Firewall Wizards mailing list archives

Re: Lotus Domino as an access control to internal network

From: Bart Smit <bart.smit () bowneglobal nl>
Date: Wed, 25 Feb 1998 14:02:16 +0100

Hi Delmer,

On Mon, 23 Feb 1998 dharris () kcp com wrote:

I have been asked to help our internal e-mail team provide external
access to internal e-mail.  They want to use a Lotus Domino server
connected to a set of dial-up access points.  The Lotus Domino server
would also connect to our internal network.  The e-mail team claims
that, because the NT box which supports the Lotus Domino server has
no dial-up software loaded, the Lotus Domino server cannot be suborned
into acting as a gateway to our internal network.


You don't explain what kind of "dial-up access points" you plan to use, so I'll assume that your setup will be 
equivalent to having one or more modems directly connected to the Notes server. In that case you'll use the Notes X.PC 
protocol. Notes controls the modems and handles all interaction with the clients. This setup could be secure enough for 
your needs:
* At protocol level, your clients can only talk to the Notes server and nothing else.
* The Notes server requires authentication.
* When granted access to the server, clients will *only* have access at database level (subject to ACL's; review the 
defaults!), and not at file level.

Notes authentication uses RSA's bsafe library. They don't say much about how it works, but it looks at least halfway 
decent. Clients need an ID file with their private and public keys to access the server. Users protect the ID file by 
locking it with a password, by keeping the file itself secure, or both (preferred).
 
Personally I think you would be okay (provided it is set up correctly of course) but don't go for my word alone...

regards,
--
Bart Smit                                   Phone: +31 71 5617670
System Administrator                          Fax: +31 71 5617484
                                 e-mail: bart.smit () bowneglobal nl

-----------------------------------------------------------------
     Bowne Global Solutions (Netherlands) BV
     Papelaan 85
     2252 EG  VOORSCHOTEN
     The Netherlands
-----------------------------------------------------------------

Current thread:

Lotus Domino as an access control to internal network dharris (Feb 24)
- Re: Lotus Domino as an access control to internal network Aleph One (Feb 24)
  - Re: Lotus Domino as an access control to internal network Roger Nebel (Feb 25)
- <Possible follow-ups>
- Re: Lotus Domino as an access control to internal network Bart Smit (Feb 25)
  - Re: Lotus Domino as an access control to internal network chuck (Feb 27)
    - Re: Lotus Domino as an access control to internal network Aleph One (Feb 28)