Blog Stats
  • Posts - 86
  • Articles - 0
  • Comments - 23
  • Trackbacks - 0

 

Need suggestions on what you regard as “security”

I’m currently writing a large piece on MSMQ security and wanted to check I was covering the right areas. I have some doubts as I’ve seen the occasional MSMQ forum question where a poster has used the word “security” in different contexts to what I was expecting.

So here are the areas I plan to cover:

  • Message security
    • encryption on the wire (SSL and IPSEC)
    • encryption of the message (MSMQ encryption)
    • encryption of the payload (data encryption)
    • signing and authentication
  • Queue security
    • SIDs and ACLs
    • Discoverability
    • Cross-forest issues
  • Storage security
    • NTFS permissions
    • unencrypted data
  • Service security
    • Ports and Firewalls
    • DOS attacks
    • Hardened mode (HTTP only)
  • RPC
    • secure channel requirement
    • authenticated RPC requirement
  • Active Directory
    • object permissions
  • Setup
    • Administrator requirements

What else would you want to see?


Feedback

# re: Need suggestions on what you regard as “security”

Gravatar You are on the right track.
ACLs and AD object permission will be the next tuning i will work on and your suggestion will be helpful as usual.
2/18/2011 5:22 PM | Stefano

Post A Comment
Title:
Name:
Email:
Comment:
Verification:
 
 

 

 

Copyright © John Breakwell