|
Information Security
< Previous Next >
Re: Fix application firewall
John Sabini / Bayshore Networks <>
23 Nov 2004 11:19AM ET>
> Does anyone know any off the shelve application firewalls that will
> validate FIX connections ?
>
> The firewall should be able to check the validity of fix messages
> (version 4.0-4.4) down to the field level and should be transparent to
> the fix engine behind it.
>
> Thanks in advance
An interesting question. From where I sit, getting paid to design objects like you mentioned, I don't see anything like an off the shelf firewall product.
However, there are products that are close to what you would like but it would need elbow grease. Your question is interesting because I see the need for detaching the session that FIX has from it's application "layer" as a more modern approach for SOA security, speed and service.
From a business pov, validating messages in vivo as you want in a proxy would require state information so there is an overhead. The parse would need to know also about contingent/conditional fields as well as current version and would need to be able to have the logic to handle custom fields.
Anyway, so why in heaven's would you want to kill a firewall with the overhead, when an application proxy server would do nicely for large scale instituional trading.
If you need some pointer in the way of products or direction that have a chance of working please send e-mail.
Regards,
JPS
Re: Fix application firewall
John Sabini / Bayshore Networks 23 Nov 2004 11:19AM ET
|
