Security
PART I Introduction
Chapter 1
1. Security Services
Five security services in the IBM Security Architectur:
1)Identification and authentication
2)Access Control
3)Confidentiality
4)Data integrity
5)Non-repudiation
2. Security mechanisms
Examples of common security mechanisms are:
1) Access control lists
2) Cryptography
3) Digital signatures
Chapter 2
Planning for your security requirements
Three main headings:
. Basic Considerations
. Additional Considerations
. Link level security and applicatoin level security
Chapter 3
Cryptographic concepts
Include the following concepts:
. Cryptography
. Message digests
. Digital signatures
. Digital certificates
. Public Key Infrastructure(PKI)
Digital signatures
The steps of the digital signature process are as follows:
1. The sender computes a message digest and then encrypts the digest using the sender’s private
key, forming the digital signature.
2. The sender transmits the digital signature with the message.
3. The receiver decrypts the digital signature using the sender’s public key, regenerating the
sender’s message digest.
4. The receiver computes a message digest from the message data received and verifies that the
two digests are the same
Chapter 4
The Secure Sockets Layer(SSL)
Include the following sections:
. Transport Layer Security(TLS) concepts
. Secure Sockets Layer(SSL) concepts
. CipherSuites and CipherSpecs
. The Secure Sockets Layer in WebSphere MQ
PART II WebSphere MQ security provisions
Chapter 5. Access control
This chapter introduces the access control mechanisms that are provided by
WebSphere MQ. It contains the following sections:
. Authority to administer WebSphere MQ
. Authority to work with WebSphere MQ objects
. Channel security
1. Authority to administer WebSphere MQ.
All members of the mqm group can perform administration.On Windows systems, members of
theAdministrators group also have access to all WebSphere MQ resources.
Control command: setmqaut (to grant authorities to other users to enable them to access WebSphere MQ
resources.)
2. Authority to work with WebSphere MQ objects.
Applications can access the following WebSphere MQ objects by issuing MQI calls:
. Queue managers
. Queues
. Processes
. Namelists
Applications can also use PCF commands to access these WebSphere MQ objects,
and to access channels and authentication information objects as well.
. Message context
1) identity context (contain information about the user of the application that put the message on
the queue.)
2) origin conntext (contain information about the application itself and when the message was put on
the queue.)
. Authority to work with WebSphere MQ objects on i5/OS, UNIX systems, and Windows systems
The command:
setmqaut -m JUPITER -t queue -n MOON.EUROPA -g VOYAGER +browse +get
allows the members of the group VOYAGER to browse messages on the queue MOON.EUROPA that is owned by the queue manager JUPITER. It allows the members to get messages from the queue as well.
The command:
setmqaut -m JUPITER -t queue -n MOON.* -g VOYAGER +put
The command: dspmqaut, dmpmqaut
3. Channel security
4. Creating and managing groups
Solaris:
creating a group:
groupadd group-name
adding a user to a group:
usermod -G groupa, groupb user-name
removing a user from a group:(from groupb)
usermod -G groupa user-name
Linux:
creating a group:
groupadd -g group-ID group-name
adding a user to a group:
usermod -G groupa, groupb user-name
displaying who is in a group:
getent group group-name
removing a user from a group:(from groupb)
usermod -G groupa user-name
Chapter 6. WebSphere MQ SSL support
This chapter describes the provisions in WebSphere MQ that enable you to use and control the SSL
support:
. Channel attributes
. Channel status attributes
. Queue manager attributes
. The authentication information object(AUTHINFO)
. The SSL key reporitory
. WebSphere MQ client considerations
. Working with WebSphere MQ internet pass-thru(IPT)
. Support for cryptographic hardware
阅读(1076) | 评论(0) | 转发(0) |