Webinar: Security Defenses that Withstand the Test of Time

IIB-Security-Webinar-Banner

Please join AJ Aronoff and me for a Prolifics webinar: IIB: Security Defenses that Withstand the Test of Time

For the last 7 years my security focus has mainly been intrusion prevention.  That’s all the controls you use to keep unauthorized people out of the messaging network.  I’m happy to report that things have improved on that front.  IBM has greatly improved the software and customers are enabling the security controls in record numbers.  (Not that the secured systems are yet in the majority, but it’s MUCH better than before.)

Unfortunately, intrusion prevention is only one part of the story.  A comprehensive security design also includes intrusion detection, forensic capability and incident recovery.  One reason that these are needed is that the state of the art is a moving target.  Attack technology always gets better, defensive technology moves to keep up or stay ahead.  Over time the configuration you implement today gets weaker as the state of the art continues to advance.

This webinar will focus less on the specific controls and more on how to maintain security effectiveness over time.  We will be addressing IBM Information Broker (the software formerly known as WebSphere Message Broker) but since it is built on top of WebSphere MQ the content will also be useful for WMQ admins who do not have IIB.  I hope to “see” you there!

Much thanks to my friends at Prolifics for sponsoring the webinar.

Posted in General | Leave a comment

We’re gonna need a bigger crowd

What not to crowdsource: Specialty training

What not to crowdsource: Specialty training

Crowdsourcing: Collaboration based on the idea that given a sufficiently large pool of talent, it is possible to create a specific deliverable of high quality and in a timely fashion, using donated excess capacity of the crowd.

Some things just don’t crowdsource easily.

At its core, crowdsourcing is a slight twist on that old saw about “You can have it fast, cheap or right.  Pick any two and let me know.”  The twist is that “cheap” has been stipulated as a given and replaced with “crowdsourced.”

You can have it crowdsourced.
You can have it fast.
You can have it right.
Pick any two and get back to me.

But crowdsourcing works great, right?  There’s Wikipedia, Linux, FreeDB and many other examples one can point to of high quality products built by crowds.  But what I’d invite you to do is to consider the one thing where crowdsourcing tends to fall down.

Continue reading

Posted in Security | 4 Comments

Back to consulting

Got WMQ security work?  I’m happy to report I’ll soon be available for consulting engagements!  After a couple of years in WebSphere MQ Product Management, and 6 before that in IBM Software Services, I’ve given notice to IBM and will be available for engagements as of May 13th.

My IMPACT sessions are in process of being reassigned so I’ve adjusted the schedule on the previous blog post.  I left “Meet The Experts” on the schedule, I’ll just be in the audience this time around.  I’ll also be there for the book signing and there are 100 copies printed (including the updated typos) so come by the table Tuesday at Noon.  I believe that Neil Casey will also be in attendance and at the book signing.

The new business is IoPT Consulting.  If you’ve heard of Internet of Things, the name of the business refers to Internet of People & Things.  My biggest gripe with the first wave of IoT devices is that they neglected to consider the people who would use them.  The cool factor of a light switch, door lock, web cam or other device controlled from your phone wears off pretty quick when you have to have 50 apps to control 50 categories of device and they don’t talk to one another.  Of course IoT has no appeal at all when your Internet connection goes dark and the house blue-screens.  I’d like to build an Internet of Things that values the people who own those things and, by the way, WebSphere messaging and MQTT are one of the best ways to do that.

I’ll be available as of May 13 as an independent or, for customers with preferred vendor rosters, through one of several established firms.  I can provide short- or long-term engagements for architecture design, performance tuning, outage resolution, migration, staff augmentation, and of course security.  Lots of security.  Call me for details st 704-443-TROB or see me at IMPACT.

Posted in Events, IBMMQ, IOT, MQTT, News | 5 Comments

Coming to an event near you!

Travel has been working out well lately.  I’ve just sort of been making my own events.  Case in point, I wanted to attend the PDCNYC meeting so I put the word out I’d be available in NYC and immediately got several requests.  And that was just working with a few the IBM account folks.  I didn’t exactly broadcast my availability.

Well, now I am.

IBM will send me pretty much get to anywhere in North America so long as I can meet with two or more customers (but not at the same time).  If I line up 4 or more customers I can visit other continents.  So if you want to meet in person to talk security…or clustering, architecture, high availability, migration, AMS, FTE, MQTT, identity, privacy, Internet of Things, whatever, let me know.  Maybe I can find a few others in your area and we can work something out.

Upcoming trips include:

  • Monday evening, April 8: PDCNYC
  • April 9 – 10: Customer visits, Jersey City/NYC area.
  • April 28 – May 3: IMPACT, Las Vegas (Book signing, Tuesday at Noon.)
  • May 6 – 9: Internet Identity Workshop #16, Mountain View, CA.
Posted in Events, IBMMQ, IOT, MQTT, News, Security | Leave a comment

IMPACT Schedule

It’s that time of year again!  I’ve finally received funding approval to attend IMPACT –  which is good considering how many sessions I’m participating in.  Good news – ITSO has printed 100 copies of Secure Messaging Scenarios with WebSphere MQ and arranged some time to sign them.  I will  have a gel pen to sign your Kindle if you downloaded the digital version.

