Lotus Security Handbook

An IBM Redbooks publication

Published 08 April 2004

cover image

ISBN-10: 0738498467
ISBN-13: 9780738498461
IBM Form #: SG24-7017-00
(706 pages)

More options

Rate and comment

Authors: William Tworek, George Chiesa, Frederic Dahm, David Hinkle, Amanda Mason, Matthew Milza, Amy Smith

Contributing companies: dotNSF (TM)


This IBM Redbooks publication provides best practices and guidance for building a secure collaboration infrastructure utilizing IBM Lotus technologies. It is the third Lotus security oriented book to be published. However, unlike the previous two Redbooks in this series, “The Domino Defense: Security in Lotus Notes 4.5 and the Internet” (SG24-4848) and “Lotus Notes and Domino R5.0 Security Infrastructure Revealed” (SG24-5341), this third book focuses not just on Notes/Domino - but on all IBM Lotus collaborative products, as well as general security best practices for any infrastructure. This book should be considered essential reading for anyone responsible for Lotus technology based applications, systems, and infrastructures.

The book is broken into four main parts:
Part 1 introduces the basic concepts related to security, and then covers a number of methodologies for architecting and deploying security from beginning to end in an organization.
Part 2 delves into the specific concepts and components involved in a secure infrastructure. This includes discussions about security zoning, single sign-on (SSO), public key infrastructures (PKI), and directory strategies.
Part 3 discusses the specific security features in the latest versions of Lotus products. Detailed security features of Lotus Notes and Domino 6, Sametime 3, QuickPlace 2.08, Domino Web Access (iNotes), WebSphere Portal, and other IBM/Lotus collaborative technologies are all discussed.
Part 4 provides a real-life scenario demonstrating the secure implementation of Lotus collaborative technologies, following the guidelines and best practices provided in the first three parts of this book.

It is assumed that the reader has a good understanding of the basic concepts involved with the Lotus Notes and Domino security model and a basic understanding of the principles of IT security. For a general overview of Notes and Domino security, the reader can refer to the book, “Lotus Notes and Domino R5.0 Security Infrastructure Revealed” (SG24-5341), available for download at:

NOTE: Also available for download via the "additional material" link in the right-hand corner of this abstract page is the Microsoft PowerPoint presentation from the recent Redbooks Lotus Single Sign-On Solutions webcast, which was based on the SSO content from this book.

Table of contents

Part 1. Security concepts introduced
Chapter 1. Fundamentals of IT security
Chapter 2. Security methodologies
Part 2. Building a secure infrastructure
Chapter 3. Secure infrastructure requirements
Chapter 4. Security components and layers
Chapter 5. Proxies
Chapter 6. Public key infrastructures
Chapter 7. Single sign-on
Chapter 8. Directory strategies
Chapter 9. Server hardening
Part 3. Security features of Lotus products
Chapter 10. The Notes/Domino security model
Chapter 11. Domino/Notes 6 security features
Chapter 12. Security features of other Lotus products
Part 4. A secure scenario
Chapter 13. Sample scenario described
Chapter 14. Scenario implementation details
Appendix A. Debugging with a protocol analyzer
Appendix B. A sample DSAPI program
Appendix C. Domino 6 HTTP plug-in hints and tips

Follow IBM Redbooks

Follow IBM Redbooks