|Professional Services||Second Signal||Presentations||Andrew's Blog||Support|
Between working on our Lotusphere Security Jump-Start with Gabriella Davis and doing a recent "Penetration Test" at a client site, I have been reminded of some really important steps that all Notes users should be taking to ensure their private stuff remains private. The thing is, if I start blogging the steps I take to poke into things I shouldn't, I risk providing the mental munitions that could fuel our own form of "script-kiddies" in the Notes world. I have no desire to do that.
Nothing I'm talking about here represents a product vulnerability. In fact, I usually start a security review or a penetration test with the point that if the product is used as intended, I should get nowhere. It's stable and secure. In practice, however, convenience and expediency lead to compromises and configurations that leave vulnerability. This is the same in any environment and with any product.
Without talking at all about what I did or didn't find at any particular client site -- because that would be completely unprofessional -- I've been giving some real thought to putting a short whitepaper together listing in detail the things any healthy Notes based organization should be looking at. If I start down those roads, I risk giving out some really easy to try techniques.
You tell me. Would you take the attitude that since some people already know it, everyone should be told to make the point about protecting yourself? Would you keep a distribution list tight and just try to encourage IT departments to pay more attention? Where do you stand?
Please wait while your document is saved.