| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ Message Integrity and Security - Need Help |
« View previous topic :: View next topic » |
| Author |
Message
|
| muthum_2000 |
 Posted: Thu Aug 14, 2008 12:42 am Post subject: MQ Message Integrity and Security - Need Help |
 |
|
Voyager
Joined: 10 Jul 2006
Posts: 85
|
Guys
In our audit review,the application team received a mail from security services team as below;Iam not getting a clear picture here.Please can you help with your ideas and suggestions...
Mail Details:
The Purpose of the IBM Websphere MQ product is message delivery; not to provide inherent message security or integrity.
Even though every effort is to secure the operational environment for MQ production deployments, it would still be possible for any given message to be tampered with.
If the applications exchanging MQ messages do not include facilities to validate the message contents at time of receipt, for example by including and verifying a secured MAC (Machine Authentication Code), it may be possible that the message contents have been altered.
There is therefore a potential risk to application processing when using MQ, if app do not include some form of message content verification. This risk should be assessed.
Please can anyone suggest what best can be done here. |
|
| Back to top |
|
 |
| David.Partridge |
| Posted: Thu Aug 14, 2008 1:20 am Post subject: |
|
|
Master
Joined: 28 Jun 2001
Posts: 249
|
What they are saying is that MQ of itself doesn't provide any mechanism for detecting message tampering. If you are a bank, for example, you won't be amused if an MQ admin armed with a message editing tool changes a payment message going to SWIFT so that it pays that 100 million dollars to a newly opened off shore bank account rather than to the intended recipient.
Message security typically refers to the ability to read a private message (i.e. can only the intended recipient read the message). This is typically accomplished using data encryption. MQ doesn't address this issue either.
If you are concerned about these risks, there are a number of approaches that can be taken to mitigate them. The choice of which approach to take is a business decision based on balancing the risk of an event and the likely cost to the business of such an event against the cost of mitigating the risk.
There are a number of options available if the business decides that to do nothing is an unacceptable risk.
1) Change the applications so that they send the messages with attached digital signature, or similar, and check the same on message receipt. If privacy is also required, then encryption may be added to the mix. Typically this will mean that the messages are now encoded as either S/MIME or PKCS#7 format messages. This requires the the application designers and developers have a strong cryptography background if you want genuine message integrity.
2) Purchase an add on product which will provide application transparent end to end security for MQ using the same techniques as described in 1) above, but without requiring application changes. As far as I am aware there are only two contenders in this arena:
a) Tivoli Access Manager for Business Integration (TAMBI) which can be purchased separately or as a bundle with MQ as the MQ Extended Security Edition.
b) Primeur Data Secure for WebSphere MQ (DSMQ) http://www.primeur.com/products/data_security/ibm_websphere_ext.html
My personal view is that the latter is the better product for a number of reasons, but I am biased as I used to work for Primeur and designed and wrote most of the end to end security part of their product.
This problem is not just an MQ issue: you also may need to consider how to protect data at rest (e.g. in DB, files) as well as on the move (MQ, FTP etc).
_________________
Cheers,
David C. Partridge |
|
| Back to top |
|
|
| muthum_2000 |
| Posted: Thu Aug 14, 2008 1:40 am Post subject: |
|
|
Voyager
Joined: 10 Jul 2006
Posts: 85
|
| Thankyou very much David for your clear clarification. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Sat Aug 16, 2008 1:42 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
|
| Back to top |
|
|
| JosephGramig |
| Posted: Sun Aug 17, 2008 2:25 pm Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
Well,
SSL on the channels or user exits will/can only secure messages in transit.
Once they are on the queue, they are open to all kinds of inspection and modification.
You should consider encrypting the messages while at rest (which is what you can do with WebSphere MQ Extended Security Edition).
Also, if you have not done something to secure all your inbound channels (no matter what they are named), then your QMGR is open to anonymous administration. If it is, then almost certainly all adjacent QMGRs are also open to anonymous administration. Remember, all QMGRs in an MQ cluster are adjacent.
No matter what, all inbound channels that do no have an exit, should have an MCAUSER set that has only the privileges it needs (like none to the S.A.C.Q).
Security is an advanced topic. You should seek professional assistance.
http://www-128.ibm.com/developerworks/websphere/services/ |
|
| Back to top |
|
|
| muthum_2000 |
| Posted: Sun Aug 17, 2008 7:29 pm Post subject: |
|
|
Voyager
Joined: 10 Jul 2006
Posts: 85
|
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
