Tag Archives: commentary

PCI zone and non PCI zone in same DataPower box

I’ve been having PCI Déjà vu lately.  It seems the same questions keep coming up over and over.  One strategy for compliance that is nearly ubiquitous is to segregate the PCI data from the rest of the network.  In practical terms, … Continue reading

Posted in General, WMQ Security | Tagged , , , , , , | 4 Comments

Guest blogger @ WebSphere User Group

Ben Wen and I were invited to be guest bloggers at WebSphere User Group this month so the post I was planning for this space was hijacked! You can read it at WebSphere User Group posted as The Invisible Threat.

Posted in News, Publications, WMQ, WMQ Security | Tagged , , , , , , , , | Leave a comment

WebSphere MQ – Coming soon to an audit near you!

The June 29 episode of The Deep Queue is finally up!  Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday.  Although I’ve … Continue reading

Posted in DeepQueue, Podcast, WMQ Security | Tagged , , , , , , , , , | Leave a comment

Choosing a PCI DSS Auditor? Does WMQ awareness count?

James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice.  I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ.  Or JMS.  Or “message … Continue reading

Posted in General, News, WMQ Security | Tagged , , , , , | Leave a comment

The Deep Queue – Episode #6: The Myth of the Trusted Internal Network

In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth.  Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend … Continue reading

Posted in DeepQueue, Podcast, WMQ, WMQ Security | Tagged , , , , , , , | 1 Comment

SSL certificate irony

I happened across Doug Munsinger’s post about refreshing WMQ SSL certificates.  On the one hand, it’s good to know someone else out there is using SSL with WMQ.  On the other hand, the certificate problem on Doug’s web site overshadows … Continue reading

Posted in WMQ, WMQ Security | Tagged , , , , , | 5 Comments

WebSphere MQ security heats up

developerWorks article WebSphere MQ Security heats up from November 2007. Are your MQ channels as secure as they should be? What you need to know about recent developments in IBM® WebSphere® MQ security and, more importantly, what you need to … Continue reading

Posted in Errata, News, Publications, WMQ, WMQ Security | Tagged , , , , , , , , | 29 Comments