How to improve security??

Hello,

I really need some help and guidance on an issue of software security. I am using a specialized computer program for trading stocks/shares online and am concerned that this program could be a security risk. I have provided quite a bit of detailed background information on the program and outlined my concerns and objective later in this post.

If it is possible, I would like to get some real constructive advice on how a solution to this problem could be implemented. Please don't post obvious comments such as "use another program" "ask the developer if he is spying on you" "do a risk analysis and see if you really need to worry about this". I have spent the better part of three weeks brainstorming this issue and trying to find a solution to this problem. But as someone who isn't a programmer or network guru, I am finding it very difficult to make the leap from theory to solution. I really need to get some help with this.

BACKGROUND INFORMATION ON THE STOCK TRADING PROGRAM

The program uses the .Net framework and appears to rely heavily on XML. The primary function of the program is to display real-time non-delayed charts of the price of stocks. The program has built-in datafeed connectivity and is designed to be used with all of the major providers of stock market price data. If one has a subscription to a stock market data provider, it is simply a matter of entering one's user name and password into a connection wizard provided by the program. The program can then automatically connect to the data provider via the internet. Once a connection is made, real-time charts of stocks can be displayed. As you can imagine, to do this, the stock-trading program requires both inbound and outbound Internet access so that it can communicate with the datafeed provider and thereby display price data on any particular stock. The data providers are 3rd parties; they are not linked to the company that produces the software.

The stock-trading program allows the user to add a variety of mathematical studies, known as indicators, to each stock chart. For instance, if one had a chart that showed a stock's price over a period of time, one could add a moving average of the price to the chart. Such indicators help traders identify buy and sell points.

The program also allows the user to create custom indicators by means of a wizard. Once a custom indicator is created by the wizard, it is possible to edit it and have quite a range of freedom without the necessity for a great deal of programming knowledge. Both the indicators included in the program--and any customised indicators that are created by the end-user--are written in a "script," which according to the program's help file, is an extension to the C# language. Before any custom indicator can be used, it has to be compiled. The program has a built-in facility for this function. The program's help file states that it uses C# and the .Net framework and runs compiled code rather than interpreted code.

THE CONCERNS THAT I HAVE

Many people within the stock trading community are concerned about the potential for trading programs to take advantage of their connections to the internet. Indeed some very astute traders within the professional community have personally told me that this type of snooping activity does occur. I'm sure that it wouldn't take much programming savvy on the part of the developers to instruct the program to send the source code of any custom indicators back to the developers.

While I do not have the security resources available to professional traders, it would be irresponsible to simply turn a blind eye to this--it makes sense that a company could easily use the collective knowledge of professional traders to gain knowledge to help develop their stock trading software. I do not want to unwittingly enable the developers of the program to use my own indicators within their commercially available software.

While my interest in the stock market could be described an amateurish hobby as I do not use it to support myself, it is nonetheless my life's work. I do not like the prospect of someone pirating the result of so many years of effort.

In my efforts to tackle this problem, I have used a firewall (McAfee) to ban all ip addresses except the three that the datafeed uses. When I restrict internet traffic in this way, the program displays an error message that it can't connect to its licence servers, but otherwise seems to function without problems. Also, judging by what I see in WireShark there is no ip traffic except the data to the three datafeed ip addresses.

As someone who is not too familiar with networks, I am by no means certain that a lack of ip traffic would indicate that the computer is effectively locked down. I would think that there are other means of communicating that would be unaffected by an ip blocking firewall.

POTENTIAL SOLUTION #1 (NETWORK)

I have come to the conclusion that perhaps the best way to improve security is by using a network of two computers. The first computer would have a copy of the stock-trading program on it and would have complete access the internet, however the program would have none of my custom indicators loaded or saved. The data that is received via the internet in the first computer would be forwarded onto a second computer. The second computer would also have a copy of the program on it but no connection to the internet and would only receive the data forwarded to it by the first computer.

