Network and Firewall Q's

Re: your network drive - as long as your hardware firewall has NAT (network address translation) enabled and you've not enabled any pass throughs you should be insulated from any inbound connections.

Of course if one of your local PCs gets infected, the network drive could be subject to attack since both the malware and the drive are "inside" the hardware firewall.

Also, if you have wireless networking enabled at your site, you've got a different potential attack vector available. You better at least have WEP enabled - although recognize that it typically takes me only about 10-20 minutes to crack a short WEP key and generally less than 2 hours to break a long one. But in general, you should still be OK from the typical neighborhood punk hacker wannabe if you use the longest key your hardware/software supports (or use one of the alternatives to WEP).

Also, (if it's a wireless router) make sure you've changed the router's administrative login to something other than the typical factory default.
 
yes and yes. great suggestions. i changed the pwd, and use wpa2. nice one on the key length, i will use the max

once just to mess with a guy who was surfing from a car in front of my building, i changed my SSID to 'volkswagonparkedonXYZst' ...

in this case, i'm most concerned with attacks originating from trading related websites. someone out there has to be watching us all and trying to steal strategies. i read on the tradestation forums that there are hacks which target the data cache. especially now that one's entire TS environment can be encapuslated in a single unprotected backup file, high vulnerability

regardless it seems like the main lesson is that browsing on the trading machine/network is an absolute no-no. i should split them out for good, and configure or get a router that can limit outgoing to TS and IB ports only. has anyone done this?

any recommendations on favorite computing security books would be welcome. 'Desktop Witness' by Caloyannides came highly recommended today
 
Re: is it safe to browse and chat?

I can tell you unequivocally that in all these years none of my machines have EVER been infected - and certainly not from just web browsing.

99% of infections result from users downloading and running software from unknown or questionable sites, getting popups or scripts that attempt to download executable code and then either having their browser settings configured to allow such things without warning or the user going ahead and naively granting permission for the execution, pulling down an infected file from one of the many peer to peer file sharing networks, or from executable payloads contained in emails or chat messages that the user (again naively) opens.

The occurance of "real" hacks (i.e., where the outside hacker cracks into your network/system by exploiting an internal bug of the OS or a specific network facing application (like the various buffer overflow attacks over the years)) is pretty small.

Make sure you've enabled all the reasonable security options in your browser, have installed (and continue to install) all the latest security updates for your OS and your chosen browser, and have anti-popup software active.

Browsing not withstanding - chat and file sharing software do have their own problem set.

There have been a number of attacks on different IM software that permitted hackers to surreptitiously push executable code into a remote PC and cause it to execute without the user being aware of it. Same thing with a number of the more popular file sharing programs (some of which actually contained their own malware). Personally I restrict IM to my cellphone, don't engage in "file sharing", and scan every executable I download (even from trusted commercial sites) before executing it.

Good luck.
 
Quote from Avid_Consumer:


regardless it seems like the main lesson is that browsing on the trading machine/network is an absolute no-no. i should split them out for good, and configure or get a router that can limit outgoing to TS and IB ports only. has anyone done this?
More...

Just use a second puter for surfing, etc. Making port limitations can prove dangerous for trading, particularly if you get software updates or change add-ons/features, or worse, automatically or mandatory.
 
If you're going to try to lock down a particular PC to accessing content from only certain sites, just install a SW firewall on that machine and let it restrict the outgoing connections as you see fit. No need to bother with yet another router or additional hardware. You'll want to spend several days of active use on that machine letting the firewall flag the outgoing connections and asking if the target is OK or not so it can compile a complete picture of what is really valid since chances are the universe you'll need to allow will be more than just the single TS and IB addresses.

That being said, frankly I've never had any problems using a browser on a machine I was also using for trading. But your mileage my vary :)
 
Quote from ArchAngel:

...
That being said, frankly I've never had any problems using a browser on a machine I was also using for trading. But your mileage my vary :)
More...

Same here :) But during non-trading hours I do use a surfing/gaming machine...
Even if trading day is slow, I don't want access to DOOM :D
 
funny guys. so maybe seperate machines on one network will be ok. network security is a real issue for the obsessive compulsives.... without having written everything on my box, i have no clue what could be going on

one regret with mcafee fw is that it doesn't seem to ask as often about outgoing permissions as zonealarm did. when you permanently permission a browser, how big of an opening does that create? does that mean that anything malicious in a site can send info back out, or does it have to be part of the browser process to get back out? process tree, etc

the links are great osorico, thx
 
You must log in or register to reply here.
Back
Top