Big news for security in IBM Connections

IBM Connections has a strong representation in the market of collaboration. As IBM Notes & IBM Domino have a long history in the collaboration market you can also imagine that lots of customers who are already using IBM Notes and/or IBM Domino also have IBM Connections in their infrastructure. IBM Domino can also act as an LDAP server and as we need an LDAP server also in the IBM Connections infrastructure it is for most organizations logical to use their IBM Domino environment as their LDAP supplier for IBM Connections.

But I have always lived with the assumption that all other internet protocols then HTTP which are supported by IBM Domino where vulnerable to Brute Force/ Dictionary attacks as there was not yet any configuration possibility with IBM Domino. Until last week a good friend called Christoph Stoettner contacted me on skype and told me that he had an issue on a customer site with logging in users and after some deduction and reasoning he had to conclude that the assumption of only the HTTP protocol which was protected by this Brute Force/ Dictionary attack setting in IBM Domino was a miss assumption !

Most probably you think this is all about IBM Domino why is it so big for IBM Connections. Well as I already stated in the start of my post. IBM Connections has a strong representation as a product with customers who are already running a collaboration stack of IBM called IBM Domino. So because of that it is very big news. Christoph Stoettner has already blogged about it last Friday on his blog (check it out here). So keep an eye on this post which protocols within IBM Domino are and aren’t protected but LDAP is one of the protected ones for sure so that’s good news !