Vulnerability Development mailing list archives
Re: Lotus NOTES
From: dsanchez () sanchezsantiago com
Date: Mon, 2 Dec 2002 08:46:46 -0500
Most of the security issues associated with Lotus Notes is due to bad implementation, bad setup, and lack of well thought security policies. One of the most important pre-implementation tasks is to plan how to manage the Lotus PKI (how to create and manage the certifier IDs, how to distribute and manage the private keys to users, key recovery, etc.). Another major issue many times overlooked is to not take the default access control settings for server security, databases, and templates. You need to look at each one and adjust them as needed. Proper planning is key. IBM Redbook - Lotus Notes and Domino R5.0 Security Infrastructure Revealed: http://publib-b.boulder.ibm.com/redbooks.nsf/RedbookAbstracts/sg245341.html?Open Lotus security zone reference of papers and publicly known security issues: http://www.lotus.com/developers/itcentral.nsf/wDocs/securityzone Lotus Development Domain newsletter (look for articles regarding security): http://www-10.lotus.com/ldd/today.nsf Lotus Fix list database (includes the current and planned security fixes by version): http://www-10.lotus.com/ldd/r5fixlist.nsf Bugtraq: http://www.securityfocus.com Regards, Deoscoidy Sanchez "Bruno Mosconi" <bmosconi () fnazca com br> wrote on 11/28/2002 01:07:34 PM:
Does anyone knows a good source of Lotus Notes security issues/holes? []'s Bruno Mosconi F/Nazca S&S - AdverSiting ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you
received
this in error, please contact the sender and delete the material from
any
computer. ----------------------------------------------------------------
Current thread:
- Lotus NOTES Bruno Mosconi (Dec 01)
- RE: Lotus NOTES Aaron C. Newman (Application Security, Inc.) (Dec 01)
- Re: Lotus NOTES dsanchez (Dec 02)
- <Possible follow-ups>
- Re: Lotus NOTES Grant Torresan (Dec 01)