One thing I’ve been doing a lot of recently is Web Mail redirection databases. I number of places are starting to implement web based mail for their users, some doing it right but unfortunitly some are cutting corners and leaving their servers wide open to attack.
When I have to lock down a domino web server that is open to the internet then here is what I do…
- Delete all templates
- Delete unrequired databases
- Only run the tasks needed by the server
- Add ‘Anonymous’ with No Access to all databases except where required.
- Set ‘-default-‘ to no access except where required.
- Set ‘Maximum Internet Name And Password’ to No Access except where required.
Does anybody else have any suggestions? What do you normally look out for when securing a Domino server.
Dec's Dom Blog 