[This message was posted by Russell Curry of Assimilate Technology, Inc. <[email protected]> to the "Information Security" discussion forum at http://fixprotocol.org/discuss/3. You can reply to it on-line at http://fixprotocol.org/discuss/read/369d6a46 - PLEASE DO NOT REPLY BY MAIL.]
> However, there are easy methods to use IPSec to protect FIX (over the > internet). I suggest installing a router with IPSec on both sides (buy/sell) > just before your FIX network elements. This way, both the end network > elements can speak plain-text FIX, and the routers will encrypt and decrypt > the FIX as it is transmitted over the internet. Using 128/256 bit encryption > and AES, this will be impossible to break, and it is safe to sniff with > WireShark. Hi Mark, Simon is giving you the best advice here. If you can do this with network hardware, you're a lot less vulnerable than if you rely on some comical security mechanism a vendor has implemented in their own software product. Of course - keep in mind that it's a lot easier to hack people than it is to hack networks. Internal security is often a hell of a lot more important than network security is... [You can unsubscribe from this discussion group by sending a message to mailto:[email protected]] -- You received this message because you are subscribed to the Google Groups "Financial Information eXchange" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/fix-protocol?hl=en.
