An example would be the following:
> Policy Category: Access Control
> Check Name: Access server unrestricted
> Risk Level: Low
> CVE Reference: CVE-NO-MATCH
> Description: Verify that the "Access server" field has been restricted to specific groups and users that should have access to the server.
> Summary: The Access server field specifies which names have specifically been given access to communicate to the server. When the list of names in the Access server field is empty, the server assumes any user not in the deny list is granted access.
> Overview: The "Access server" list specifies which names have specifically been given access to communicate to the server. When the server access list is empty, the server assumes any user not in the deny list is granted access. The server access list works hand in hand with the "Not access server" list and the "Only Allow Access to Users in Directory" (OAAUD) option.
The "Not access server" list will override the "Access server" list. Any user or group listed will be denied access regardless of whether it is also in the "Access server" list.
The "Access server" list will override the OAAUD option. Thus , if the OAAUD option is set, even if a remote server is not listed in the server's directory, if that server is in the "Access server" list it will still be granted access.
Although it is not always necessary, it is recommended that the "Access server" list not be left to allow all user to access the server, but rather be filled out to specify all groups and servers that should have access to the server. This will prevent certain user administration errors from causing an unauthorized user to gain access to the server.
> Recommendation/Fix: To restrict the names allowed access to the server, perform the following steps:
1) Open the Domino Administrator client.
2) Select the menu item "File->Open Server" to access the server to edit.
3) Within the "Configuration" tab click on the "Server" option on the left side of the screen.
4) Under "Server" click on "Current Server Document".
5) Click on the "Security" tab within the server document.
6) Find the "Access Server" list under the "Server Access" section.
7) Enter the groups and servers allowed to access the server.
8) Save the document changes.
As part of a complete database security and compliance program, industry best practices recommend monitoring for known vulnerabilities. Commonly referred to as a compensating control, real-time activity monitoring ensures that databases are protected during the gap in time between discovery of a vulnerability and mitigation of that vulnerability. It is recommended that organizations deploy DbProtect's activity monitoring functionality to ensure the highest level of database security.
> Reference:
IBM Search results - United States
> Version Affected: All versions of Domino Server
The output should be the following:
Policy Cat Risk Level Description Summary Recommendation
======== ======= ======== ======= ============
I plan to import the results in an excel spreadsheet.
Thanks!