Notes/Domino Security, An Administrator's Guide: book review

I recently received an advertisement for the book Notes/Domino Security, An Administrators Guide, published by the technical journal The View. The book lists at $195. My first thought on seeing the ad was: Why pay for information that is already available for free on the Internet? There are many well-known places to find articles about Notes/Domino security, including:

• Domino 6 Administration Guide
• Lotus security page
• DominoSecurity.org (my site)
• SearchDomino.com
• IBM Redbooks on this topic
• Lotus Technical Library

But I thought the book deserved a fair chance, so I reviewed a copy. The 200-page book contains nine articles, most of which originally appeared in issues of The View. Despite the plethora of free information on the Web, this book is a worthwhile purchase for Domino/Notes administrators and security professionals. The View prides itself on providing in-depth treatment of technical topics that go beyond what you can find for free. In this case, they have delivered.

• X.509 Certificates for SSL and S/MIME
• Securing Your SMTP Infrastructure in Domino
• Secure Remote Access to Your Domino Infrastructure
• An IT Security Policy: What Every Hacker Does Not Want You to Have
• A Security Audit for Your Notes/Domino Installation
• Agents in Notes/Domino 6: A Comprehensive Preview
• Secure Ways to Change the Apparent Sender in Agent-Generated Mail
• Configuring ECLs for Improved Security and Administration
• Domino Controller and Domino Console, Secure Remote Access

The lead piece about X.509, SSL and S/MIME covers some of the same ground as my own S/MIME article, which Lotus links to from its security home page. The article in The View (written by Andrew Wharton) goes beyond the e-mail topics I addressed and also covers SSL for server authentication, how to create a key ring, and setting up your own Certificate Authority. Wharton's treatment provides a broader treatment than my article. (I should point out that both articles are a few years old and need to be updated for R6.)

The article about agents is written by Julie Kadashevich. Readers of the Notes.net discussion boards recognize Julie as one the principal developers of the Domino Agent Manager and, as such, she frequently answers posts on this topic. I suspect that everything Julie says in this article can be found elsewhere for free, but the article does a good job of pulling together many agent topics in one place.

The article on conducting a security audit also hit close to home, since I spend a good part of my consulting life delivering this service. This article is thorough and covers many of the areas I also look at when auditing an organization. But I disagree somewhat with the article's philosophy, since it keeps referring the reader back to the organization's security policy document. This sounds fine in theory, but the reality is that most organizations do not have any written security policy, much less a comprehensive one. So telling the reader to "determine whether Configuration document settings and controls are in compliance by checking your company's Corporate Messaging Policies document" is a bit circular. Domino sites want specific guidance about how to set up the complex Domino server configuration document, not a pointer to go read something they have not yet written. Despite this, the article does provide a good overview of the areas to address during a Domino/Notes security review.

In summary, I recommend this book for Domino administration professionals. If the book saves you just one hour of server configuration headache, it will pay for itself. Besides, anyone working in this field is probably spending company money on this type of resource, so ask your boss to pony up. I predict the book will help you enough to make it worth the price.

For more info on The View on Notes/Domino Security: An Administrator's Guide – eview.com

Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes.

Do you have comments on this tip? Let us know.

Please let others know how useful it is via the rating scale below. Do you have a useful Notes/Domino tip or code to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Domino Secure Lotus Notes 8 with the Internet password lockout feature Troubleshoot Lotus Notes Out of Office (OOO) agent error messages A batch file for Lotus Notes Domino maintenance on Windows Server 2003 Avoid Lotus Notes Domino email archiving ACL issues with AdminP Send pop-up admin messages to Lotus Notes users from Domino Server Protect Lotus Notes from malicious code with the Domino ECL Update to Exchange Server 2003 Connector for Lotus Notes Synchronize LinkedIn contacts with Lotus Notes Domino Eight best practices for running BlackBerry Enterprise Server on Lotus Notes Domino Setting up Rooms and Resources in Lotus Notes Domino 7 Spam and Security Securely connect Lotus Domino servers on different domains Protect Lotus Notes from malicious code with the Domino ECL How to correct Lotus Notes public key mismatches in four easy steps A recipe for secure IM success Telecommuter security kit Spear phishing: Don't be a target FAQ: Lotus Notes Domino password issues Security awareness training: How to educate employees about spyware Seven tips to strengthen your Domino e-mail security Admin2005 preview: Tips, techniques, and a look at Notes/Domino Rel. 7 Lotus Notes Domino Antispam Software and Spam Filtering LotusScript agent moves tagged spam email to junk mail folder Limit the size of incoming email attachments to a Lotus Domino server Stop spam on BlackBerry mobile devices Online crime as ugly as ever Putting a stop to incoming spam on Lotus Notes 6.5 Image-based spam scams on the rise Image spam paints a troubling picture McAfee products vulnerable to code execution flaw A recipe for secure IM success How to protect Lotus Domino Server from spam blacklists RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.