Book description
The differences between well-designed security and poorly designed security are not always readily apparent. Poorly designed systems give the appearance of being secure but can over-authorize users or allow access to non-users in subtle ways. The problem is that poorly designed security gives a false sense of confidence. In some ways, it is better to knowingly have no security than to have inadequate security believing it to be stronger than it actually is. But how do you tell the difference? Although it is not rocket science, designing and implementing strong security requires strong foundational skills, some examples to build on, and the capacity to devise new solutions in response to novel challenges. This IBM® Redbooks® publication addresses itself to the first two of these requirements. This book is intended primarily for security specialists and IBM WebSphere® MQ administrators that are responsible for securing WebSphere MQ networks but other stakeholders should find the information useful as well.
Chapters 1 through 6 provide a foundational background for WebSphere MQ security. These chapters take a holistic approach positioning WebSphere MQ in the context of a larger system of security controls including those of adjacent platforms' technologies as well as human processes. This approach seeks to eliminate the simplistic model of security as an island, replacing it instead with the model of security as an interconnected and living system. The intended audience for these chapters includes all stakeholders in the messaging system from architects and designers to developers and operations.
Chapters 7 and 8 provide technical background to assist in preparing and configuring the scenarios and chapters 9 through 14 are the scenarios themselves. These chapters provide fully realized example configurations. One of the requirements for any scenario to be included was that it must first
be successfully implemented in the team's lab environment. In addition, the advice provided is the cumulative result of years of participation in the online community by the authors and reflect real-world practices adapted for the latest security features in WebSphere MQ V7.1 and WebSphere MQ V7.5. Although these chapters are written with WebSphere MQ administrators in mind, developers, project leaders, operations staff, and architects are all stakeholders who will find the configurations and topologies described here useful.
The third requirement mentioned in the opening paragraph was the capacity to devise new solutions in response to novel challenges. The only constant in the security field is that the technology is always changing. Although this book provides some configurations in a checklist format, these should be considered a snapshot at a point in time. It will be up to you as the security designer and implementor to stay current with security news for the products you work with and integrate fixes, patches, or new solutions as the state of the art evolves.
Table of contents
- Front cover
- Notices
- Preface
- Chapter 1. Introduction
- Chapter 2. What is security
- Chapter 3. Authentication and authorization
-
Chapter 4. Connection-level security
- 4.1 Architecture
- 4.2 Authentication
- 4.3 Identity resolution
- 4.4 Binding authentication to authorization
- 4.5 Default CHLAUTH rules
- 4.6 Provisioning access
- 4.7 Upgrade and migration
- 4.8 Access control lists
- 4.9 Authorizing topics
- 4.10 Authorizations that grant administrative access
- 4.11 Common mistakes
- Chapter 5. Message-level security
-
Chapter 6. WebSphere MQ security controls
- 6.1 Overview
-
6.2 Operating system and file system resources
- 6.2.1 File system as the root of trust in the server
- 6.2.2 Restrict file system access
- 6.2.3 Restrict access to mqm home directory and tools
- 6.2.4 Limit access to the mqm user ID
- 6.2.5 mqm group membership
- 6.2.6 Files and directories
- 6.2.7 Fully specified names in mqm cron job scheduler
- 6.2.8 Do not administer WebSphere MQ as root
- 6.2.9 Protection of WebSphere MQ backups
- 6.2.10 Increase the size of error logs
- 6.2.11 Archiving error logs
- 6.2.12 Isolation of staging environments
- 6.2.13 Protect user-provided executables
-
6.3 Queue manager local resources
- 6.3.1 Define a system dead letter queue
- 6.3.2 Considerations for dead-letter queue handler
- 6.3.3 Enable event messages
- 6.3.4 Restrict access to remote clustered queues
- 6.3.5 Do not disable WebSphere MQ authorization checks
- 6.3.6 Generic authorization profile names
- 6.3.7 PROCESS and SERVICE objects should use explicit paths
- 6.3.8 Run the command server only when it is needed
- 6.3.9 Limited use of trigger monitors
- 6.3.10 Minimal authority on SYSTEM objects
- 6.3.11 Object names
- 6.3.12 Realistic attribute values
-
6.4 Channels, transmission queues, and communications
- 6.4.1 Use channel authentication rules
- 6.4.2 Disable all incoming SYSTEM channels
- 6.4.3 Always specify a low-privileged MCAUSER
