I recently signed up for – and promptly dumped – Host Gator. The QOS (Quotient of Suckage) was off the chart but in this post I’ll focus on a surprising security exposure that was revealed in the process.
Webinar: Security Defenses that Withstand the Test of Time
Please join AJ Aronoff and me for a Prolifics webinar: IIB: Security Defenses that Withstand the Test of Time
For the last 7 years my security focus has mainly been intrusion prevention. That’s all the controls you use to keep unauthorized people out of the messaging network. I’m happy to report that things have improved on that front. IBM has greatly improved the software and customers are enabling the security controls in record numbers. (Not that the secured systems are yet in the majority, but it’s MUCH better than before.)
Unfortunately, intrusion prevention is only one part of the story. A comprehensive security design also includes intrusion detection, forensic capability and incident recovery. One reason that these are needed is that the state of the art is a moving target. Attack technology always gets better, defensive technology moves to keep up or stay ahead. Over time the configuration you implement today gets weaker as the state of the art continues to advance.
This webinar will focus less on the specific controls and more on how to maintain security effectiveness over time. We will be addressing IBM Information Broker (the software formerly known as WebSphere Message Broker) but since it is built on top of WebSphere MQ the content will also be useful for WMQ admins who do not have IIB. I hope to “see” you there!
Much thanks to my friends at Prolifics for sponsoring the webinar.