Firewalls: Lotus Notes Security

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Lotus Notes Security
From:	Joseph . Cupano @ ey . com
Date:	Mon, 9 Sep 1996 16:05:46 -0400
To:	" - (052)firewalls(a)greatcircle.com" <firewalls @ greatcircle . com>
X400-content-type:	P2-1988 (22)
X400-mts-identifier:	[/PRMD=ERNSTYOUNG/ADMD=ATTMAIL/C=US/;0014500005125969000002]
X400-originator:	Joseph . Cupano @ EY . COM
X400-recipients:	firewalls @ greatcircle . com



>Hello all!
>
>While Notes access through firewalls is a FAQ (short answer: use your
>favorite circuit-level relay to pass traffic on port 1352 to your
>notes server), I was looking for a true application level proxy. By
>this I mean a proxy that would UNDERSTAND the protocol Notes uses,
>and allow me the functionality to:


Efficient and effective Notes firewall design best served by
understanding the Notes environment. Notes is a complex application with
granularity of access control from Server/Database/Document down to Field level.

At  the application-level,  Notes provides the most granularity of control. So
much so that
when you try to firewall two networks that include Notes, the network layer is
your weakest link.

NOTES FIREWALL IMPLEMENTATION EXAMPLES


PRIVATE-------N------FW-----N-----INTERNET

  N = Notes Server   FW = Firewall

This would be the typical paradigm followed by firewall experts who are network
layer centric
in their approach. The two Notes servers simply replicate at Port 1352. There
is no direct control
of the external Notes server.


             /----NFW----\
PRIVATE-----<                       >--------INTERNET
             \-----FW-----/

(Private network to two firewalls in parrallel, one network level firewall,
second is  Notes
Firewall)

In this scenario you have a Notes Firewall (pass-thru server) in parallel with
the traditional firewall. The Notes Firewall would be a dual NIC (IP Forwarding
disabled) on an NT or UNIX box .
Security mechanisms within Notes would be utilized. (Client encryption,
Pub/Priv key
authentication, minimized version of Notes NAB on NFW.) No replication or
additional
database management is necessary except  defining access limitations among the
existing
internal servers/databases.

The NFW is a true application-level firewall, Notes being the application. Yes,
you are trusting the security mechanisms (and local implementations.) In some
firewall implementations, are we not trusting FTP data transfers ?

RISK
The risk is equivalent in both scenarios, the management and administration
have only been simplified. For someone to successful attack a Notes environment
they need a copy of your ID
file (stored locally) and know your password.

OUTSIDE OF SCOPE
This scenario excludes the Domino or Notes 4.5 environments. 4.5 provides
mechanisms for anonymous access and Domino permits basic authentication via
HTTP.

Regards,

Joe

Follow-Ups:

Re: Lotus Notes Security
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	RE: SNG multihomed works ? From: Gene Lee <genel @ inforamp . net>
Indexed By Date	Next:	RE: Lotus Notes Security From: firstcat @ lsli . com
Indexed By Thread	Previous:	Lotus Notes Security From: Peter Yau <pyau @ carfax . ims . advantis . com>
Indexed By Thread	Next:	Re: Lotus Notes Security From: Adam Shostack <adam @ homeport . org>