Sid,
But if only certain ports on the DMZ machine are open and the listener
running against the MQ port goes through an SSL validation process for
anyone connecting to it then aren't we protected?
Regards
Tim A
[EMAIL PROTECTED]
.AU To: [EMAIL PROTECTED]
Sent by: MQSeries cc:
List Subject: Re: MQSeries in DMZ
<[EMAIL PROTECTED]
N.AC.AT>
05/06/2003 10:53
Please respond to
MQSeries List
Tim,
SSL wont protect the data sitting on the server.... Is that where the risk
really is ?.. In my case it is.. Yours may be different.
But SSL from server-server is also a good choice.
Sid
-----Original Message-----
From: Tim Armstrong [mailto:[EMAIL PROTECTED]
Sent: Thursday, 5 June 2003 9:56 AM
To: [EMAIL PROTECTED]
Subject: Re: MQSeries in DMZ
Or you can use the SSL features that became available in V5.3.
Regards
Tim A
"Potkay, Peter M
(PLC, IT)" To:
[EMAIL PROTECTED]
<[EMAIL PROTECTED] cc:
RTFORD.COM> Subject: Re: MQSeries in
DMZ
Sent by: MQSeries
List
<[EMAIL PROTECTED]
AC.AT>
05/06/2003 01:17
Please respond to
MQSeries List
See support pac MS81
http://www-3.ibm.com/software/integration/support/supportpacs/individual/ms8
1.html
It has what you need. It is the MQSeries Internet Pass Thru (MQIPT).
-----Original Message-----
From: Madsen, Timothy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: MQSeries in DMZ
Hello,
We have external partners who need to connect to our MQSeries. So, we
could
put an MQSeries server in our DMZ and let those external people connect to
that MQ and then have the DMZ MQ connect to our internal MQ. We can
configure our firewall (Cisco Pix) to only let MQ appropriate
ports/protocols pass from the internet to the DMZ MQ server.
However, we would still be allowing **anybody** on the internet to send
messages to our MQSeries in our DMZ. We are working with a small list of
partners - they are not anonymous.
So - from this two questions:
1) Would this be considered a fairly secure configuration - from the
standpoint of a hacker trying to get into our MQ box and crash it or access
OS services?
2) What is a standard method whereby we could allow our external partners
to send MQ messages - but not allow other people on the internet to send MQ
messages to our DMZ MQ server?
Thanks.
Tim.
Instructions for managing your mailing list subscription are provided in
the
Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are
not the intended recipient, please notify the sender immediately by return
email and delete this communication and destroy all copies.
Instructions for managing your mailing list subscription are provided in
the
Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the
Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
