Firewalls: Re: Lotus Notes Servers

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Lotus Notes Servers
From:	Larry Chin <Larry_Chin @ ca . cch . com>
Date:	Wed, 30 Jul 1997 11:00:37 -0400 (EDT)
To:	firewalls @ greatcircle . com, jle9 @ eci-esyst . com

| This question is to anyone who can shed some light on the positioning of
| lotus notes servers and the firewall. We are planning to install a
| notes server located both on the outside of the firewall and on the
| inside. We have vendors that need to post to the server from the
| internet. After they dump their data to this server it is then
| retrieved by the inside notes server. At first I was told this was a
| 'pull' technology from the inside server, now I am being told it is a
| 'push'  from the outside...is this not a security hazzard. What if a
| 'hacked' applet or other virus makes it way through the f/w. I will be
| using a pass thru proxy that CyberGuard provides, but I don't think
| this is sufficient protection. Where should the servers be located? Any
| comments or help is greatly appreciated...
|         jle9 @
 eci-esyst .
 com   
| 

Push or Pull doesna matter, it just depends on who initiates the
transfer, the server inside the firewall ( pull ) or the server outside
( push ) - either way the data gets replicated.

So, for what it is worth, if I had to do this ( and I am in the
process of doing this ) what I would do is the following.

- one server on the outside of the firewall - accessible from the 'Net
- main server on the inside protected by the firewall
- replicate between the servers a couple of times a day by a dial up line
- clean up your external databases daily

This way you have complete control of:
- which server talks to which server and when
- to an extent what data is externally availble ( daily clean up )
-  You can even inspect all the information posted to the external
   server before you replicated, if you really wanted to, via some
   sort of virus/macro scanner.

In addition there is no direct LAN type connection between the servers,
only a dial up line that is only used to replicate between the two
servers, hence the business of the proxy becomes moot.

As to hacked applets and the like, I think that with the setup
described above that common sense in executing any attachements would
suffice, that and some sort of virus/macro scanner executed on all
the external data prior to replication. 

The only thing I am not 100% sure of is whether or not there exists a
virus/macro scanner that would detect stuff within a Notes database.
anybody ?

Hope this helps.

Indexed By Date	Previous:	Re: (related, but off-topic) Networking Profession... From: Ng Pheng Siong <ngps @ post1 . com>
Indexed By Date	Next:	user-agent information From: "Michael L. Welles" <mike @ onshore . com>
Indexed By Thread	Previous:	Lotus Notes Servers From: "Jerry Edmiston" <jle9 @ eci-esyst . com>
Indexed By Thread	Next:	Java Applet Scanner From: "Jerry Edmiston" <jle9 @ eci-esyst . com>