TT trading systems utilize various mechanisms that effectively prevent unauthorized traders from accessing the system.
Guard Server works in tandem with Guardian and the WUAS to ensure secure access to TT Gateway programs and TT client applications. When traders log into a TT Gateway using a client product such as X_TRADER®, Guardian forwards the trader’s login to Guard Server. Guard Server then queries the WUAS on the TT Gateway (or Domain Controller). If the trader’s username and password does not exist as a Windows user, Guard Server refuses the connection.
Guardian authenticates all client application logins to the TT Gateway. For traders to access the exchange through this gateway, you must set up usernames and passwords in the WUAS either on the TT Gateway Server or a domain controller. Trader usernames consist of the login data used by the trader (a concatenation of their Member ID, Group ID, and Trader ID). For details on entering usernames and passwords in the WUAS, refer to Adding Trader and Admin IDs to the WUAS.
DH Parameters File
The DH parameters file is a Diffie-Hellman encryption file. This file encrypts your login information (for example, password and ID) so that it is not disseminated over the network as clear text.
If you are concerned about security, TT recommends that you generate a new DH parameter file periodically. Generating new DH parameters encrypts your login information with a fresh algorithm.
The TT Gateway Server and client workstation (such as X_TRADER®) create a public and private key pair based upon a common set of parameters. This set of base parameters resides in a file located on the server. The server and the client exchange their public keys with one another. Upon receipt of the other machine’s public key, the receiver creates a secret key that is used to perform the encryption and decryption. All packets sent from the client machine contain the public key and the encrypted data (login information). The server then performs packet decryption by using the secret key.
The use of DH parameters bolsters security in that it is nearly impossible to ascertain the secret key being used. To decrypt login information, an illegitimate source must access the private key that each involved party holds. Trading data is not encrypted by the DH parameters.
To generate a DH Parameter:
- Perform an administrator login
and leave Guardian open.
Refer to Performing a Guardian Admin Login.
- On the Admin menu,
click Distribute DH Parameters.
After a small delay, a Guardian prompt box appears stating “DH parameters transaction successfully completed.”
- Click OK.