I had envisioned a two-computer set-up as a means to providing a higher level of security. My reasoning was that a network of two computers--one with an open connection to the internet and a second without a connection to the internet--would offer the advantage of isolating the program along with my custom indicators on the second computer. There must be a way of using the first computer to collect the data from the datafeed and then forward that data by some network mechanism on to the second computer without having the second computer send back any information.

I don't know if this reasoning is correct, but from my perspective it seems logical. Unfortunately, I don't know how to achieve this--or indeed if there is a better or easier way of achieving this.

POTENTIAL SOLUTION #2 (PROGRAMMING)

As I noted earlier in this post, the stock-trading program has built datafeed connectivity and is designed to be used with all of the major providers of stock market price data.

Knowing that the stock-trading program utilises .NET and C#, would it be possible to write an intermediary program that would be "placed between" the stock-trading program and the internet?

Currently, the stock-trading program sends a request for data directly over the internet. Would it be possible for a custom program to read that request data and then create a virgin data request of its own? In effect this would cut the outbound communication between the stock-trading program and the internet.

When inbound data arrived, a similar process could take place. Thus, no data would pass through the custom intermediary program. Instead, it would be translated by that program and sent onward in a virgin form.

SUMMARY

So, in summary, my concern lies in whether the program is abusing its connection to the internet. And my objective is to somehow control the program so that it can receive price data through a datafeed, but neither send nor receive any other information via its connection to the internet.

I am not concerned about random attackers. I have always used a firewall/antivirus/antispyware to minimize exposure and use my trading computer only for trading. It is not connected to any other computers at home. When I'm not trading, it is unplugged from the internet.

I hope I have provided a clear picture of my problem and what I hope to achieve in a solution.

I would very much value feedback on which of the two approaches would be the most secure and which one would be easiest to implement. As I do not have a background in networking or programming, I will likely have to hire someone to put this together if I can't research my way forward. It would certainly be very helpful if I could get a general road map of how these solutions would be implemented.

And, if anyone else has a different approach, I would certainly welcome any suggestions or ideas.

 

Hello,

Are you using secure connection (SSL)? That would be another think to consider. Another would be creating certificates for each site, even each client, so data can go to/come from only trusted hosts, kept in a separate trusted-hosts-file.

Firewall might also work, limiting connection to the app to only specific ips and only from specific ips.

Mrk

 

Hmm. Very interesting problem.

As Mrkvonic says, limiting network activity to specific ip's sounds like a logical idea. You can tighten up most firewalls and even ipsec so that it should be pretty restrictive for that specific program/address-port.

Your idea of using 2 computers, sound good in theory. However, to do this will require the program to have some sort of 'local feed' option, or allow a custom way to tell it where to get the feed from. As well, the internet facing machine will have to have a relay or output feature, where it can re-send the streaming data into the local network.

Short of those options, it may be possible to open a local file? If this is so, one could write a script that gets the data from the streaming source, writes it to disk, and then point the stock program to a local file.

I would think those companies that would like to remain reputable in that field would create a standalone module for the features you fear they might share. This way one could totally isolate that .exe from the internet, yet still use it to do the stuff you don't want them stripping from you.

With you not knowing any programming, if some of the features you want are not built into the program already, you are probably out of luck. You would need to actually have the program and see what it does etc etc to be able to program for it. Maybe you can poke around some programming forums. Perhaps someone has already done this.

For now, if limiting that program to a few specific ip's does not stop the program from working, I would do that. At least until you see what else develops.

Sul.

 

IMHO, what you've done already in limiting IP traffic to the datafeed IPs is good enough, but here are some other things you could do:

a) On a machine with no Internet access, develop the custom scripts, and then use an obfuscator and use only the obfuscated compiled results on the machines with Internet access.
b) If possible, include "phone home" functionality in your custom scripts, reporting via email or other mechanism if the IP address on the machine running the script is outside of the range of IP addresses used in your company.
c) Include many decoy custom scripts that do nothing useful or give wrong results. You know which custom scripts should be used, but the developer of the program won't.

 

I'm not sure if you enforced this ban system-wide or just for the specific app. If you didn't enforce the ban system-wide, you'd be more vulnerable to leaks. Search for "leak tests" in your favorite search engine for more information.