search

Network Security

hashtag
Network isolation

Rockhopper's infrastructure follows strict network segmentation principles:

  • Environment separation — Production and staging environments are isolated in separate VPCs. No cross-environment access is permitted.

  • Minimal exposure — Each component has its own firewall rules, exposing only the ports and protocols required for its function.

  • Private subnets — Databases, background processors, and internal services are placed in private subnets with no direct internet access. Only the API server and web application are internet-facing.

hashtag
TLS enforcement

All internet-facing connections require TLS 1.2 or higher:

  • Client-to-server traffic uses HTTPS exclusively

  • WebSocket connections use WSS (encrypted WebSocket)

  • Internal service-to-service communication follows AWS security group rules within the VPC

  • Unencrypted HTTP requests are automatically redirected to HTTPS

hashtag
Web Application Firewall

A WAF is deployed across the entire cloud footprint, providing protection against:

  • Injection attacks — SQL injection, cross-site scripting (XSS), and other common web exploits

  • Volumetric attacks — DDoS mitigation and rate limiting

  • Malicious patterns — Automated scanning and known attack signatures

PreviousEncryptionNextAccess Control

Last updated