Secure Messaging Scenarios with WebSphere MQ describes how we should configure MQ so we can keep control on our data and prevent unautorized access to the information we trust in hands of MQ. The most overlooked security issue is either disabled security or having all using administrative rights.

We don't hear from those with too much autority. What do you think of granting a business partner administrative rights over your infrastructure by not having Security in place?
(I tested that years ago with a partner, and they were chocked. We increased Security so I got the right accesses).

We (the RedBooks dream team) had a lot of fun writing this Redbook, and on how to secure and penetrate the established security. We all learned a lot from each other about MQ Security. Half the team have left IBM.

You can find the book on Redbooks website or click on the book below.

Table of contents

Chapter 1. Introduction
Chapter 2. What is security
Chapter 3. Authentication and authorization
Chapter 4. Connection-level security
Chapter 5. Message-level security
Chapter 6. WebSphere MQ security controls
Chapter 7. Operating system specifics
Chapter 8. Scenario preparation
Chapter 9. Scenario: WebSphere MQ administration
Chapter 10. Scenario: Securing IBM WebSphere MQ connections to connect a business partner
Chapter 11. Scenario: Fine-grained cluster security
Chapter 12. Scenario: CRL/OCSP certificate revocation
Chapter 13. Scenario: End-to-end security using WebSphere MQ AMS
Chapter 14. Scenario: WebSphere MQ AMS revocation checking
Appendix A. Working with the itsoME message exit
Appendix B. Additional tooling for WebSphere MQ Internet pass-thru
Appendix C. Certificate administration techniques and special WebSphere MQ security checks
Appendix D. Additional material