Re: Lotus NOTES

From: dsanchez@sanchezsantiago.com
Date: 12/02/02

  • Next message: David Litchfield: "Re: Windows Heap Overflows In General"
    To: "Bruno Mosconi" <bmosconi@fnazca.com.br>
    From: dsanchez@sanchezsantiago.com
    Date: Mon, 2 Dec 2002 08:46:46 -0500
    
    

    Most of the security issues associated with Lotus Notes is due to bad
    implementation, bad setup, and lack of well thought security policies. One
    of the most important pre-implementation tasks is to plan how to manage
    the Lotus PKI (how to create and manage the certifier IDs, how to
    distribute and manage the private keys to users, key recovery, etc.).
    Another major issue many times overlooked is to not take the default
    access control settings for server security, databases, and templates. You
    need to look at each one and adjust them as needed. Proper planning is
    key.

    IBM Redbook - Lotus Notes and Domino R5.0 Security Infrastructure
    Revealed:
    http://publib-b.boulder.ibm.com/redbooks.nsf/RedbookAbstracts/sg245341.html?Open

    Lotus security zone reference of papers and publicly known security
    issues:
    http://www.lotus.com/developers/itcentral.nsf/wDocs/securityzone

    Lotus Development Domain newsletter (look for articles regarding
    security):
    http://www-10.lotus.com/ldd/today.nsf

    Lotus Fix list database (includes the current and planned security fixes
    by version):
    http://www-10.lotus.com/ldd/r5fixlist.nsf

    Bugtraq:
    http://www.securityfocus.com

    Regards,
    Deoscoidy Sanchez

    "Bruno Mosconi" <bmosconi@fnazca.com.br> wrote on 11/28/2002 01:07:34 PM:

    > Does anyone knows a good source of Lotus Notes security
    > issues/holes?
    >
    > []'s Bruno Mosconi
    > F/Nazca S&S - AdverSiting
    >
    > ----------------------------------------------------------------
    > The information transmitted is intended only for the person or entity to
    > which it is addressed and may contain confidential and/or privileged
    > material. Any review, retransmission, dissemination or other use of, or
    > taking of any action in reliance upon, this information by persons or
    > entities other than the intended recipient is prohibited. If you
    received
    > this in error, please contact the sender and delete the material from
    any
    > computer.
    > ----------------------------------------------------------------



    Relevant Pages