The June 29 episode of The Deep Queue is finally up! Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday. Although I’ve … Continue reading →
The June 29 episode of The Deep Queue is finally up! Sorry about the delay, I was on an engagement last week that had me staying over the weekend in Boston to perform a production implementation on Saturday. Although I’ve got a great recording setup at home, I’m afraid I don’t have decent equipment to do the podcast on the road. Instead, I flew my wife up to Boston and we spent Sunday at the aquarium and then went to see Blue Man Group.
The week delay worked out great though, because last week a friend contacted me to tell me his shop needs to remediate for PCI compliance. He has a hundred days to create a segmented MQ network within which to isolate his PCI applications. The time limit is due to having found out about the problems in the course of an audit rather than through independent research or assessment. Since this is likely to be a growing problem, it turned out to be my topic for this month’s episode.
The reason I think this will be a growing problem is that I am among the folks talking with the assessment community about WMQ security, the implementation gaps that are commonly seen and methods for assessment and remediation that are currently available. Hopefully, the participation of the assessment community will result in refining these existing tools and creating best practices for securing MQ in a regulatory compliance context such as PCI.
I’m also excited to be working with some old friends at Evans Resource Group. ERG is building a business around helping assessors get up to speed with WebSphere MQ. They are creating a curriculum and tools and are already working with some of their first clients in this space. Many of the folks at ERG are Reconda alums who I worked with to develop AppWatch so I’m confident they will do a great job. I’ll be working with them next week to help them develop and fine-tune their content and get the reactions of those initial clients.
Lots more about all this in the podcast so please download it or the transcript and let me know your thoughts.
Also, don’t forget to sign up for the webinar I’m giving July 10th at noon Eastern, entitled What You Don’t Know About Middleware Vulnerabilities Will Hurt You. The webinar is structured for assessors and QSAs and includes my 5-Minute WebSphere MQ Assessment.
Links from the podcast:
PCIKnowledgebase.com: http://PCIKnowledgebase.com
Webinar: What You Don’t Know About Middleware Vulnerabilities Will Hurt You
https://www2.gotomeeting.com/register/848961386
Evans Resource Group home page: http://www.evansresourcegroup.com
Evans Resource group free MQ security check:
http://www.evansresourcegroup.com/technologies-6b.html
Prolifics home page: http://www.prolifics.com
Prolifics free MQ Health and Security Check:
http://www.prolifics.com/Collateral/Documents/English-US/service-brochures/Prolifics_WebSphereMQ_HealthSecurityCheck.pdf
Capitalware homepage: http://www.capitalware.biz
Capitalware consulting services: http://www.capitalware.biz/services.html
Primeur homepage: http://www.primeur.com
Primeur Data Secure for WebSphere MQ:
http://www.primeur.com/products/data_security/spazio_data_secure.html#dswmq