solaris / Risc
  • iSeries and zSeries on request
SecureDomino R6 requires a Domino R6 (or above) server.