| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| Is WebSphere MQ the unprotected system ? |
« View previous topic :: View next topic » |
| Author |
Message
|
| Volodya |
 Posted: Tue Apr 26, 2005 3:28 am Post subject: |
 |
|
Novice
Joined: 04 Mar 2004
Posts: 22
Location: Moscow
|
I agree. BlockIP2 does not check password.
But I am satisfied completely by BlockIP2 work  because:
1.BlockIP2 check connections based on IP addresses.
2.BlockIP2 check UserID. I make option "CON=102.25.4.35;myuser;" and have response "2005-04-26|15:00:42|Connection refused, Channel [SYSTEM.ADMIN.SVRCONN] ConName [102.25.4.35] User [myuser] was not accepted" or "Connection accepted"
3.Ours servers and administrator workstations are reliably protected by own passwords.
_________________
Vladimir Makushkin, WebSphere MQ administrator |
|
| Back to top |
|
 |
| RogerLacroix |
| Posted: Tue Apr 26, 2005 7:14 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
I work mainly for companies in the financial area (banks, insurance,etc..). When I go to a company site, it never takes me longer than a hour to get full access to a production queue manager unless they have some sort of 'authenticating' solution in place.
I go to the VP's office for a demo, plug my laptop into the network and then connect to the queue manager. If you are using BlockIP with those rules then I fire up a Spoofing IP software and set my MQ UserID to yours or an MQ Admin's UserID and voila, I'm in.
For those companies that actually block outside laptops from connecting into their network, then I walk around looking for an unlocked PC with the software on a disk. When I find an unlocked PC, I sit down and run my software and voila I'm in.
Besides pissing-off the MQ people and embrassing their VP, I get well paid to prove a point that: their MQ is insecure.
BlockIP is better than nothing. But anyone with average knowledge of MQ and IP spoofing can easily pretend to be something/someone they are not.
My point is be very careful, how you sell your solution to your management. Given the fact that my wife is bugging me to get a contract or 2 in Europe, Russia, etc., you would not want me to show up and show that I broke your 'secure' solution in 20 minutes!!
Regards,
Roger lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| Volodya |
| Posted: Wed Apr 27, 2005 5:42 am Post subject: |
|
|
Novice
Joined: 04 Mar 2004
Posts: 22
Location: Moscow
|
BlockIP is our first step to MQ security.
Next step is Capitalware's MQ Authenticate User Security Exit solution.
I tested yours solutions and they quite satisfy us.
I want hope that we shall make this second step in this year.
Third step is end-to-end MQ security (my dream). 
_________________
Vladimir Makushkin, WebSphere MQ administrator |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
