IBM® WebSphere® Front cover Secure Messaging Scenarios with WebSphere MQ Using strong authentication Using granular authorization Implementing revocation checking T.Rob Wyatt Glenn Baddeley Neil Casey Long Nguyen Jørgen H. Pedersen Morten Sætra ibm.com/redbooks International Technical Support Organization Secure Messaging Scenarios with WebSphere MQ November 2012 SG24-8069-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. First Edition (November 2012) This edition applies to WebSphere MQ Version 7.5. © Copyright International Business Machines Corporation 2012. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xi Trademarks . xii Preface . xiii The team who wrote this book . xiii Now you can become a published author, too! . .xv Comments welcome. .xv Stay connected to IBM Redbooks . xvi Chapter 1. Introduction. 1 1.1 Why read this book . 2 1.2 Currency . 3 1.3 Scope . 3 Chapter 2. What is security . 5 2.1 Defining requirements . 6 2.2 Security as a system . 7 2.3 The security lifecycle. 8 2.3.1 Provisioning access . 8 2.3.2 Revoking access. 8 2.3.3 Monitoring and accountability . 9 2.3.4 Ongoing maintenance. 9 2.3.5 Recovery. 10 2.4 Summary. 11 Chapter 3. Authentication and authorization . 13 3.1 Relationship between authentication and authorization . 14 3.2 Authentication in WebSphere MQ. 14 3.2.1 Connection authentication . 14 3.2.2 Message-level authentication . 16 3.3 Authorization in WebSphere MQ. 16 3.3.1 Connection-level authorization . 16 3.3.2 Message-level authorization . 19 Chapter 4. Connection-level security . 21 4.1 Architecture . 22 4.2 Authentication . 22 4.2.1 Assertion . 22 4.2.2 Origin . 23 4.2.3 Certificate . 23 4.3 Identity resolution . 23 4.4 Binding authentication to authorization . 24 4.5 Default CHLAUTH rules . 24 4.6 Provisioning access . 25 4.7 Upgrade and migration . 26 4.8 Access control lists . 26 4.9 Authorizing topics . 27 4.10 Authorizations that grant administrative access . 28 4.10.1 Granting +crt authority . 28 © Copyright IBM Corp. 2012. All rights reserved. iii 4.10.2 Granting +set authority on the queue manager . 28 4.10.3 Granting +setid or +setall on queues . 29 4.11 Common mistakes . 29 4.11.1 Unprotected channels . 30 4.11.2 Granting access to principals . 30 4.11.3 Administrative users with mqm as a secondary group . 31 4.11.4 Unquoted asterisks in setmqaut commands . 32 4.11.5 Using generic authorizations. 33 4.11.6 Granting access to the nobody group . 34 Chapter 5. Message-level security. 35 5.1 Architecture . 36 5.2 Policies . 36 5.3 Use cases . 37 5.3.1 Business-to-business (B2B) . 37 5.3.2 End-to-end encryption. 38 5.3.3 Data aggregation . 38 5.3.4 Command and control flows . 39 Chapter 6. WebSphere MQ security controls . 41 6.1 Overview . 42 6.2 Operating system and file system resources . 42 6.2.1 File system as the root of trust in the server . 42 6.2.2 Restrict file system access . 43 6.2.3 Restrict access to mqm home directory and tools . 44 6.2.4 Limit access to the mqm user ID. 44 6.2.5 mqm group membership . ..