Securing MFT

Securing MFT

Directly after installation and with no modification, Managed File Transfer has a level of security that might be suitable for test or evaluation purposes in a protected environment. However, in a production environment, you must consider appropriately controlling who can start file transfer operations, who can read and write the files being transferred, and how to protect the integrity of files.

MFT and IBM MQ connection authentication
Managed File Transfer Version 8.0 or later supports the IBM MQ Version 8.0 or later security features, with the default mode of disabled. If the associated queue manager has security enabled, and requires credential details (user ID and password), this feature must enabled before a successful connection to a queue manager can be made.
MFT sandboxes
We can restrict the area of the file system that the agent can access as part of a transfer. The area that the agent is restricted to is called the sandbox. We can apply restrictions to either the agent or to the user that requests a transfer.
Configure SSL or TLS encryption for MFT
Use SSL or TLS with IBM MQ and Managed File Transfer to prevent unauthorized connections between agents and queue managers, and to encrypt message traffic between agents and queue managers.
Connecting to a queue manager in client mode with channel authentication
IBM WebSphere MQ Version 7.1 introduced channel authentication records to control more precisely access at a channel level. This change in behavior means that by default newly created IBM WebSphere MQ Version 7.1 or later queue managers reject client connections from the Managed File Transfer component.
Configure SSL or TLS between the Connect:Direct bridge agent and the Connect:Direct node
Configure the Connect:Direct® bridge agent and the Connect:Direct node to connect to each other through the SSL protocol by creating a keystore and a truststore, and by setting properties in the Connect:Direct bridge agent properties file.
Parent topic: Managed File Transfer

Related concepts

MFT sandboxes

Related tasks

Configure SSL or TLS encryption for MFT

Related reference

Restricting group authorities for MFT-specific resources
Managing authorities for MFT-specific resources
Authorities for MFT to access file systems
MFT and IBM MQ connection authentication
commandPath MFT property
Authority to publish MFT Agents log and status messages