Advanced Firewall

I have software that runs on my computer, downloaded from a brokerage firm. I have added scripting to a charting software package from a third party that talks to the brokerage software via their API. My intellectual property is in the scripts I'm running. I have to give the brokerage sofware access to the internet to send orders to the brokerage. I am concerned about backdoors that may have been written into the brokers software that could upload my intellectual property to the brokerage url and then be stolen. In reading up on firewalling I see that it is largely concerned with url blocking and spoofing. I can get a stateful packet inspection box and set it up allow only necessary url but I would like to be able to control the type of information being sent to the brokerage, is that doable? Do I really have cause for concern?
maxpiAsked:
Who is Participating?
 
BrughConnect With a Mentor Commented:
Normally, especially without highly protected data, such as financials(which I assume is what you mean by brokerage) the communication channel between client and sevrer will be ecrypted and limited as to what types of data is being sent. This is to protect both client and server.

Basically, its an EDI transmission which normally ONLY sends the encrypted "order form" if you will.  The server expects the transmission to be formatted exactly the same way each time.  In doing this, they can parse every packet that comes in the door to make sure its formatted correctly..etc.  

If, howveer, your scripts change the way data is presented to the brokerage, then you may have an issue.

 - Brugh

0
 
BrughCommented:
If its third party then i would think that the scripts would not be "known" by their product and therefore not uploaded.

Also, normally they are just as concerend with Security and performance so the pinhole that they have setup to send/receive is most likely encrypted and only sends data specific elements back and forth.(as I believe you mentioned that it is only sending/receiving orders)

So yea, i wouldn;t worry too much about it, however, without knowing the Brokerage Application or the Scripts you wrote, its hard to say for sure.
0
 
maxpiAuthor Commented:
Ok, they set up a pinhole, that makes sense. My supposition is that the brokerage is not aware of the backdoor a rogue coder put in their software but the coder knows their firewall and can sneak things across it. Maybe I should not be looking at firewalling but just blocking file access.. It's probably not hard to limit access to the script source code to only the third party software environment that it runs in. How difficult would it be to capture my [interpreted, I believe], running, script while it was running, upload it and reverse engineer it? Assume that the thief in the brokerage has access to my account and sees that I make lots of money with this script and therefore it is worth some effort to steal the script..
0
 
maxpiAuthor Commented:
If the brokerage pinhole is encrypted does that frustrate a rogue coder from sneaking stuff across the firewall?
0
 
BrughCommented:
^ Wow, that's what i get for typing while on the phone...  i got letters transposed all over the place. hehe

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.