Инструменты пользователя

Различия

Показаны различия между двумя версиями страницы.

Ссылка на это сравнение

Следующая версия		Предыдущая версия
en:h2k:doc:5 [2023/07/31 08:05] – создано anelen:h2k:doc:5 [2023/07/31 10:38] (текущий) anel
Строка 6: Строка 6:
   * external outbound network rules allow communication only with 3 fixed nodes (HTTPS), 2 [[en:h2k:terms#Managing Server|management servers]] (encrypted traffic between Domino servers);   * external outbound network rules allow communication only with 3 fixed nodes (HTTPS), 2 [[en:h2k:terms#Managing Server|management servers]] (encrypted traffic between Domino servers);
   * external inbound network rules allow only SSH connections to the console;   * external inbound network rules allow only SSH connections to the console;
-  * the console authorizes through Open [[https://ru.wikipedia.org/wiki/SSL|SSL]]certificates;+  * the console authorizes through Open [[https://ru.wikipedia.org/wiki/SSL|SSL]] certificates;
   * the internal firewall repeats the external network rules.   * the internal firewall repeats the external network rules.
  
Строка 13: Строка 13:
 ====HCL Notes==== ====HCL Notes====
  
-The Domino® security model is based on the principle of securing resources, such as the Domino® server itself, databases, workstation data, and documents. The resources or objects that are protected are configured to define user access and edit rights to the object. Information about access rights and privileges is stored with each protected resource. That way, a given user or server can have different sets of access rights depending on the resources to  which this user or server needs an access to.+The Domino® security model is based on the principle of securing resources, such as the Domino® server itself, databases, workstation data, and documents. The resources or objects that are protected are configured to define user access and edit rights to the object. Information about access rights and privileges is stored with each protected resource. That way, a given user or server can have different sets of access rights depending on the resources to which this user or server needs access.
  
 ---- ----
Строка 28: Строка 28:
 ====Solution  BlackBox==== ====Solution  BlackBox====
 ===OS=== ===OS===
-  * VmWare virtual machine;+  * VMware virtual machine;
   * Oracle Linux operating system;   * Oracle Linux operating system;
   * The partition is encrypted;   * The partition is encrypted;
Строка 37: Строка 37:
   * Server id password;   * Server id password;
   * Encryption of the databases used (server id keys;   * Encryption of the databases used (server id keys;
-  * There are only 2 Management Servers cross certificates in the address book;+  * There are only 2 Management Servers cross-certificates in the address book;
   * Encryption of the traffic at the Domino network port level;   * Encryption of the traffic at the Domino network port level;
  
 ---- ----
  
-[[en:h2k:terms#Black box|BB]] has access to only three fixed nodes, which are located on the existing 2 servers and are assembled from the basic source of the node. Anyone can customize  the node for himself due to the general availability of its code, and the fact that the BB accesses only the node of  the H2K service, ensures that it does not connect to a node that differs from the main one.  So H2K controls the server on which the private keys are located, and all the programs on this server. +[[en:h2k:terms#Black box|BB]] has access to only three fixed nodes, which are located on the existing 2 servers and are assembled from the basic source of the node. Anyone can customize the node for himself due to the general availability of its code, and the fact that the BB accesses only the node of the H2K service, ensures that it does not connect to a node that differs from the main one.  So H2K controls the server on which the private keys are located, and all the programs on this server. 
  
 However public nodes can connect to one of the three external fixed nodes, provided that no data is stored on it, so in case of hacking, data leakage will not occur. However public nodes can connect to one of the three external fixed nodes, provided that no data is stored on it, so in case of hacking, data leakage will not occur.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also, you acknowledge that you have read and understand our Privacy Policy. If you do not agree, please leave the website.

More information