I’m currently writing a large piece on MSMQ security and wanted to check I was covering the right areas. I have some doubts as I’ve seen the occasional MSMQ forum question where a poster has used the word “security” in different contexts to what I was expecting.

So here are the areas I plan to cover:

• Message security
• encryption on the wire (SSL and IPSEC)
• encryption of the message (MSMQ encryption)
• encryption of the payload (data encryption)
• signing and authentication
• Queue security
• SIDs and ACLs
• Discoverability
• Cross-forest issues
• Storage security
• NTFS permissions
• unencrypted data
• Service security
• Ports and Firewalls
• DOS attacks
• Hardened mode (HTTP only)
• RPC
• secure channel requirement
• authenticated RPC requirement
• Active Directory
• object permissions
• Setup
• Administrator requirements

What else would you want to see?