This page contains links to content that I have authored or contributed to in some way and links to the sites of friends with similar interests in WebSphere MQ security.
MQ CHLAUTH and Password Authentication Research
Links to the research, findings, and tools for the research into behavior of MQ’s password-based authentication and CHLAUTH behavior in MQ v8.0 and v9.0.
- Executive Summary
- Detailed Findings [Pending blog post]
- Test result matrix as a Google Sheet (No login required)
- Test result matrix as a PDF on Google Drive (No login required)
- Test result matrix as a PDF direct download
- Tools on GitHub repository
- Build and Operate Your Own MQ Center of Mediocrity
- Check list of top MQ security outstanding bugs/issues/gotchas
- Security bugs.issues.gotchas session video on YouTube
My sessions and the downloadable files from the MQTC conference 27 September 2015.
- Beyond Intrusion Prevention
- Managing CA Certs for MQ
- Advanced scripting with MQSCX – Zip with presentation and scripts.
Internet of Things
- Let’s Get Cirrus about Personal Clouds – Opening remarks at VRM Day prior to IIW October 2013
Webspherere MQ v8.0
- What I did on my summer vacation (in Hursley) – Notes from IBM’s workshop closing out the V8.0 Early Access Program
- WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows – Admin and productivity tools for MQ using the command line
- Build and Operate Your Own Certificate Management Center of Mediocrity – How to run an internal CA on the cheap and reasons why not to do so
- Security Requirements Questionnaire – A very high level list of bullet points of things to think about when designing an MQ security architecture.
WebSphere MQ v7.1 & v7.5 content
- Better access control and security using a single portal – Birds of a Feather session with Pete D’Agosta from Avada Software, from IMPACT 2013
- WebSphere MQ: Securing Your QMgr – Session #1577 from IMPACT 2012
- WebSphere MQ: Securing Your Messages – Session #1578 from IMPACT 2012 (AMS)
- Secure Universal Messaging: Five WMQ v7.1 Security Use Cases – Session #1869 from IMPACT 2012 (AJ Aronoff, Prolifics & T.Rob, IBM)
- WMQ 7.1 Security deeper dive – Slides from the Global WebSphere Community webcast 8th December, 2011. Video replay here.
- What’s New in WMQ V7.1 – Mark Taylor’s presentation from WSTC 2011
- WMQ v7.1 Security Deeper Dive (Slides or Screencast) – My presentation from the Global WebSphere Community Webinar, Nov 2011
- WebSphere MQ v7.1 Security Lab – The lab guide and scripts from the 2011 WSTC conference. (Updated 20111012)
WebSphere MQ v6.0 and v7.0 content
- WMQ Security Lab from IMPACT 2011 – Security Lab guide and scripts for WMQ v6.0 and v7.0. See above for the lab guide and scripts for v7.1.
- WMQ End-to-End Security – Intro to the new WMQ Advanced Message Security product that provides encryption of messages at rest, auditing of message receipt and more. WMQ AMS is the successor to WMQ Extended Security Edition. This session is from the 2010 European WebSphere Technical conference.
- Hardening WebSphere MQ Security – The presentation from the 2011 IMPACT conference.
- WebSphere MQ Security Questionnaire – Tool to drive out requirements for designing your WMQ security solution.
- WMQ Security for QSA’s – Presentation deck for the PCIKnowledgebase.com webinar.
- WMQ Enterprise Security: A Series of Defenses to Withstand the Test of Time – I collaborated on this presentation with AJ Aronoff of Prolifics
- Renewing WebSphere MQ Certificates – WebSphere User Group
- Mission:Messaging: Easing administration and debugging with circular queues
- Mission:Messaging: End-to-end encryption with WebSphere MQ Advanced Message Security
- Mission:Messaging: Using a Windows service to start WebSphere MQ File Transfer Edition client agents
- Mission:Messaging: Understanding WebSphere MQ authorization and the setmqaut command
- Mission:Messaging: WebSphere MQ cluster design and operation
- Mission:Messaging: Ten WebSphere MQ SupportPacs I can’t live without
- Mission:Messaging: Scripted WebSphere MQ key file management for UNIX and Windows
- Mission:Messaging: Circular logs vs. linear logs
- Meet the experts: WebSphere MQ high availability and disaster recovery
- Meet the experts: WebSphere MQ best practices
- Securing WebSphere MQ File Transfer Edition V7
- Mission:Messaging: Planning for SSL on the WebSphere MQ network
- Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster
- Mission:Messaging: Embracing cultural change in the WebSphere MQ community
- Mission:Messaging: WebSphere MQ, PCI DSS, and security standards
- Mission Messaging: Of Mice and Elephants
- Mission:Messaging: If your queue manager could talk, would you hear it?
- WebSphere MQ security heats up
Note that SYSTEM.MQEXPLORER.REPLY.MODEL.QUEUE should be SYSTEM.MQEXPLORER.REPLY.MODEL in the article.
- What you didn’t know you didn’t know about WebSphere MQ security
- Running a standalone Java application on WebSphere MQ V6.0
- White Paper: IBM Websphere MQ Security
The first in a series of white papers discussing IBM Websphere MQ security has been released by Martyn Ruks of MWR InfoSecurity. This paper is listed here because I provided “ongoing insight and advice”.
- Secure Messaging Scenarios with WebSphere MQ – An IBM Redbooks publication
Authors: T.Rob, Glenn Baddeley, Neil Casey, Long Nguyen, Jørgen H. Pedersen, Morten Sætra
- WebSphere MQ Security: Tales of Scowling Wolves and Unglamorous Sheep
By Johannes Böhm-Mäder with foreword by T.Rob
- Keys Botzum – Keys is very active in the WebSphere Application Server community and has been instrumental in improving security both in the product and in the field. Keys is a contributor ot the WAS Security Blog.
- Martyn Ruks – Martyn publishes security research on the MWR Infosecurity web site.
- Tom Schneider – Tom is an IBM colleague who is very knowledgeable about MQ security and the guy I go to with my mainframe questions. I’ve linked to his articles from the WebSphere MQ page.