There are several aspects in which the security of the message broker is affected. RabbitMQ hasn't been planned to be exposed on the Internet initially; however, a number of security concerns exist even with in-house deployments of the message broker. We will stay away from this fact and not make assumptions on whether the broker instances under consideration are accessible via the Internet or not.
Let's consider again the standard three-cluster diagram (along with an additional remote broker instance) that we have been using so that we can see what security issues may arise in practice:
We can apply the following mechanisms in order to mitigate the identified threats:
Authentication: This allows you to identify who connects to the message broker.
Authorization: This allows you to determine the set of privileges and permissions for the authenticated user.
Secure communication between the clients and the broker: By default, messages are exchanged by the senders/receivers and...