TSM-2018: Meet the Experts: IBM Messaging
Session Type:  Meet the Experts
Date/Time:  Mon, 29/Apr, 04:00 PM – 05:00 PM
Room:  Venetian – San Polo 3401 (Zone D)
——————————————

Secure Messaging Scenarios with WebSphere MQ
Session Type: Book Signing
Date/Time:  Tue, 1/May, 12:00 PM – 1:00 PM
Room: Conference Book Store
——————————————

BPB-3218: Better Access Control and Security Using a Single Portal
Session Type:  Birds of a Feather
Date/Time:  Wed, 1/May, 12:00 PM – 12:45 PM
Room:  Venetian – Lando 4301B
Co-presenter(s):  Peter D’Agosta, Avada Software
——————————————

TSM-2018: Meet the Experts: IBM Messaging
Session Type:  Meet the Experts
Date/Time:  Thu, 2/May, 08:45 AM – 09:45 AM
Room:  Venetian – San Polo 3401 (Zone D)
——————————————

 

Posted in Events, IBMMQ, Publications, Security | Tagged , , , , , , , , | Leave a comment

It’s time for sensible password security standards in the PCI-DSS

LOCKEDPasswords are the keys to the Internet kingdom.  Sure, there are certificates that identify sites and provide the basis for TLS encryption, but it is the user ID and password that authenticate you almost everywhere you log on to something.  The implication is that the service you log on to must have a way to validate that the password you provide today matches the one you provided when you signed up or at your last password change.  But many network sites and services fail to protect those passwords properly and that significantly compounds the damage in the event of a breach.  To mitigate the potential damage, the PCI Data Security Standard (PCI-DSS) requires passwords to be encrypted.  Although this sounds good on its face, the standard fails to account for the bi-lateral nature of passwords.  As a result, assessments are more complex and expensive and the systems assessed often less secure because of it, not more.  The changes I propose would decrease the cost of compliance while improving the level of security. Continue reading

Posted in General | 1 Comment

Meetup in NYC or San Fran?

I’m headed to New York next week to visit some customers and to attend the Hursley Comes to You event at the NY/NJ User’s Group.  I have some open time on the 18th and the 20th if you are in the area and want to talk about WMQ, AMS, FTE (now MFT) on the topics of security, migration, upgrades, architecture or whatever.  I’m your representative in the Product Management team so tell me what works, what doesn’t and where you want the products to go.  In return I can give some presentations, help diagnose or fix problems, or advise on plans for your next big WMQ project.

Same deal if you are in the San Francisco bay area the week of the 25th.  I haven’t received travel approval for this trip yet but one or two more customer visits will lock it in.

What can you expect on these visits?  In one recent case a customer had locked down most of their channels but through a misunderstanding of CHLAUTH and MCAUSER had inadvertently left the entire network open to anonymous remote admin access.  It took us less than 5 minutes to discover that.  Since they had thought the security implementation had been completed, there were no plans to invest any more time or money in remediation.  They’d moved on to other things.  Once we had a chance to chat, they realized there was more work to do and are busy closing up the remaining holes we discovered.

In another case I worked with a customer to show how they could simplify their architecture by consolidating overlapping clusters, removing unnecessary alias queues and using generic authorization profiles.  This took a bit longer than 5 minutes.  About 30, if I remember correctly.  However, they are now spending much less time on administration and troubleshooting cluster issues.

Not in New York City or San Francisco?  As a product manager, I’m happy to come by for a site visit in the US or Europe.  If I can arrange to meet with one or two other customers while I’m in the area, I can usually get travel approval.

Contact me at…

Voice: 720-395-6997
email: t.rob.wyatt@us.ibm.com

Posted in Events, IBMMQ | Tagged , | Leave a comment

WMQ Training for Beginners

The email stream lately has included many requests for training suitable for beginners new to WebSphere MQ.  This is good because it implies new customers or a larger community of developers and admins.  My pages here are organized as more of a reference index and I realized they don’t necessarily meet this particular need.  I may put up a “New to MQ?” page at some point but in the meantime, I thought it might be helpful to capture the email and my response. Continue reading

Posted in General | 3 Comments

Configuring WebSphere MQ Error log sizes

No, not *that* kind of tuning!

I’ve been keeping a running blog post of questions and answers from the WebSphere MQ Admin seminar this week in Amsterdam, but the more I researched this topic, the longer the answer became.  Eventually, it spilled over into its own post.

It turns out that the behavior and controls have changed from version to version and even across Fix Packs.  That means after applying a fix Pack or upgrading to a new version, things might break.  For a new QMgr it won’t “break” anything but it might not behave as expected if you set the parameters based on the old version.  Here then is the story of the many facets of error log size tuning.

Continue reading

Posted in Events, IBMMQ | Tagged , , , , , , , , , , | 7 Comments

Notes from the WSMQAdmin seminar

This post is a running capture of Q&A from the WebSphere MQ Admin seminar in Amsterdam, brought to you by WebSphere Insights and Nastel.

Welcome to Amsterdam and thanks for attending!  I will continue to update it throughout the week rather than posting once per day, so feel free to bookmark the page and refresh from time to time.  Please also feel free to contact me directly and I’ll either help you out or find someone who can.  Looking for photos?  On to the Q&A…

Continue reading

Posted in Events, IBMMQ | Tagged , , , , , , | Leave a comment