Скачать презентацию IBM Software Group MQ Security 2004 IBM Скачать презентацию IBM Software Group MQ Security 2004 IBM

e6f2b583e67f29f7923f144e199cf3e1.ppt

  • Количество слайдов: 12

IBM Software Group MQ Security © 2004 IBM Corporation IBM Software Group MQ Security © 2004 IBM Corporation

IBM Software Group | Web. Sphere software Agenda 2 © 2004 IBM Corporation IBM Software Group | Web. Sphere software Agenda 2 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software setmqaut (set or reset authority) 3 © IBM Software Group | Web. Sphere software setmqaut (set or reset authority) 3 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software Authorizations 4 © 2004 IBM Corporation IBM Software Group | Web. Sphere software Authorizations 4 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software Specify authorities for different object types 5 IBM Software Group | Web. Sphere software Specify authorities for different object types 5 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software Examples 1. specifies that the object on IBM Software Group | Web. Sphere software Examples 1. specifies that the object on which authorizations are being given is the queue orange. queue on queue manager saturn. queue. manager. run : setmqaut -m saturn. queue. manager -n orange. queue -t queue -g tango +inq +alladm 2. In this example, the authorization list specifies that user group foxy: Cannot issue any calls from the MQI to the specified queue Can perform all administration operations on the specified queue run : setmqaut -m saturn. queue. manager -n orange. queue -t queue -g foxy allmqi +alladm 3. This example gives user 1 full access to all queues with names beginning a. b on queue manager qmgr 1. The profile is persistent, and will apply to any object with a name that matches the profile name. run : setmqaut -m qmgr 1 -n a. b. * -t q -p user 1 +all 4. This example deletes the specified profile. run : setmqaut -m qmgr 1 -n a. b. * -t q -p user 1 -remove 5. This example creates a profile with no authority. run : setmqaut -m qmgr 1 -n a. b. * -t q -p user 1 +none 6 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software Related Commands § dspmqaut -m WBRK_QM -t IBM Software Group | Web. Sphere software Related Commands § dspmqaut -m WBRK_QM -t qmgr -p dmwang 7 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software SSL § The Secure Sockets Layer (SSL) IBM Software Group | Web. Sphere software SSL § The Secure Sockets Layer (SSL) provides an industry standard protocol for transmitting data in a secure manner over an insecure network. The SSL protocol is widely deployed in both Internet and Intranet applications. SSL defines methods for authentication, data encryption, and message integrity for a reliable transport protocol, usually TCP/IP. § SSL uses both asymmetric and symmetric cryptography techniques. Refer to the following web site for a complete description of the SSL protocol: http: //home. netscape. com/eng/ssl 3/. § An SSL connection is initiated by the caller application, which becomes the SSL client. The responder application becomes the SSL server. Every new SSL session begins with an SSL handshake, as defined by the SSL protocol. 8 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software SSL Hand. Shake § Agree on the IBM Software Group | Web. Sphere software SSL Hand. Shake § Agree on the version of the SSL protocol to use. § Select cryptographic algorithms § Authenticate each other by exchanging and validating digital certificates. § Use asymmetric encryption techniques to generate a shared secret key, which avoids the key distribution problem. SSL subsequently uses the shared key for the symmetric encryption of messages, which is faster than asymmetric encryption. 9 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software SSL Hand. Shake 10 © 2004 IBM IBM Software Group | Web. Sphere software SSL Hand. Shake 10 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software SSL in Web. Sphere MQ § Message IBM Software Group | Web. Sphere software SSL in Web. Sphere MQ § Message channels and MQI channels can use the SSL protocol to provide link level security. § A caller MCA is an SSL client and a responder MCA is an SSL server. Web. Sphere MQ supports Version 3. 0 of the SSL protocol. § You specify the cryptographic algorithms that are used by the SSL protocol by supplying a Cipher. Spec as part of the channel definition. § During the SSL handshake, the MCA sends the digital certificate of the queue manager to its partner MCA at the other end of the channel. The Web. Sphere MQ code at the client end of an MQI channel acts on behalf of the user of the Web. Sphere MQ client application. During the SSL handshake, the Web. Sphere MQ code sends the user’s digital certificate to the MCA at the server end of the MQI channel. 11 © 2004 IBM Corporation

IBM Software Group | Web. Sphere software SSL in Web. Sphere MQ § Digital IBM Software Group | Web. Sphere software SSL in Web. Sphere MQ § Digital certificates are stored in a key repository. § The queue manager attribute SSLKey. Repository specifies the location of the key repository that holds the queue manager’s digital certificate. § On a Web. Sphere MQ client system, the MQSSLKEYR environment variable specifies the location of the key repository that holds the user’s digital certificate. § Alternatively, a Web. Sphere MQ client application can specify its location in the Key. Repository field of the SSL configuration options structure, MQSCO, on an MQCONNX call. 12 © 2004 IBM Corporation