Tag Archives: WMQ Security

Choosing a PCI DSS Auditor? Does WMQ awareness count?

Posted on January 26, 2009 by T.Rob

James DeLuccia’s post about choosing a PCI DSS QSA auditor has some good advice.  I would add to his list a criteria one of my own: the auditor should at least know how to spell WMQ.  Or JMS.  Or “message … Continue reading

Posted in General, News, WMQ Security | Tagged , , , , , | Leave a comment

Signed C&C messages? What a novel idea!

Posted on January 8, 2009 by T.Rob

I’ve been saying for a while now that Command and Control messages to be signed.  It’s a question of authentication.  When you pass a message to perform an administrative action, what assurance do you have that the message got to … Continue reading

Posted in IBMMQ, News, WMQ Security | Tagged , , , , , , , | Leave a comment

The Deep Queue – Episode #6: The Myth of the Trusted Internal Network

Posted on January 1, 2009 by T.Rob

In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth.  Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend … Continue reading

Posted in DeepQueue, IBMMQ, Podcast, WMQ Security | Tagged , , , , , , , | 1 Comment

WMQ File Transfer Edition launched

Posted on December 7, 2008 by T.Rob

I’ve been haunting the Vienna MQ list server for long enough to have seen the topic of moving files over MQSeries, and later WebSphere MQ, raise it’s ugly head on many occasions.  I say “ugly” because creating a general-purpose program … Continue reading

Posted in IBMMQ, MQMFT, News | Tagged , , , , | 1 Comment

Updated script templates

Posted on October 22, 2008 by T.Rob

The script templates for locking down admin access have been updated for WMQ v7 to include topics. I’ve also added additional comment lines, a change log and fixed a couple of typos. The new versions are an update to the … Continue reading

Posted in Errata, IBMMQ, Publications, WMQ Security | Tagged , , | 4 Comments

Puzzled by WMQ vulnerability advisory

Posted on October 2, 2008 by T.Rob

Well, I knew this one was out there but never looked at the CVE for it – there is a memory corruption vulnerability in the WebSphere MQ ( CVE-2007-6044) that is network exploitable.  What I can’t figure out is why … Continue reading

Posted in General, IBMMQ, WMQ Security | Tagged , , , , , , | Leave a comment

The Deep Queue – Episode #3: Ethical Administration

Posted on September 29, 2008 by T.Rob

In this episode of The Deep Queue I propose something I’m calling “ethical administration”.  Most people have heard of ethical hacking – doing what the bad guys do on behalf of and in cooperation with the good guys.  Ethical administration … Continue reading

Posted in DeepQueue, Podcast, WMQ Security | Tagged , , , | 2 Comments

The Deep Queue – Episode #2: Security Best Practices and FIPS

Posted on September 14, 2008 by T.Rob

I just uploaded the second episode of The Deep Queue.  This episode expands on my recent Mission:Messaging column and also discusses some nuances of working with FIPS compliance in WebSphere MQ.  The next episode is scheduled for October 6th.  Between … Continue reading

Posted in DeepQueue, Podcast, WMQ Security | Tagged , , | 3 Comments

The Deep Queue – Episode #1: PCI-DSS and WMQ

Posted on August 25, 2008 by T.Rob

The first episode of the new Deep Queue podcast is online!  In this episode I introduce the podcast for a few minutes and then talk about a discussion that I had with some guys from the IBM Retail group.  The … Continue reading

Posted in DeepQueue, WMQ Security | Tagged , , | Leave a comment

See you in Barcelona!

Posted on August 1, 2008 by T.Rob

I just found out my travel has been approved for IBM’s Transaction & Messaging Technical Conference coming up this November in Barcelona!  I seem to have inherited ownership of the High Availability presentation which I certainly do not mind.  I … Continue reading

Posted in Events, IBMMQ | Tagged , , , , , , | 3 Comments