====== Security ======

====Properties====
  * protection against unauthorized physical access to information;
  * bind to the host where the virtual machine is running;
  * external outbound network rules allow communication only with 3 fixed nodes (HTTPS), 2 [[en:h2k:terms#Managing Server|management servers]] (encrypted traffic between Domino servers);
  * external inbound network rules allow only SSH connections to the console;
  * the console authorizes through Open [[https://ru.wikipedia.org/wiki/SSL|SSL]] certificates;
  * the internal firewall repeats the external network rules.

----

====HCL Notes====

The Domino® security model is based on the principle of securing resources, such as the Domino® server itself, databases, workstation data, and documents. The resources or objects that are protected are configured to define user access and edit rights to the object. Information about access rights and privileges is stored with each protected resource. That way, a given user or server can have different sets of access rights depending on the resources to which this user or server needs access.

----

====Creating a BlackBox====

  * Create an image on a [[en:h2k:terms#Clean Machine|clean machine]] ;
  * Transfer of the image to the working site;
  * [[en:h2k:terms#HCL Domino Server|the Domino server ID]] is created on the same clean machine;
  * The initial Domino configuration phase is administered from a neighboring clean machine;

----

====Solution  BlackBox====
===OS===
  * VMware virtual machine;
  * Oracle Linux operating system;
  * The partition is encrypted;
  * On a restart, a partition decryption password is required;
  * Bind to a virtual machine.

===Domino===
  * Server id password;
  * Encryption of the databases used (server id keys;
  * There are only 2 Management Servers cross-certificates in the address book;
  * Encryption of the traffic at the Domino network port level;

----

[[en:h2k:terms#Black box|BB]] has access to only three fixed nodes, which are located on the existing 2 servers and are assembled from the basic source of the node. Anyone can customize the node for himself due to the general availability of its code, and the fact that the BB accesses only the node of the H2K service, ensures that it does not connect to a node that differs from the main one.  So H2K controls the server on which the private keys are located, and all the programs on this server. 

However public nodes can connect to one of the three external fixed nodes, provided that no data is stored on it, so in case of hacking, data leakage will not occur.