Securing an MQ Infrastructure
Data security is a business concern requiring developers and system administrators to implement measures ensuring authentication, integrity, and privacy of information assets. When moving data between systems or companies, it is important to provide data privacy and data authenticity. Privacy ensures that only the addressee can read the message. Authenticity verifies the source and the integrity of the message, and guarantees that the message was really sent by the source. The increased use of WebSphere MQ as the backbone of many ecommerce solutions demands security for the growing number of MQ channels.
Enabling implementation of authentication, integrity, and privacy measures for the WebSphere MQ and OS/390 environments is DataSecure. Originally developed and marketed by European based Primeur, MQSoftware has worldwide distribution rights to market Data Secure with exclusive rights to market the solution in the U.S. An end-to-end security solution, DataSecure provides Information Integrity, ensuring that data has remained unmodified and between sender and receiver; Authentication, verifying the identification of the sender of the data; Non Repudiation, guaranteeing that a data transaction took place; and Peer Entity Authentication, performing realtime authentication of both sender and receiver.
Application, System, and Channel-Level Security
DataSecure is comprised of three major components, integrated to deliver protection at the application, system and channel levels.
For the IBM WebSphere MQ environment, DataSecure for WebSphere MQ End to End secures messages at the application level and below, including WebSphere MQ queues. Operating at a high-level in the architecture, this component remains transparent to the application itself and requires no code changes. Most important, it ensures data integrity, authentication, and privacy at the lowest level within the WebSphere MQ environment.
The DataSecure Toolkit is a multiplatform set of APIs that allows developers to use security functionality in any context in both WebSphere MQ and non WebSphere MQ environments. Positioned at the application or user level, the DataSecure Toolkit can protect anything below the application, including queue managers, queues, channels, and more. Providing development teams with the ability to deliver secure business systems, this component assists with the creation of the appropriate calls within the application and helps reduce the complexity of ensuring information integrity.
DataSecure for WebSphere MQ Link secures messages over WebSphere MQ networks at the channel level. It contains a point-to-point security module that is hooked into the MQ Channel exit that provides a level of security granularity across and within the channel. Equally important, this component performs realtime authentication of both sender and receiver.
Supporting Industry-Standard Security Services
DataSecure supports industry-standard security services, including the full PKCS support — especially PKCS #7, which supports the widest range of cryptographic techniques based on RSA public key encryption. It also supports S/MIME standards that allow the generation and extraction of cryptographic messages signed or packed according to the S/MIME standard. Further supported is the X.509 standard 3-way peer entity authentication that allows communicating entities to authenticate each other using the X.509 standard in its most secure 3-way form that does not assume synchronized clocks are available on the network. DataSecure supports ICSF, HSM, and MQ Clients and MQ Clusters. Platforms supported include OS/390 (including z/Architecture), Unix (AIX, HP-UX, Solaris), OS/400, Tandem (HP NonStop), OpenVMS, and Microsoft Windows NT environments.
With Web access to customer information available to an everincreasing range of financial and nonfinancial businesses, security and privacy issues compel the purchase of data security software. Data-Secure secures data as it moves across the network between applications, including middleware and legacy systems. Data-Secure is available from MQSoftware, Inc., 1660 South Highway 100, Suite 400, Minneapolis, MN 55416. Voice: 952-345-8720; Fax: 952-345-8721