Security with trading server

#1
Hi all,
First, I have nothing to sell, no advise to formulate.
As I have not found any thread related to security, this is the place.
First of all short history:
MT4 serious trader since around 2010
Have started trading in the past with a VPS close to the data center to avoid latency, then have canceled it. Too much virtualization from the service as CPU was freezing due to heavy calculations.
Then went on a Data center tier/4 dedicated server secured with Norton registered Pro version (End point protection).
Yes , ones have to be serious to trade with appropriate tools to go live. That Raid dedicated server was solely working for trading, supposed to be fully protected with Symantec Norton End point protection. And do you guess what? After 3 years of service , (constant update and monitoring) the server has been hacked and all files have been stolen, EAs, Indics...
So from that point trading has been terminated leaving me time to dig on security files.
About Meta Trader software: MT website says that it uses an AES encription code see https://www.metatrader5.com/en/termi...anced/security and see https://www.metatrader5.com/en/termi..._authorization for ref see http://www.ipcores.com/aes_ip_core.h...BoCVHoQAvD_BwE so the problem does not come from MT but from the dedicated server used for trading.
Symantec did a POA ( procedure of action) to identify the hacker. Unfortunately Symantec software wasnt able to protect the server against a stealth robbery. ( Ask yourself if you will use Symantec Norton on your next computer). From this point I have decided to temporarily stop trading and dig into the hacking world to get some more infos about trading server protection. Time to learn to get better tools to trade safe in the future.
So, about you now , what do you do to protect yourself?
Have you ever heard of this page?
https://www.computerworld.com/articl...veillance.html
and this one:
https://leaksource.wordpress.com/201...ware-firmware/
I do not say that its NSA who did that , but if one can do it, someone else can do it too.
Do you need more?
https://hackernoon.com/hacking-a-bank-101-507d64d5b836
Do you want to learn?
https://null-byte.wonderhowto.com/forum/
or
https://www.virtualhackinglabs.com/?...tm_campaign=ht
In last January of 2018, at the Las Vegas CES some company has shown its Quantum computer 50 Qubits https://spectrum.ieee.org/tech-talk/...ntum-supremacy . With 100 Qubits (probably developed at the end of 2018 or early 2019) the crypto RSA could be hacked. See https://en.wikipedia.org/wiki/Shor%27s_algorithm bringning in danger all exchanges (Even credit , debit cards, Crypto curr. and so on) See https://en.wikipedia.org/wiki/Shor%27s_algorithm .Headquarters at RSA are actively working on that.
Also see
https://www.zerohedge.com/news/2018-...niaks-bitcoins

Wonder what will be the future of trading. Probably that the MT4 vs MT5 war will not come as new coding languages will soon come revolutionizing the trading environment.
By that time (I should say buy that time) if you have a 100% safe server environment, please share your lights.
Trade safe, stay secured and check your backs.
Happy trading
Sincerely
Tomcat98


Re: Security with trading server

#4
Hi all,
@LazarR
Thanks for your reply. "Paying too much attention to security" .You are probably right. Problem is if someone can enter your server or your computer , someone can open a 100 Lots order against the trend, and you will be fired. So Excess of security is not always bad.
@mlawson71
Thanks for your reply. Brokers advertise about their VPS services . That's right. Their VPS are often protected by 2 separate Firewalls, Software and Hardware. Hardware are too much virtualized and often freeze upon heavy calculations at Fx events ( eco results...) so I would not recommend such tools. Moreover these VPS are "their" services , means that EA's , strategies and so on are in the hands of the broker.
Digging into the soft hacking world it seems that it could be quiet easy to enter in traders PCs and servers. So at this stage , wondering what could be the future. If any one can en light that story.
Thanks to all.
Tomcat98

Re: Security with trading server

#5
Tomcat98 wrote:
Sun Mar 04, 2018 1:49 pm
Hi all,
@LazarR
Thanks for your reply. "Paying too much attention to security" .You are probably right. Problem is if someone can enter your server or your computer , someone can open a 100 Lots order against the trend, and you will be fired. So Excess of security is not always bad.
@mlawson71
Thanks for your reply. Brokers advertise about their VPS services . That's right. Their VPS are often protected by 2 separate Firewalls, Software and Hardware. Hardware are too much virtualized and often freeze upon heavy calculations at Fx events ( eco results...) so I would not recommend such tools. Moreover these VPS are "their" services , means that EA's , strategies and so on are in the hands of the broker.
Digging into the soft hacking world it seems that it could be quiet easy to enter in traders PCs and servers. So at this stage , wondering what could be the future. If any one can en light that story.
Thanks to all.
Tomcat98
Very interesting topic. The problem is, these guys do nothing else than to try a loophole in systems - and there are always one, even open barn doors from time to time. MicroSoft and it's security policy is horrible. How a billion $ big company can't manage to code a OS that is no Swiss cheese, I don't get in mind. Others have their problems, too. Apple, Intel, even Google (Alphabet) and when these companies publicize it partly after after months, it an old hat in hacker circles.

On the other hand, when someone hacked your PC and sees you make good profit, don't you think he copies your positions secretly? Brokers and MyFXBook do so, so why not the hacker. The server are maybe hacked for fun. Small groups or children want to get reputation, Norton is a good exercise, I guess. Your files are stolen? You mean deleted or did they leave a note? Did they do anything else? It's extremely bothersome, but as LazarR I don't see how you could safe you completely. Cutting the internet connection isn't a solution either. Ok, when they steal my files, they haven't much. They can't use it out-of-the-box, they need a few years to learn.

MT4 vs MT5 war? No encoding is safe, it's just a matter of time. MetaQuotes won't do much for security either. The real code encryption was overdue for years. On the other hand I wonder why you still use MT4/MT5 after all the years. It's slow, the execution time is bad (how much difference is there from PC and VPS?) and there are other companies who have specialized on that. The first company I have in mind is ProRealTime. They don't use MT4, of course, and clearly refuse to do so, understandably. Your virtualization problem shouldn't be no issue anymore. With cTrader (closer to MT4, but much faster) it should work like you did. I'm pretty sure your solution is to substitute MT4/MT5, so or so.


Re: Security with trading server

#6
"Very interesting topic". Yes indeed!
"when someone hacked your PC and sees you make good profit, don't you think he copies your positions secretly? Brokers and MyFXBook do so, so why not the hacker." you are right. Brokers make two category of traders, winnig ones and loosing ones. They then replicate the best probability RR in their books.
"The server are maybe hacked for fun." Could have been , yes.
"Small groups or children want to get reputation, Norton is a good exercise, I guess.", NO , definitely it's a very bad experience for me.
"Your files are stolen? You mean deleted or did they leave a note?" stolen,deleted, no notes, no wanacry.
"Did they do anything else?" , no , they haven't had enough time to.
" as LazarR I don't see how you could safe you completely. " You are right.
" They can't use it out-of-the-box, they need a few years to learn." For sure as I do use very special tools that need special training.
" I'm pretty sure your solution is to substitute MT4/MT5, so or so." Probably , yes.

Real future is to build a system as close as possible to the node. Trying to build that at this time. Hope I will succeed.
In the meantime, trade safe and happy pips.
Tomcat98


Who is online

Users browsing this forum: No registered users and 1 guest