This makes the very broad assumption that Notes access control
mechanisms all work perfectly, and that there are no bugs in the notes
servers, such as buffer overflows.
A true Notes Firewall would understand the protocol, take requests
from one side, possibly authenticate them*, and ensure the requests
are protocol compliant before passing them through. You don't want a
complete Notes environment on the machine; its too big.
* You might want to require authentication at the firewall, although
thats a lot of extra CPU work for the public key based mutual
authentication. Authorization at the firewall requires the firewall
to have an understanding of the database structure, which to my mind
is too much potential for information leakage.
(Also, Notes (v4.0 I think; it was a while ago) does not seem to
enforce good passphrase requirements. This may be site configurable.)
Adam
Joseph .
Cupano @
ey .
com wrote:
| Efficient and effective Notes firewall design best served by
| understanding the Notes environment. Notes is a complex application with
| granularity of access control from Server/Database/Document down to
| Field level.
|
| At the application-level, Notes provides the most granularity of
| control. So
| much so that
| when you try to firewall two networks that include Notes, the network layer is
| your weakest link.
| In this scenario you have a Notes Firewall (pass-thru server) in parallel with
| the traditional firewall. The Notes Firewall would be a dual NIC (IP Forwarding
| disabled) on an NT or UNIX box .
| Security mechanisms within Notes would be utilized. (Client encryption,
| Pub/Priv key
| authentication, minimized version of Notes NAB on NFW.) No replication or
| additional
| database management is necessary except defining access limitations among the
| existing
| internal servers/databases.
|
| The NFW is a true application-level firewall, Notes being the application. Yes,
| you are trusting the security mechanisms (and local implementations.) In some
| firewall implementations, are we not trusting FTP data transfers ?
|
| RISK
| The risk is equivalent in both scenarios, the management and administration
| have only been simplified. For someone to successful attack a Notes environment
| they need a copy of your ID
| file (stored locally) and know your password.
|
| OUTSIDE OF SCOPE
| This scenario excludes the Domino or Notes 4.5 environments. 4.5 provides
| mechanisms for anonymous access and Domino permits basic authentication via
| HTTP.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
