To all at First thanks for any help that you provide.
I would like to setup a passthru server on the internet to allow notes clients to replicate.
My questions are in regards to security
-
What specific ports would I need to open in the firewall? UDP/TCP
-
Is notes encryption really enough, mail file and tcp?
-
What other authentication options are “built” in, or available to increase security, such as secure-id integration , etc
-
What are some experiences with user support, performance avg on a t1, configuration issues , etc…
Once again thanks for the help up front. I am looking at this option rather then a suggested outlook pop3 / smtp setup that is a proposed solution at this time in our environment.
Subject: Port 1352 only. Notes Port Encryption is great. You are authenticating w/
your Notes ID which is about as secure as you can get. The T1 is adequate for replication (all depending on the number of users).
Subject: RE: Port 1352 only. Notes Port Encryption is great. You are authenticating w/
Bill
Thanks for the reply. I just wanted to make sure that was the only port.
I agree it would be hard to get in without a notes ID, but as a manager once put it to me the perception of security sometimes is as important as the security itself.
Now as dumb as that sounded to me as well, when it was told to me, if I wanted to implement a “two factor” -(wrong or right term) authentication, ie secure ID token then the notes client password is there a tool available that does such a thing, in addition to encryption etc that can be “built in” the notes client.
Note: using secure ID as an example.
Subject: Not hard, Impossible to get in w/out a valid XCertified Notes ID.
Notes and Replication w/ Dial Up access has been around since the late 80’s. It is really no different over the internet. I know of no person or group that has successfully broken this schema (without having access to the certifier ID).
Subject: It is two-factor
[if I wanted to implement a “two factor” -(wrong or right term)
authentication, ]
Notes native client access is a two-factor scheme. Factor one: you have a
valid ID file. Factor two: you have the correct password.
They aren’t the same factor, because you can do password & certificate checking
at the server.
Subject: RE: It is two-factor
Thanks everyone for the respone. This is what I wanted to here.