Security White Paper

March 3, 2011 Roger Lacroix

James Michael Stewart of Global Knowledge has written a white paper called: Ten Ways Hackers Breach Security

Here’s the interesting part:

All too often when hacking is discussed, it is assumed that the hacker is some unknown outsider. However, studies have shown that a majority of security violations actually are caused by internal employees. So, one of the most effective ways for a hacker to breach security is to be an employee. This can be read in two different ways. First, the hacker can get a job at the target company and then exploit that access once they gain the trust of the organization. Second, an existing employee can become disgruntled and choose to cause harm to the company as a form of revenge or retribution.

When are companies going to secure their MQ environments, so that internal employees cannot get access to sensitive/confidential data?

Note: Please do not say we use a firewall, we use RACF (for z/OS) or the channel’s MCAUSER field has a value because that is NOT securing your MQ environment.

Regards,
Roger Lacroix
Capitalware Inc.

This entry was posted in IBM i (OS/400), IBM MQ, Linux, macOS (Mac OS X), MQ Authenticate User Security Exit, MQ Channel Encryption, MQ Enterprise Security Suite, MQ Message Encryption, MQ Standard Security Exit, Unix, Windows, z/OS.

Comments are closed.

Search for:
Recent Posts
Blog Calendar
May 2024

M T W T F S S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

« Apr
Capitalware
Archives
Archives
Categories
IBM MQ
WebSphere MQ
IBM Developer Messaging Blog
T.Rob’s Store and Forward
- MQ Safety Tips for the Pandemic April 5, 2020
- Command Server Gotcha May 14, 2018
- Client-based runmqsc gotcha May 3, 2018
- When deprecated != deprecated January 19, 2018
- Parsing MQ error logs in Splunk December 19, 2017
Mark Taylor’s Blog
- Passwords with runmqsc scripts April 4, 2024
- MQ Metrics with OpenTelemetry March 1, 2024
- Handling MQ logs and events with OpenTelemetry February 10, 2024
- MQ JMS and Spring: Spring Boot 2 now at end of regular support January 15, 2024
- Unexpected behaviour in MQI Callback January 4, 2024
Lyns Random Thoughts
Leif Davidsen’s Blog
- IBM Cloud Pak for Integration 2023.4.1 – when bigger is not always better. October 31, 2023
- Cross the river without falling in. Modernize your business with IBM Cloud Pak for Integration. July 31, 2023
- More workload, less work with Cloud Pak for Integration 2023.2.1 May 9, 2023
- Seeing is believing with the latest updates to IBM Integration including Cloud Pak for Integration 2022.4.1 and MQ V9.3.1 November 23, 2022
- The new Cloud Pak for Integration 2022.2.1 delivers years of support for your business June 10, 2022
Colin Paice on MQ
- One minute networking: getting your data to flow around the corner; IP tunnelling May 4, 2024
- How to reduce the chance of screwing up in a Linux window. May 4, 2024
- Restore files from Linux using Duplicity May 2, 2024
- IPV6 getting an address automagically May 2, 2024
- One minute mvs: catalogs and datasets. April 27, 2024
- One minute networking: TCP buffer sizes April 27, 2024
- Configuring frr on Linux April 27, 2024
- One minute networks: MAC address April 23, 2024
- One minute networks: Switches, routers, hubs and IP addresses April 23, 2024
- One minute MVS: Networking subnets. April 8, 2024
StackOverflow MQ Questions
- Spring Boot 3.1 JMS application - 'CodedCharSetId' not setting to 5026 in IBM MQ v9.3 (Linux) May 7, 2024
- How to connect MQ with load runner May 6, 2024
- IBM MQ and IISExpress stopped working after recent update. Faulting module path: C:\Program Files (x86)\IBM\WebSphere MQ\bin\mqe.dll May 1, 2024
- How to add multi-line message in IBM MQ? April 29, 2024
- Takes 1 hour to receive a 10MB message by IBM MQ resource adapter, then IJ000459 Transaction is not active April 28, 2024
- pymqi : IBM MQ ERROR : MQI Error. Comp: 2, Reason 2381: FAILED: MQRC_KEY_REPOSITORY_ERROR April 26, 2024
- pymqi: no way to deallocate message handles? April 24, 2024
- Adding a delay on consumption of messages with Spring JMS DefaultMessageListenerContainer without using Delivery Delay April 22, 2024
- IBM Queue does not remove message after consumption April 20, 2024
- JNDI Connection Issue with mq-jms-spring-boot-starter April 16, 2024
StackOverflow MQTT Questions
- ESP32 with Cloud Connection [closed] May 11, 2024
- Problem occur mqtt and gsm and stm32 controller [closed] May 11, 2024
- Connect esp32 to broker via ipv6 over internet May 11, 2024
- Amazon MQ / ActiveMQ - changing port for MQTT over websockets (61619)? [closed] May 9, 2024
- Publish and message reading to be done outside of the context manager, i.e. without the async with client [closed] May 9, 2024
- CocoaMQTT Server connection refused May 8, 2024
- How can I fix this paho-mqtt with tls error? May 7, 2024
- Event Grid on Arduino IDE May 5, 2024
- MQTT Callback function Not Executing C++ May 4, 2024
- GoLang Mochi MQTT Server with Python Paho MQTT Client TLS Authentication Verification Failed May 4, 2024