This page contains links to content that I have authored or contributed to in some way and links to the sites of friends with similar interests in WebSphere MQ security.
MQ Tech conference v2.0.17
MQ Automation: Config Management Using Baselines, Patterns and Apps
Take the grunt work out of MQ configuration management for virtualization, cloud, and large networks by applying a layered approach. This session will introduce the concept of building an MQ configuration from a baseline, then defining a class of service with a pattern layer, and finishing off with application configurations. This modular approach dramatically improves consistency, quality, and flexibility while greatly reducing cost. In compliance environments it provides a definitive as-specified configuration to which the as-running state can be reconciled at intervals or in near-real time. A basic script framework for implementing this system will be reviewed as well.
MQ Automation: Config Management using Amazon S3
The central server needed to set up an MQ configuration Management system turns out to be a consistent showstopper, but with a few pennies and a few scripts you can use Amazon Simple Storage. This session introduces scripts that automate QMgr builds with a local shell script that queries a flat-file configuration database stored in the cloud. It’s dirt cheap and super simple yet can reduce the time and cost of building MQ nodes while improving quality and consistency.
Note: I created a dedicated user for the conference and am supplying the ID and key in the session materials. Download the slides so you can cut-and-paste the commands to install the AWS metadata files.
Note: I created a dedicated user for the conference and am supplying the ID and key in the session materials. Download the slides so you can cut-and-paste the commands to install the AWS metadata files.
MQ CHLAUTH and Password Authentication Research
Links to the research, findings, and tools for the research into behavior of MQ’s password-based authentication and CHLAUTH behavior in MQ v8.0 and v9.0.
- Executive Summary
- Detailed Findings [Pending blog post]
- Test result matrix as a Google Sheet (No login required)
- Test result matrix as a PDF on Google Drive (No login required)
- Test result matrix as a PDF direct download
- Test result matrix as an Excel sheet direct download
- Tools on GitHub repository
MQTC 2.0.16
- Build and Operate Your Own MQ Center of Mediocrity
- Check list of top MQ security outstanding bugs/issues/gotchas
- Security bugs.issues.gotchas session video on YouTube
MQTC 2.0.15
My sessions and the downloadable files from the MQTC conference 27 September 2015.
- Beyond Intrusion Prevention
- Managing CA Certs for MQ
- Advanced scripting with MQSCX – Zip with presentation and scripts.
Presentations
Internet of Things
- Let’s Get Cirrus about Personal Clouds – Opening remarks at VRM Day prior to IIW October 2013
Webspherere MQ v8.0
- What I did on my summer vacation (in Hursley) – Notes from IBM’s workshop closing out the V8.0 Early Access Program
- WMQ Toolbox: 20 Scripts, One-liners, & Utilities for UNIX & Windows – Admin and productivity tools for MQ using the command line
- Build and Operate Your Own Certificate Management Center of Mediocrity – How to run an internal CA on the cheap and reasons why not to do so
- Security Requirements Questionnaire – A very high level list of bullet points of things to think about when designing an MQ security architecture.
WebSphere MQ v7.1 & v7.5 content
- Better access control and security using a single portal – Birds of a Feather session with Pete D’Agosta from Avada Software, from IMPACT 2013
- WebSphere MQ: Securing Your QMgr – Session #1577 from IMPACT 2012
(Base hardening) - WebSphere MQ: Securing Your Messages – Session #1578 from IMPACT 2012 (AMS)
- Secure Universal Messaging: Five WMQ v7.1 Security Use Cases – Session #1869 from IMPACT 2012 (AJ Aronoff, Prolifics & T.Rob, IBM)
- WMQ 7.1 Security deeper dive – Slides from the Global WebSphere Community webcast 8th December, 2011. Video replay here.
- What’s New in WMQ V7.1 – Mark Taylor’s presentation from WSTC 2011
- WMQ v7.1 Security Deeper Dive (Slides or Screencast) – My presentation from the Global WebSphere Community Webinar, Nov 2011
- WebSphere MQ v7.1 Security Lab – The lab guide and scripts from the 2011 WSTC conference. (Updated 20111012)
WebSphere MQ v6.0 and v7.0 content
- WMQ Security Lab from IMPACT 2011 – Security Lab guide and scripts for WMQ v6.0 and v7.0. See above for the lab guide and scripts for v7.1.
- WMQ End-to-End Security – Intro to the new WMQ Advanced Message Security product that provides encryption of messages at rest, auditing of message receipt and more. WMQ AMS is the successor to WMQ Extended Security Edition. This session is from the 2010 European WebSphere Technical conference.
- Hardening WebSphere MQ Security – The presentation from the 2011 IMPACT conference.
- WebSphere MQ Security Questionnaire – Tool to drive out requirements for designing your WMQ security solution.
- WMQ Security for QSA’s – Presentation deck for the PCIKnowledgebase.com webinar.
- WMQ Enterprise Security: A Series of Defenses to Withstand the Test of Time – I collaborated on this presentation with AJ Aronoff of Prolifics
Articles
- Renewing WebSphere MQ Certificates – WebSphere User Group
- Mission:Messaging: Easing administration and debugging with circular queues
- Mission:Messaging: End-to-end encryption with WebSphere MQ Advanced Message Security
- Mission:Messaging: Using a Windows service to start WebSphere MQ File Transfer Edition client agents
- Mission:Messaging: Understanding WebSphere MQ authorization and the setmqaut command
- Mission:Messaging: WebSphere MQ cluster design and operation
- Mission:Messaging: Ten WebSphere MQ SupportPacs I can’t live without
- Mission:Messaging: Scripted WebSphere MQ key file management for UNIX and Windows
- Mission:Messaging: Circular logs vs. linear logs
- Meet the experts: WebSphere MQ high availability and disaster recovery
- Meet the experts: WebSphere MQ best practices
- Securing WebSphere MQ File Transfer Edition V7
- Mission:Messaging: Planning for SSL on the WebSphere MQ network
- Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster
- Mission:Messaging: Embracing cultural change in the WebSphere MQ community
- Mission:Messaging: WebSphere MQ, PCI DSS, and security standards
- Mission Messaging: Of Mice and Elephants
- Mission:Messaging: If your queue manager could talk, would you hear it?
- WebSphere MQ security heats up
Note that SYSTEM.MQEXPLORER.REPLY.MODEL.QUEUE should be SYSTEM.MQEXPLORER.REPLY.MODEL in the article. - What you didn’t know you didn’t know about WebSphere MQ security
- Running a standalone Java application on WebSphere MQ V6.0
White Papers
- White Paper: IBM Websphere MQ Security
The first in a series of white papers discussing IBM Websphere MQ security has been released by Martyn Ruks of MWR InfoSecurity. This paper is listed here because I provided “ongoing insight and advice”.
Books
- Secure Messaging Scenarios with WebSphere MQ – An IBM Redbooks publication
Authors: T.Rob, Glenn Baddeley, Neil Casey, Long Nguyen, Jørgen H. Pedersen, Morten Sætra - WebSphere MQ Security: Tales of Scowling Wolves and Unglamorous Sheep
By Johannes Böhm-Mäder with foreword by T.Rob
Pingback: MQTC Sessions and downloads posted | Store and Forward
Pingback: Is Your Sarbanes-Oxley Certification Sound? | Tek Tips Blogs