Re: MQSeries in DMZ

Thu, 05 Jun 2003 22:14:00 -0700 

Just a question. As the DMZ is just a router. And unless the receiver or
sender is down. There normally would not be any data on the DMZ box. I would
think the exposure to people snooping on the DMZ is a moote point. The
server inside your intranet is another story.

bobbee


From: Tim Armstrong <[EMAIL PROTECTED]>
Reply-To: MQSeries List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: MQSeries in DMZ
Date: Thu, 5 Jun 2003 11:33:29 +1000

Sid,

But if only certain ports on the DMZ machine are open and the listener
running against the MQ port goes through an SSL validation process for
anyone connecting to it then aren't we protected?

Regards
Tim A



                      [EMAIL PROTECTED]
                      .AU                      To:
[EMAIL PROTECTED]
                      Sent by: MQSeries        cc:
                      List                     Subject:  Re: MQSeries in
DMZ
                      <[EMAIL PROTECTED]
                      N.AC.AT>


                      05/06/2003 10:53
                      Please respond to
                      MQSeries List





Tim,

SSL wont protect the data sitting on the server.... Is that where the risk
really is ?.. In my case it is.. Yours may be different.

But SSL from server-server is also a good choice.

Sid

-----Original Message-----
From: Tim Armstrong [mailto:[EMAIL PROTECTED]
Sent: Thursday, 5 June 2003 9:56 AM
To: [EMAIL PROTECTED]
Subject: Re: MQSeries in DMZ


Or you can use the SSL features that became available in V5.3.

Regards
Tim A



                      "Potkay, Peter M
                      (PLC, IT)"                 To:
[EMAIL PROTECTED]
                      <[EMAIL PROTECTED]        cc:
                      RTFORD.COM>                Subject:  Re: MQSeries in
DMZ
                      Sent by: MQSeries
                      List
                      <[EMAIL PROTECTED]
                      AC.AT>


                      05/06/2003 01:17
                      Please respond to
                      MQSeries List





See support pac MS81
http://www-3.ibm.com/software/integration/support/supportpacs/individual/ms8


1.html

It has what you need. It is the MQSeries Internet Pass Thru (MQIPT).


-----Original Message-----
From: Madsen, Timothy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: MQSeries in DMZ


Hello,
We have external partners who need to connect to our MQSeries.  So, we
could
put an MQSeries server in our DMZ and let those external people connect to
that MQ and then have the DMZ MQ connect to our internal MQ.  We can
configure our firewall (Cisco Pix) to only let MQ appropriate
ports/protocols pass from the internet to the DMZ MQ server.

However, we would still be allowing **anybody** on the internet to send
messages to our MQSeries in our DMZ.  We are working with a small list of
partners - they are not anonymous.

So - from this two questions:

1)  Would this be considered a fairly secure configuration - from the
standpoint of a hacker trying to get into our MQ box and crash it or access
OS services?

2)  What is a standard method whereby we could allow our external partners
to send MQ messages - but not allow other people on the internet to send MQ
messages to our DMZ MQ server?

Thanks.
Tim.

Instructions for managing your mailing list subscription are provided in
the
Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive


This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are
not the intended recipient, please notify the sender immediately by return
email and delete this communication and destroy all copies.

Instructions for managing your mailing list subscription are provided in
the
Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the
Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Reply via email to