ACL Settings in Notes Environments
Due to the lack of true enterprise monitoring and control, the ACL, once thought of as the last bastion of security in Lotus Notes, is potentially the most susceptible layer of security in Notes.
The idea behind a ring defense or depth defense for security purposes in the IT world is to present a series of layers in security that are incrementally more difficult to break through due to the variety and robustness of each layer. The first layers should be designed in way that would alert a proper party when an attempted breach occurs. This will provide the security team the time to assess the breach and adjust the internal rings according to the type of breach that occurred. The last layer or closest layer to your data should logically be the most robust and flexible layer for the dual purpose of keeping potential holes in security from happening as well as if they happen providing the flexibility to make adjustments quickly to close holes that did occur.
Lotus Notes uses a depth or ring security model where OS and server security makes up the outer layers and the ACL makes up the inner layer of a security defense that protects data stored in a Notes database.
In the past couple of years I have seen many Notes environments that suffer from increased application proliferation and consequently an overwhelming lack of control. The corollary I am attempting to make here is that if the application proliferation is out of control how far behind can the ACL settings in each application be. When asked, most Notes administrators will say that they feel that their ACLs are under control. With a little pressure to take a quick look at some of the applications they will soon admit to having no idea how most of the applications' ACLs are set. Does this sound familiar to you?
The idea behind a ring defense or depth defense for security purposes in the IT world is to present a series of layers in security that are incrementally more difficult to break through due to the variety and robustness of each layer. The first layers should be designed in way that would alert a proper party when an attempted breach occurs. This will provide the security team the time to assess the breach and adjust the internal rings according to the type of breach that occurred. The last layer or closest layer to your data should logically be the most robust and flexible layer for the dual purpose of keeping potential holes in security from happening as well as if they happen providing the flexibility to make adjustments quickly to close holes that did occur.
Lotus Notes uses a depth or ring security model where OS and server security makes up the outer layers and the ACL makes up the inner layer of a security defense that protects data stored in a Notes database.
In the past couple of years I have seen many Notes environments that suffer from increased application proliferation and consequently an overwhelming lack of control. The corollary I am attempting to make here is that if the application proliferation is out of control how far behind can the ACL settings in each application be. When asked, most Notes administrators will say that they feel that their ACLs are under control. With a little pressure to take a quick look at some of the applications they will soon admit to having no idea how most of the applications' ACLs are set. Does this sound familiar to you?
Category Notes Security ACLs
| Permalink |
|
|
|
|
|
Comments
There are a number of excellent tools out there to help with ACL management, even within Domino(although not as in depth as say Essential Tools or Server Admin Plus).
Some of us handle these situations for clients and enjoy the clean up of an environment.
The benefits are finding deadwood dbs to delete thus saving disk space, backup time/space and replication times, among other benefits to the client organization.
Posted by Keith Brooks At 04:16:32 PM On 10/23/2007 | - Website - |