Is Domino more secure than Exchange?

HCL Domino Domino Forum
1

I have been working for a Microsoft solutions provider for the past 6 months (non technical) and had a conversation with the technical director about Notes (Domino) and exchange.

The director told me that their exchange server had been broken into recently and that this was a normal occurance for them. I stated that domino normally doesn’t get hacked, but if it does, it’s because of configuration error or a vulnerability with the operating system.

I do not know the details of the break ins (sorry) but I would like to believe that the solution provider knows their microsoft products!

In this case, was I correct with my response?

2

Subject: Is Domino more secure than Exchange?

In theory, any product that incorporates security features should be secure. Therefore, the answer isn’t that Domino is “more secure”, just that it has less bugs and loopholes for people to exploit.

Additionally, the key issue here is that it is exploitation. People don’t like M$ but M$ products are everywhere and, therefore, there’s many more Exchange servers so the chances of finding one managed by a naive administrator that is unpatched or not configured properly is higher.

I’ve found many Domino servers in my career being used as relays or with admin passwords set to “password” or running versions of Domino known to have serious bugs. However, based on MicroSofts market share, for every one of those Domino servers, there’s a hundred Exchange servers.

People (usually script kiddies or idiots) will try and hack anything. You only have to look at the incoming traffic on a home-users ADSL line to see that - it’s opportunism. In fact, just for an example, I’ve just checked the logs on my ADSL router at home. In the last 24 hours it’s stopped 59 Denial Of Service attacks on a Dynamic IP not hosting anything of great importance…

Steve

3

Subject: Where do you get the idea that there are “many more Exchange servers”?

Domino has beat out Exchange almost every year in sales, so I am not sure why you would believe this, except that Microsoft acts like they are #1 in everything. There are plenty of reasons why Microsoft is a tempting target, but it certainly isn’t because there are more Exchange servers and therefore more opportunity.

4

Subject: RE: Is Domino more secure than Exchange?

While overall Steve’s argument is correct, there are some specific issues which make Domino more secure.

Domino’s directory is central to everything that happens on Domino, it controls (& integrates) security and is a ver well designed system. All other Lotus components of Domino are extremely well integrated with far less security flaws than MS’s.

If you were to look at MS’s development platform(s) you will find that it is made up of many disparate components without one central and integral security component. This conecpt leaves many gaps … and is also responsible for so many incompatible versions of MS software. In contrast there are few gaps in the Lotus software … any version of Notes client works with any server. They are all backward and forward compatible. This too affects security.

There are many articles written on the subject and most point to the superiority of Domino in terms of security.

Bizhan

5

Subject: RE: Is Domino more secure than Exchange?

This is an abstract take on the issue of security - yes, there are ways into anything, and yes, you can configure a domino server to be open; the iomportant and practical difference is, you have to choose to make it that way. In the Exchange world, many choices are made for you by default which leave you with an open server - mostly because Exchange relies on other modules and products to do it’s work. These modules come from all over the MS product list and hence the vulnerabilities are cumulative: run Exchange and have Outlook clients and, despite the fact that Outlook isn’t part of the Exchange install CD, you will have a vulnerable system.

Notes is, by contrast, very much more secure, and always has been. Local encryption of files; encrypted transport; two-way authentication of rights to access servers; 7 different levels of user access to files; there are so many ways that Notes has been right in this respect - and not just right now as a late breaking kludged-up addon: right since 1991.

There’s another way to look at the word “secure”: I had to do a terrorist attack restore of a Notes server back in the mid 90’s in Manchester, England. Thanks to the Notes data model and mobile replicaiton, I was abck up within 1 working day: something that Exchange admins in all sizes of business still dream about. Restoring Exchange mail servers is an abstract exercise in highly advanced Windows Server OS reconstruction - including licencing, domain accounts, server security contexts, and all the rest.

Restoring a Notes server is a matter of reading the NSFs off the tape; that’s it. Where disaster recovery and heavyweight restores at short notice are an issue, Notes wins over Exchange hands down.

Lastly, the idea that Exchange has more market share doesn’t wash: the last time I looked at an Industry survey, the two were neck and neck in terms of user seats (about 80 million each). I suspect the distribution of seats versus company size might be different, with more Exchange servers in smaller companies, but that ain’t market share, and I’m reasonably sure the Exchange houses have a large ‘iceberg’ of people who have never moved forward off version 5.5 (or NT4!)

Anyone who wants to discuss Disaster Recovery restores with Notes can reach me at cassidy@well.com - advert over!

Steve

6

Subject: what’s missing is a really good independant assessment to cite

We know security in Notes is inherent. We know there have been NO worms, NO virus, etc. that use the notes client or domino server to spread. Even trojans that users must click on to run, which generate their own SMTP engines to spread are less common.

We also know it takes days to recover a problem with a single file in an exchange system, during which everyone – every single user – is offline.

