Security

Introduction

This document outlines the updated security measures and protocols in place at QuestionPro. Our commitment to safeguarding data and ensuring the integrity of our systems is paramount. This document includes recent enhancements to our security infrastructure, including the integration of Cloudflare's Web Application Firewall (WAF), advanced network firewall strategies, and the utilization of VPNs for secure remote access.

Cloudflare's WAF is a cutting-edge, cloud-based solution that provides robust protection against a variety of cyber threats targeting web applications, APIs, and websites.

• Enhanced Security: Offers robust defense against common vulnerabilities like SQL injection and XSS attacks.
• DDoS Protection: Effectively mitigates the risks of DDoS attacks.
• Performance Optimization: Improves website performance through global caching and optimization strategies.
• Seamless Integration: Easily integrates with existing infrastructures, eliminating the need for physical hardware.

Overview:
Network centralized hardware firewalls serve as a primary defense mechanism against external threats, monitoring and controlling the flow of data in and out of the network based on pre-established security rules. In the evolving digital landscape, securing systems against external threats is crucial. Traditional firewalls have been effective since the 1980s, but Next-Generation Firewalls (NGFWs) blend traditional and modern technologies for optimal digital protection.

• Monitors Network Traffic:
• Effectively analyzes incoming and outgoing data to prevent threats.
• Empowers IT teams to manage protection levels based on observed network activity.
• Stops Virus Attacks: Controls system entry points to thwart virus attacks. Mitigates potential immeasurable damage caused by rapidly evolving threats.
• Prevents Hacking: Crucial defense against unauthorized access to data, emails, and systems. Deters hackers or stops them entirely, safeguarding against data theft.
• Stops Spyware: Blocks spyware and malware infiltration into complex systems. Acts as a vital blockade against unauthorized access and data theft.
• Promotes Privacy: Proactively protects data, fostering trust with customers. Enhances competitiveness by showcasing robust data protection as a selling point.

Network Firewall Advantages for Enhanced Security:
Our network security with Next-Generation Firewalls (NGFWs) with numerous benefits:

• Versatility: Real-time upgrades provide flexibility and adaptability. Centralized deployment facilitates quick adjustments to changing threat landscapes.
• Intelligence Port Control: Multi-layered protection surpasses traditional single-layer port approaches. Application-level security ensures better control, transparency, and data management.
• Simple Infrastructure: Streamlined infrastructure allows easy deployment of policies from one device. Transparent controls grant flexibility in managing network access.
• Updated Threat Protection: Integrated security measures (firewall, antivirus, ransomware protection, intrusion detection) enhance cooperation and simplify management. Deep packet inspection (DPI) provides a more informed decision-making process for data flow.
• Consistent Network Speed: NGFWs maintain high throughput without compromising security. Protect systems without sacrificing operational speed.

VPNs extend a private network across a public network, allowing secure data transmission as if the devices were directly connected to the private network.

• Secure Remote Access: Ensures secure access to corporate resources from any location.
• Data Encryption: Provides robust encryption for secure data communication.
• Privacy and Anonymity: Maintains user privacy and anonymity online.
• Geographical Freedom: Enables access to regionally restricted content and services.

Understanding the advantages and potential drawbacks of Virtual Private Networks (VPNs) is crucial for informed decision-making within your organization. Despite some limitations, the benefits of using a VPN can significantly enhance your business's security profile.

• Secure Your Network: Effectively safeguards network integrity by preventing unauthorized access. Protects transmitted data, ensuring security and anonymity.
• Hide Your Private Information: High-level security, such as 256-bit encryption, conceals sensitive information. Mitigates the risk of hackers intercepting and misusing personal data.
• Prevent Data Throttling: Avoids service slowdowns imposed by internet service providers (ISPs) after data consumption. Conceals data usage, especially beneficial for mobile use and remote work.
• Avoid Bandwidth Throttling: Encrypts mobile traffic, preventing ISPs from intentionally slowing down internet speed. Enhances privacy by masking visited websites, reducing the likelihood of throttling.
• Get Access to Geo-blocked Services: Acquire a different IP address, enabling access to restricted content based on location. Facilitates unrestricted use of online services and information.
• Network Scalability: Cost-effective solution for expanding network access to multiple employees and remote workers. Enables running key applications in a secure cloud environment through the VPN tunnel.
• Reduce Support Costs: Shifts maintenance, performance checks, and security responsibilities to the VPN service provider. Offers potential cost savings by leveraging the service provider's infrastructure management expertise.

Site-to-Site VPN Overview:
A site-to-site Virtual Private Network (VPN) establishes a secure and encrypted connection between VPN gateways situated at different locations. This VPN tunnel encrypts data at its source, sends it over the public Internet, and decrypts it at the destination site before routing it to its final destination.

Benefits of Site-to-Site VPN:

• Secure Connectivity: Encrypts all traffic passing through the site-to-site VPN, ensuring the protection of business data against eavesdropping and unauthorized modification during transmission over the public Internet.
• Simplified Network Architecture: Facilitates the use of internal IP address ranges for devices within LANs. Eliminates the need to convert internal addresses to external ones for public Internet accessibility, maintaining the "internal" status of traffic between LANs.
• Access Control: Streamlines access control by treating site-to-site VPN users as "internal" users. Simplifies rule definition, allowing for easier management of network resources, particularly those restricted to internal access only. External users are inherently blocked from accessing these resources.

• Privacy Policy
• Terms of Use
• Browser Requirements
• Performance Metrics
• Data Centers
• Data Rentention Policy