This page contains links to content that I have authored or contributed to in some way and links to the sites of friends with similar interests in WebSphere MQ security.
Email notification list
New! You can now subscribe to receive email notifications when this page is updated, when there is significant security news or when an article on some aspect of WebSphere MQ security is published. The old list was lost when I changed hosting providers and I apologize for the inconvenience. I am now using TinyLetter to prevent that from happening again. I will not sell or share your address with anyone.
Presentations
WebSphere MQ v7.1 & v7.5 content
- Better access control and security using a single portal – Birds of a Feather session with Pete D’Agosta from Avada Software, from IMPACT 2013
- WebSphere MQ: Securing Your QMgr – Session #1577 from IMPACT 2012
(Base hardening) - WebSphere MQ: Securing Your Messages – Session #1578 from IMPACT 2012 (AMS)
- Secure Universal Messaging: Five WMQ v7.1 Security Use Cases – Session #1869 from IMPACT 2012 (AJ Aronoff, Prolifics & T.Rob, IBM)
- WMQ 7.1 Security deeper dive – Slides from the Global WebSphere Community webcast 8th December, 2011. Video replay here.
- What’s New in WMQ V7.1 – Mark Taylor’s presentation from WSTC 2011
- WMQ v7.1 Security Deeper Dive (Slides or Screencast) – My presentation from the Global WebSphere Community Webinar, Nov 2011
- WebSphere MQ v7.1 Security Lab – The lab guide and scripts from the 2011 WSTC conference. (Updated 20111012)
WebSphere MQ v6.0 and v7.0 content
- WMQ Security Lab from IMPACT 2011 – Security Lab guide and scripts for WMQ v6.0 and v7.0. See above for the lab guide and scripts for v7.1.
- WMQ End-to-End Security – Intro to the new WMQ Advanced Message Security product that provides encryption of messages at rest, auditing of message receipt and more. WMQ AMS is the successor to WMQ Extended Security Edition. This session is from the 2010 European WebSphere Technical conference.
- Hardening WebSphere MQ Security – The presentation from the 2011 IMPACT conference.
- WebSphere MQ Security Questionnaire – Tool to drive out requirements for designing your WMQ security solution.
- WMQ Security for QSA’s – Presentation deck for the PCIKnowledgebase.com webinar.
- WMQ Enterprise Security: A Series of Defenses to Withstand the Test of Time – I collaborated on this presentation with AJ Aronoff of Prolifics
Articles
- Renewing WebSphere MQ Certificates – WebSphere User Group
- Mission:Messaging: Easing administration and debugging with circular queues
- Mission:Messaging: End-to-end encryption with WebSphere MQ Advanced Message Security
- Mission:Messaging: Using a Windows service to start WebSphere MQ File Transfer Edition client agents
- Mission:Messaging: Understanding WebSphere MQ authorization and the setmqaut command
- Mission:Messaging: WebSphere MQ cluster design and operation
- Mission:Messaging: Ten WebSphere MQ SupportPacs I can’t live without
- Mission:Messaging: Scripted WebSphere MQ key file management for UNIX and Windows
- Mission:Messaging: Circular logs vs. linear logs
- Meet the experts: WebSphere MQ high availability and disaster recovery
- Meet the experts: WebSphere MQ best practices
- Securing WebSphere MQ File Transfer Edition V7
- Mission:Messaging: Planning for SSL on the WebSphere MQ network
- Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster
- Mission:Messaging: Embracing cultural change in the WebSphere MQ community
- Mission:Messaging: WebSphere MQ, PCI DSS, and security standards
- Mission Messaging: Of Mice and Elephants
- Mission:Messaging: If your queue manager could talk, would you hear it?
- WebSphere MQ security heats up
Note that SYSTEM.MQEXPLORER.REPLY.MODEL.QUEUE should be SYSTEM.MQEXPLORER.REPLY.MODEL in the article. - What you didn’t know you didn’t know about WebSphere MQ security
- Running a standalone Java application on WebSphere MQ V6.0
White Papers
- White Paper: IBM Websphere MQ Security
The first in a series of white papers discussing IBM Websphere MQ security has been released by Martyn Ruks of MWR InfoSecurity. This paper is listed here because I provided “ongoing insight and advice”.
Books
- Secure Messaging Scenarios with WebSphere MQ – An IBM Redbooks publication
Authors: T.Rob, Glenn Baddeley, Neil Casey, Long Nguyen, Jørgen H. Pedersen, Morten Sætra - WebSphere MQ Security: Tales of Scowling Wolves and Unglamorous Sheep
By Johannes Böhm-Mäder with foreword by T.Rob
Friends
- Keys Botzum – Keys is very active in the WebSphere Application Server community and has been instrumental in improving security both in the product and in the field. Keys is a contributor ot the WAS Security Blog.
- Martyn Ruks – Martyn publishes security research on the MWR Infosecurity web site.
- Tom Schneider – Tom is an IBM colleague who is very knowledgeable about MQ security and the guy I go to with my mainframe questions. I’ve linked to his articles from the WebSphere MQ page.
Pingback: Is Your Sarbanes-Oxley Certification Sound? | Tek Tips Blogs