Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Message in a PCI bottle - preserving message queue integrity

Ben Rothke | June 29, 2016
Ben Rothke and David Mundhenk close out their series on achieving PCI compliance when dealing with message queues.

Inordinate numbers of discarded messages are often harbinger of an untrusted sender attempting to communicate with a message recipient in an unauthorized fashion.

While authentication and data integrity has been preserved in HMAC use, it should be noted that any sensitive data contained with the message (such as CHD) could still require additional protections. This can be accomplished by encrypting the data prior to transmission using strong cryptographic algorithm, or by using a cryptographically strong, encrypted transmission protocol such as TLS v1.2 or IPsec.

HMAC use is becoming ubiquitous due in part to the prevalence of cloud computing and web services architectures. Entities attempting to connect to Internet exposed web services must have a valid, pre-shared cryptographic key or the messages being transmitted are suspect and ultimately discarded. That using Amazon Web Services can integrate its own messaging architecture called Amazon Simple Queue Service (SQS)

HMAC at AWS

Not only is it quite easy to get queuing working on AWS, they also provide good documentation on how to do it. For anyone using AWS, a good place to start is here. Amazon does a good job of providing the steps on how the HMAC basic authentication process works.

For those who want a more detailed understanding of how Amazon SQS queues work, a great place to see is here.

Conclusion

As stated previously, message queue security is something not enough people think much about. In this, our final installment in this four-part series, we hope you now have a better appreciation of the importance of message queuing, especially for those needing to be PCI compliant or otherwise interested in preserving message data integrity in transit.

Source: ITWorld.com

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.