|
Information Security
< Previous Next >
Re: Sending FIX messages across internet
Kevin Houstoun / HSBC Bank plc
18 May 2005 6:45AM ETAt least one large investment manager sends thier orders and recieves executions across the public internet and a number of other firms. Most brokers can support an encrypted FIX session across the internet. They used the standard FIX message level encryption approach. This is detailed in the paper in the Tech Security Section on the specification pages http://www.fixprotocol.org/specifications/TechDoc-InfoSecurity. The options most commonly used are the combination of PGP - for key exchange, DES to encrypt the session and MD5 as a strong checksum. The following document gives an overview
http://www.fixprotocol.org/documents/581/security.doc
There is also details of a SSL implementation that has been used to wrap the FIX session inside a secure tunnel.
http://www.fixprotocol.org/documents/576/poppy-0.6.4a.tar.gz
You probably need to be logged onto the site to see these documents.
Cheers
Kevin Houstoun
Consultant
HSBC Investment Bank
> > Sending FIX messages over the internet is possible but generally not
> > used for sensitive business traffic. Although PGP-DES-MD5 or SSL
> > software encryption methods can be used to overcome this.
> >
> > Alternatively a VPN could be used, thus helping to reduce the
> > complexity and cost of managing connections and encrypted sessions.
>
> Virtual Private Network just says that you run a virtual network based
> on a physical one. The physical network can be also the internet.
>
> > > Is it possible to send FIX message through SSH tunnel across
> > > internet? Is there alternate way to send FIX message across
> > > internet?
>
> Actually, an SSH tunnel is poor mans VPN. A real VPN is much more
> comfortable if you want to connect several computer. Just for one link
> with fixed IP addresses and port numbers an SSH tunnel should be fine.
> The encryption methods used by VPN and SSH are virtually the same: You
> can use stronger and weaker methods depending on your requirements.
>
> Have a look at http://www.stunnel.org as a simple alternative to SSH
> port forwarding.
>
> In summary, my answer is: "Yes, you can use SSH to send FIX messages
> securely over the internet. The level of security depends on the level
> of security your SSH connection provides."
>
> Cheers, Jörg
Re: Sending FIX messages across internet
Kevin Houstoun / HSBC Bank plc 18 May 2005 6:45AM ET
|
