Did you remember to lock your car?

Image

We’ve all done it. You have driven your car to a car park, walked away, and then had a momentary pang of doubt about whether you locked your car. It has become second nature to lock your car. To keep it secure. The car even locks the doors itself when it is in motion. But when you park it and walk away, that’s when the uncertainty comes in, and also when your car is most vulnerable.

It is the same with your enterprise messaging. What happens when you use a product like WebSphere MQ to send a message across your enterprise? Well, of course, what is happening is the application takes some data and packages it in the contents section of a message structure, along with some header information to describe the message and the destination. The message is then dispatched. All in all that’s pretty similar to you getting in your car and driving to the shops to buy something like food for dinner, or presents for a birthday. There is a destination and something of value to be transferred. With a car, you have to park in a space in a car park. With messaging, instead of a car park you have a queue manager and queues.

Messages start in an application and a MQ Client packages the information to be moved into a message. This then is sent to a queue manager, to be written into a queue. According to the destination or other information, the message is then sent on to either another queue, another queue manager, or to the destination client application.

As far as securing the message goes, when the message is moving between the client application and the queue manager, then the MQ resources are secured by MQ built-in security definitions and the message and contents itself is secured while moving over the ‘wire’ by use of SSL. However while the message is encrypted by SSL as it moves, once it reaches the queue manager, and is written to the queue, it is unencrypted and thus sits on the queue without any encryption. Thus if the system with the queue manager is penetrated, the messages on the queues are available in the clear. This is the same as parking your car in a ‘secure car park’ but leaving the car unlocked as the car park is secure. Would you do that? I’m pretty sure I wouldn’t.

Now what would we like to happen? What would be smart would be a routine that ensured our car was locked, pretty much at all times unless people wanted to get in and out of it – subject to key rules – such as ensuring people could actually get out or in when they needed. For messages we would want to make sure the message contents were secure at all times, including when sitting in queues, but would continue to be available to the receiving applications, and of course would still expose the header information needed for routing etc.

What IBM offers for WebSphere MQ is WebSphere MQ Advanced Message Security, which is also available as part of the entitlement of WebSphere MQ Advanced. This is a policy-based encryption capability which allows message contents to be encrypted from sending application to receiving application. So the contents are encrypted while it flows over the network and while it sits in intermediary queues. The applications are unchanged, with just updated client libraries to be used. And the security is based on policies, so different rules might apply for different message contents, or different queue managers. After all there are some times when you have to leave your car unlocked. So I’m pretty sure you have rules for securing your car. Isn’t it about time you had rules for securing your messages?

Image

 

Advertisements

Tags: , , , , , , , , ,

8 Responses to “Did you remember to lock your car?”

  1. http://8alarm.com/ Says:

    This web site truly has all tthe information and facts I wanted concerning this subject and didn’t know who to ask.

  2. buy your automobile Says:

    Could I subscribe to the articles you write?? I don’t know how to do it
    and don’t want to miss your next ones.

  3. http://myhondablog.tumblr.com/tagged/car Says:

    I am thinking about installing my personal website.
    Could you give me a handful of tips?

  4. youtube.com Says:

    Interesting post. Might yoou direct me to more of your articles??

  5. bit.ly Says:

    Hello there! I know this is kinda off topic however I’d figured I’d ask.
    Would you be interested in exchanging links or maybe guest authoring a
    blog article or vice-versa? My blog covers a lot of the same subjects as
    yours and I think we could greatly benefit from each other.

    If you might be interested feel free to shoot me an e-mail.
    I look forward to hearing from you! Superb blog by the way!

  6. Christian Says:

    After i retire I’d really like to move to Hawaii.

  7. Simpler and cheaper – MQ MFT changing for your benefit | Leifdavidsen's Blog Says:

    […] Don’t forget that if you buy the MQ Advanced offering you not only get the MQ MFT Service part but also the MQ AMS capability for end-to-end encryption. This has also been a hot topic of conversation with customers and if you want to know more you can read my previous blog about it here. […]

  8. Simple can be better – the new MQ and MQ Advanced licensing | Leifdavidsen's Blog Says:

    […] deployed anywhere at no additional cost when connected to MQ Advanced Queue Managers. Then there is Advanced Message Security, which provides end to end message content encryption. Since MQ V9 this has a new option allowing […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: