> T.Rob, > What do you think of just stopping the command server? My thinking > is if > they have access to the box to start the command server locally, > they can just as easily use runmqsc to create the queue. True, it is > an extra step, but does it buy us anything really to delete the > command queue on top of stopping the command server? > > > > > As a side note, does anyone know of an MQ class just for security. I > am writing up a doc for Security for MQ at our company, and man, > this is a subject unto itself! > > Hi, I have done extensive testing about security, hacking and so on, on Queue Managers hosted on Windows and Unix boxes.
If you want to protect your QM from external attacks, throught channels, the answer is SSL. Definitively. You can play with MCAUSER, channels exits, firewalls, but ... After applying the CSD, MQ5.3 SSL support works pretty well and is able to secure in a decent way your QM from externam attacks. If you want more (in-queue encryption), have a look at MQ Extended Security Edition 5.3, who includes Policy Director. HTH, Luc-Michel -- Luc-Michel Demey - Freelance EAI Consultant Paris / France Tel. : +33 6 08 755 655 http://consulting.demey.org/ - lmd at demey dot org Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive