Lotus Notes Traveler Server security
Lotus Notes Traveler server might be deployed in DMZ for direct internet access or in intranet accessed through a proxy server. Securing a Lotus NotesTraveler server in these environments is important to ensure both the integrity and the availability of data.
Server access includes:
- Network access
The network access is controlled by a firewall. If the Lotus Notes Traveler server is configured to connect through a Load Balancer or a Proxy server, HTTP and HTTPS Port are enabled on Load Balancer. Enforce HTTPS with a HTTP redirect to HTTPS.
If Lotus Notes Traveler server is configured for direct access from mobile devices by placing it in network de-militarized zone (DMZ), enable only the HTTPS port (443) for external access and disable all other ports.
- User authentication:
Lotus Notes Traveler server provides access to Lotus Notes mail and calendar data using HTTP or HTTPS ports and it is necessary to configure HTTP security to enforce authentication. HTTP authentication can be configured for Domino authentication or an LDAP server. It is also important to plan for single-sign on for establishing trust between Load Balancer or Proxy server and Lotus Notes Traveler server. We describe this topic in detail in 7.2 Configuring single sign-on
- Lotus Notes Traveler server access:
Secure the Lotus Notes Traveler server access by restricting anonymous access, disabling databases browsing, and limiting the administration access to Administrators only. The server access is defined in the Server document as described in 8.4.3 Security tab.
- Lotus Domino application and mail access:
Use access control list (ACL) for restricting unauthorized access to Mail files and Applications on Domino servers. Displaying of Notes Document links in email messages depends on ACL restrictions.
What does IBM do internally?
In the IBM internal implementation of Lotus Notes Traveler, all servers are configured to use SSL so that the communication between the end user devices and the Lotus Notes Traveler servers is encrypted over a HTTPS connection. As the IBM internal Lotus Notes Traveler servers also use an external LDAP directory to authenticate user log in details (rather than the native Lotus Domino directory) the LDAP connection is also secured using SSL to ensure that the user's credentials are also always encrypted.