- 6.4.4 Avoid use of put authority context on channels
- 6.4.5 Do not enable automatic channel definition
- 6.4.6 Avoid using a default transmission queue
- 6.4.7 Avoid use of SERVER channels
- 6.4.8 Restrict access to transmission queues
- 6.4.9 Increase message retry on channels
- 6.4.10 Use the managed listener
- 6.4.11 Specify local address on outbound channels
- 6.4.12 Usage of port numbers
- 6.4.13 Queue manager to queue manager versus clients
- 6.4.14 Separate channels for application messaging
- 6.5 Queues and other objects
- 6.6 Applications using WebSphere MQ
-
6.7 Recent changes
- 6.7.1 Dedicated cluster transmission queues
- 6.7.2 WebSphere Message Broker default configuration wizard
- 6.7.3 MCA interception for clients
- 6.7.4 RFC 5280 certificate validation policy
- 6.7.5 FIPS compliance on SSL/TLS and AMS
- 6.7.6 New CipherSpecs and CipherSuites
- 6.7.7 NSA Suite B support
- 6.7.8 Distinguished Encoding Rules in SSLPEER and SSLCERTI
- 6.8 Procedural considerations
-
Chapter 7. Operating system specifics
-
7.1 IBM z/OS
- 7.1.1 WebSphere MQ security management
- 7.1.2 TLS/SSL certificate and key repository management
- 7.1.3 Queue sharing groups
- 7.1.4 Channel types have additional values of PUTAUT
- 7.1.5 Separating put and get authority
- 7.1.6 Publish/subscribe security
- 7.1.7 Certificate sharing in a queue sharing group
- 7.1.8 RESLEVEL security
- 7.2 IBM i
- 7.3 Microsoft Windows
-
7.1 IBM z/OS
-
Chapter 8. Scenario preparation
- 8.1 Overview
- 8.2 Servers and network topology
- 8.3 Operating systems and infrastructure software
- 8.4 Operating system configuration
- 8.5 WebSphere MQ installation and configuration
- 8.6 Other software installation and configuration
- 8.7 Naming standards and conventions
- 8.8 Certificate authorities
- 8.9 OCSP responder
- 8.10 LDAP server to host CRLs
- 8.11 WebSphere MQ (CMS) keystores
- 8.12 Other certificate tools
-
Chapter 9. Scenario: WebSphere MQ administration
- 9.1 Scenario overview
-
9.2 Implementing the scenario
- 9.2.1 Preparing the operating system user IDs and groups
- 9.2.2 Creating the queue manager and listener
- 9.2.3 Authorizing queue manager and system objects to enable remote WebSphere MQ Explorer
- 9.2.4 Defining application objects and limited administration authority
- 9.2.5 Providing authority to display all objects
- 9.2.6 Defining a channel for anonymous remote WebSphere MQ Explorer
- 9.2.7 Defining a secure channel for remote administration roles
- 9.2.8 Creating a key repository for queue manager
- 9.2.9 Generating the queue manager certificate and adding it to the key repository
- 9.2.10 Creating a key repository for users
- 9.2.11 Generating the user certificates and adding them to the key repository
- 9.2.12 Building the Java keystore files for users of WebSphere MQ Explorer
- 9.2.13 Setting up the WebSphere MQ Explorer workstation
- 9.3 Configuring WebSphere MQ Explorer for the anonymous administration role
- 9.4 Configuring WebSphere MQ Explorer for a limited administration role
- 9.5 Configuring WebSphere MQ Explorer for a full administration role
- 9.6 Summary
- Chapter 10. Scenario: Securing IBM WebSphere MQ connections to connect a business partner
-
Chapter 11. Scenario: Fine-grained cluster security
- 11.1 Scenario overview
- 11.2 Authorizing access using the authority context of user IDs
- 11.3 Authorizing access using queue manager name mapping
- 11.4 Using SSL for mutual authentication
- 11.5 Authorizing access with X.509 DN mapping
- 11.6 Authorizing access with X.509 and IP address mapping
- 11.7 Considerations for large clusters
- 11.8 Summary
- Chapter 12. Scenario: CRL/OCSP certificate revocation
- Chapter 13. Scenario: End-to-end security using WebSphere MQ AMS
- Chapter 14. Scenario: WebSphere MQ AMS revocation checking
- Appendix A. Working with the itsoME message exit
- Appendix B. Additional tooling for WebSphere MQ Internet pass-thru
- Appendix C. Certificate administration techniques and special WebSphere MQ security checks
- Appendix D. Additional material
- Related publications
- Back cover
Product information
- Title: Secure Messaging Scenarios with WebSphere MQ
- Author(s):
- Release date: November 2012
- Publisher(s): IBM Redbooks
- ISBN: 9780738437408
You might also like
book
WebSphere MQ Primer: An Introduction to Messaging and WebSphere MQ
The power of IBM® WebSphere® MQ is its flexibility combined with reliability, scalability, and security. This …
book
IBM WebSphere MQ V7.1 and V7.5 Features and Enhancements
This IBM® Redbooks® publication is divided into four parts: Part 1 introduces message-oriented middleware and the …
book
WebSphere MQ in a z/OS Parallel Sysplex Environment
This IBM Redbooks publication looks at the latest enhancements to WebSphere MQ for z/OS and shows …
book
Using WebSphere Message Broker V8 in Mid-Market Environments
IBM WebSphere® Message Broker is a lightweight, advanced enterprise service bus (ESB) that provides a broad …