J Wolfgang Goerlich's thoughts on Information Security
Financial Information eXchange (FIX) Flaws

By wolfgang. 3 January 2008 06:35

FIX attacks. As a financial firm, we are heavily reliant upon the FIX (Financial Information eXchange) protocol for buy-side trade execution. Security researchers have identified several concerns with the FIX protocol. The primary concern for my firm is trade errors and trade delays. Much of my security infrastructure relies upon data encryption, protocol filtering, and traffic isolation. All of these mechanisms come into play with the FIX network, as each connection must be isolated and each trading partner secured separately.

J Wolfgang Goerlich

http://www.darkreading.com/document.asp?doc_id=142127&page_number=5
https://www.blackhat.com/presentations/bh-usa-07/Goldsmith_and_Rauch/Presentation/bh-usa-07-goldsmith_and_rauch.pdf

(Thanks to Nathan Ouellette for the email on this issue.)

Tags:

Security

E-mail | Kick it! | DZone it! | del.icio.us
Permalink

    Log in