Tag Archives: security

Cluster security

Well, the residency to write the new WebSphere MQ Security book is past the halfway point and we are working diligently to finish up on time. I’m happy to say that one of my favorite new security topics is covered … Continue reading

Posted in Events, IBMMQ, News, Publications, WMQ Security | Tagged , , , , , , , , , , | 1 Comment

Thoughts on certificate sharing

The topic of certificate sharing keeps popping up as of late so I wanted to address it here.  The main objection to certificate-based crypto seems to be the administrative overhead.  After having scripted up certificate management for several customers, I … Continue reading

Posted in IBMMQ, MQ AMS, WMQ Security | Tagged , , , , , , , , , , , | Leave a comment

PCI zone and non PCI zone in same DataPower box

I’ve been having PCI Déjà vu lately.  It seems the same questions keep coming up over and over.  One strategy for compliance that is nearly ubiquitous is to segregate the PCI data from the rest of the network.  In practical terms, … Continue reading

Posted in General, WMQ Security | Tagged , , , , , , | 4 Comments

Guest blogger @ WebSphere User Group

Ben Wen and I were invited to be guest bloggers at WebSphere User Group this month so the post I was planning for this space was hijacked! You can read it at WebSphere User Group posted as The Invisible Threat.

Posted in IBMMQ, News, Publications, WMQ Security | Tagged , , , , , , , , | Leave a comment

WMQ Security bulletin site

Been wondering how to know if your WMQ is up to date for security patches?  Wonder no more!  Just go visit the Security Bulletin for WebSphere MQ page.  The Recommended Fixes page lists all of the Fix Packs and from … Continue reading

Posted in IBMMQ, News, WMQ Security | Tagged , , , , , , , , , , , | Leave a comment

WebSphere MQ – Coming soon to an audit near you!

The June 29 episode of The Deep Queue is finally up!  Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday.  Although I’ve … Continue reading

Posted in DeepQueue, Podcast, WMQ Security | Tagged , , , , , , , , , | Leave a comment

New WMQ Channel vulnerability and interim fix announced

The IBM Internet Security Systems XForce team recently announced a buffer overflow vulnerability in WebSphere MQ client channels.  According to the release, the vulnerability includes the possibility of remotely executing arbitrary code or “causing the application to crash.”  It is … Continue reading

Posted in IBMMQ, News, WMQ Security | Tagged , , , , | Leave a comment

Deep Queue #11: Security breaches are not news?

The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast.  The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether … Continue reading

Posted in DeepQueue, IBMMQ, Podcast, WMQ Security | Tagged , , , , , , | Leave a comment

WANTED DEAD OR ALIVE: WMQ Security exits

As you know, there are some security functions in WebSphere MQ that require an exit.  By now everyone should be familiar with BlockIP2, the well known channel security exit.  But there are a couple of other requirements that a channel … Continue reading

Posted in IBMMQ, WMQ Security | Tagged , , , , , | 2 Comments

Wrapping up IMPACT 2009

Well, this is the last day of IMPACT. It’s always lightly attended as many folks take Friday as a travel day. I have one more session this morning though. It’s the WMQ ESE introduction. Overall the WMQ security sessions were … Continue reading

Posted in Events, General, IBMMQ, News | Tagged , , , , , , , , | Leave a comment