Security Information - Singapore
Personal Firewall / Internet Security
A firewall is a protective boundary that monitors and restricts information
that travels between your computer and a network or the internet. You
need to configure personal firewall software to allow access.
The following configuration information applies to Singapore:
- site: *.iress.com.sg
- port: 6080 or 80.
Network IP Addresses
- 220.127.116.11 / 255.255.255.0
|Note: Use "Networks"
instead of "Hosts" when configuring firewall rules.
Windows firewall port details
- Name: webIRESS
- Remote Port number: 6080
- PDS: research.iress.com.au
- Data feed: webdf.iress.com.sg
- Web server: web.iress.com.sg
Other security configurations
- Allow cookies from iress.com.sg
- Allow pop ups from *.iress.com.sg
- Add the following URLs as trusted sites:
Firewall and Network Configuration
The direct connection via port 6080 is recommended for the most efficient operation of this application.
To use this product from behind a corporate firewall using port 6080, the following is required:
- The firewall must allow the users to establish an outbound TCP connection to the Data Feed server(s) on port 6080. All communications to the data is accomplished via this single connection, and can only be established from inside the firewall. Data Feed servers never initiate the connection to the desktop.
- The firewall must be capable of operating in a "transparent" mode. That is, it must look like a router to the network even if it is an application proxy firewall. Some, but not all, proxy-based firewalls can be configured to operate in the required manner.
- The user's network must be configured to route packets addressed to non-local networks through their Internet firewall. To accommodate the connection to a remote server, the local LAN must be ready to handle traffic addressed to non-local hosts. A "default route" may or may not be currently configured on a corporate LAN where a proxy-based firewall is used.
- Special dispensation for the server "WEBDF.IRESS.COM.SG" to be able to connect to port 6080. The opening of a specified port on a firewall to initiate outward bound connection to a remote server does not pose a security threat to the local intranet/WAN. No inward bound connection can be instantiated by a remote address. This works in the same manner as port 80 on a proxy server.
The client software will attempt to initiate a direct socket connection to port 6080 on the Data Feed server. When a direct connection is unavailable, a lower quality connection will be established via port 80 using the HTTP protocol. This connection will work via the same proxy used to retrieve web pages for the browser.
With either connection (port 6080 or HTTP port 80), the firewall must not remove Java applet tags from incoming HTML. Some firewalls can be configured to strip Java applet tags from incoming pages. This product cannot work through such a firewall unless special dispensation is given to HTML from the source server (WEB.IRESS.COM.SG).