SecureDomino: Authentication and Intrusion Prevention for Lotus Domino
SecureDomino is the universal authentication and security tool for Domino HTTP servers. It is an add-in module that extends and secures IBM Lotus Domino.
SecureDomino creates new authentication options and flexebility and removes the dependency on Domino directory for authentication.
SecureDomino enhances data security and helps to enforce Sarbanes-Oxley compliance. It protects Domino servers by preventing unauthorized users from gaining access.
Lotus Domino authentication has several shortcomings:
Even with the Domino Directory Assistance and the Active Directory Synchronization users must still handle multiple passwords.
Domino does not log authentication succesful and failed attemps efficiently.
Domino does not support IP-based authentication.
Domino does not allow the definition of "Logon Hours"
SecureDomino Authentication Features:
LDAP Authentication (new in R6!)
Authenticate against Microsoft or any other LDAP directory and thus eliminate the need for users to remebmer multiple passwords.
Authentication Logging (new in R6!)
Log sign-in attempts (either all, successful only or failed attempts only) for analysis, documentation and user-information.
Identify and authenticate users (and proxies) through their IP-address automatically.
Logon Hours Definition
Restrict signing in, e.g.: restrict loging on to business days and hours from 8am to 5pm.
Lotus Notes and Domino offer extensive and mature security architecture (see background info). Nevertheless, a Domino server in the Intra-, Extra- or Internet is exposed to many risks:
Browser clients can endlessly attempt to sign in to a Domino Server. Retrieving a user's password is just a matter of time.
Hackers can access sensitive data or cause a heavy server load by simply using hacking tools provided in the internet (Brute Force Attacs, Denial-of-Service).
URL´s like $DefaultNav and $DefaultView often reveal much more information than intended.
Loading the HTTP-server task makes all database accessible through browser-clients, not just the desired ones.
SecureDomino Intrusion Prevention Features:
Prevent Brute-Force Hacking and Password Guessing Attempts
Effective protection against hacking and denial of service-attacks through HTTP lockout. IPs and user accounts are locked after a number of failed attempts. Unlock on a scheduled interval or have administrators unlock manually.
Forgotten Password Handling
Users may request new http passwords and have them send to their Notes-mail accounts.
Restrict http-access with white- and black-lists to directories and databases. Have all other databases accessed through Lotus Notes clients only.
Redirection Create redirections for custom and unwanted URL-comands like $$DefaultNav, $$DefaultView, %%Source%%. Works even with unicode characters.
is widely tested and implemented by corporations (including IBM) and goverments around the world.
is a DSAPI-filter and can simply be plugged into any Domino server
can be installed within minutes
does not does require any modifications to the Domino directory or even a new Domino directory
does not slow down the Domino server
does not write into the Domino directory
even works with strong password encryption
is available on all relevant Domino platforms (Windows, Linux, AIX, Sun OS, others on request)
SecureDomino is available for the following platforms:
Sun Solaris / Risc
iSeries and zSeries on request
SecureDomino R6 requires a Domino R6 (or above) server.