BUT, I see no IDC or GARTNER study showing downtime per year due to malware or failure in a realistic or unbiased comparison.

WE know how it will turn out – but it doesn’t seem to have been done.

I wish IBM had the intestinal fortitude to allow such a study instead of worrying about the potential backlash.

–Andrew

7

Subject: Yes, I would think so…

Yes, I guess you answered truthfully. I would have done so the same way, based on my experiences so far:1. Even proper working security is only as good as it’s settings. Neither a super secure linux system is safe when it is not properly configured. The reason for too lax security settings is usually that too stringent will break many things.

  1. All Microsoft products are tightly integrated into the OS, which is great for ease of use and terrible in terms of security.

  2. You are right, the OS on which the product runs will also greatly determine security.

  3. Microsoft Windows was (as once said by one of their developers) “never designed with security in mind”. Windows is suffering from this bad architectural design, as anybody can see picking up a newspaper. My personal opinion is, that windows is inherently untrustworthing and unsecure and with it all applications that tightly integrate with it and use it’s security model.

Your answer was very modest and diplomatic, not directly saying that Domino is inherently more secure, but that it also could be compromised if improperly configured.

I do believe that Lotus Domino is more secure than Exchange, since security was and is a important cornerstone of Lotus Domino, having had a long long time to grow strong.

A system has to be planned for security for the very beginning, later addons are not effective.

This can be seen when on the example of linux and windows and their origins:

Linux: Originated from Unix, a multiuser largely scalable secure system, properly designed by engineers with versatility and stableness in mind. Built from the very start for professional use.

Windows: windows 3.11 (or should I say dos?) which was single user, no security whatsoever, very little scalability, no multitasking. Built by marketing geeks for looks and ease of use. Built for home use and focused on new features instead of perfectionating old ones.

8

Subject: Oh. You go Markus…

  • I may bash Lotus/Domino/Notes mercilessly, but they DO have security right. Markus hits the head on the nail pretty squarely.- One thing that’s implied, but never explicitly stated, is that Domino also has a more sane security configuration right out of the box. Sure, MickeySawft can be made pretty secure, but its default, which too many people use, makes swiss cheese look bulletproof. Even raising MickeySawft’s security to Domino’s default requires a bit of knowledge and effort.

  • Point 2 that Markus makes is, in my mind, the greatest security threat with MickeySawft. Everything uses ActiveX (which has no effective security) to link to everything else, with little or no restrictions, and no way to prevent anything from loading any ActiveX control to compromise whatever it wants. Just to make sure it’s as insecure as possible, any ActiveX control can modify anything in the system that the user (who is typically admin in winbloze) has rights to update, EVEN THE OPERATING SYSTEM. Terrifying, from a security perspective.

  • So an e-mail from SexChange can launch an ActiveX control to overwrite the TCP/IP stack with a data logger, transparently. Next reboot on that workstation … total compromise. Domino simply will not allow that to happen without the user making one or more silly mistakes, at the minimum. This TCP/IP stack overwrite is precisely how some malware functions … look it up.

  • So yes, Domino is considerably more secure than SexChange, unless a lot of effort is put into configuring the latter properly. NO effort must be put into Domino to make “reasonably” secure.

  • And your answer was much more politic than I will ever be (wry grin)…

9

Subject: If you are going to snipe at them…

At least pick real targets. What we use now, and what’s even in large shops who haven’t updated since 1996, is nothing whatsoever like Windows 3.11, and picking that as if it represented the installed base is shuffling the deck in your favour. Windows NT was based on Digital VMS, which is a good deal younger and professionally designed for professionals, than was UNIX. UNIX was designed as a first try by engineers, and there’s no guarantee that the first try is the right answer. Personally, I still miss security features which were present and usable in VMS in 1988, and which neither Linux nor the Windows product line have re-introduced since (but Notes has).

The security holes in “Windows” mostly devolve from fitting home user priorities on top of an industrial strength security system - making mention of Windows 3.11 just leaves the door open for people to shoot you down in flames…

10

Subject: RE: If you are going to snipe at them…

The state the obvious: Of course nobody is still using win3.11 and neither did I imply so. The professional experience I have is based on Windows NT, 2k and all the things I said refer to it.

I just said, where these OS come from and in my experience that dictates how much they can evolve. Now to me windows seems something that was tried to see how it works, we’ll add on features as we see need for them

NT and 2k (and XP too) got a lot of professional influx that is not from win3.11 of course, but not thanks to Microsoft.

In my view, and I have studied Microsoft and their strategies extensibly, they are a consumer company and produce products for that clientele. It boggles my mind of how pathetic some features are still today and am glad whenever I don’t have to work on the even so good NT kernel based system (nonexistant logging, funky process management and reboot-o-rama)

The best thing they could do is tear it down and start from scratch, which some real good architectural thinking this time.

Max OS X benefited great time from this clean up.