Administrative firewalls

In order to guarantee that no unauthorized person has access to the systems all network traffic to and from the server is protected by central firewalls. These firewalls are packet filters.

The online platform (including any downstream systems) is protected against the Inter-net and other data networks and systems in QuestBack’s computer centre by firewalls (operated in a “demilitarized zone” (DMZ)). The firewalls are configured in such a way that the platform can only be accessed from the Internet via HTTPS (TCP port 443). Access from internal networks is only possible via the protocols that are mandatory for the administration and surveillance of the platform.

Staff can only access the online platform through HTTPS with an asymmetrical key comprising 1024 bits and a symmetrical key comprising 128 bits. An appropriate SSL server certificate from an accredited certification authority can be installed on the online platform on order of the client.

Only encrypted protocols (SSH or similar) are used to allow staff administrative access to the platform.

Direct remote/dial-in access to the online platform (e.g. for maintenance purposes) is not permitted. All accesses of this type take place using encrypted protocols (SSH or similar) after prior reliable authentication. Access is only possible from the agent’s data networks.

Additionally, the physical systems are protected by anti-theft measures (video surveillance, alarmed windows and doors, motion detectors, patrols by security officers, etc.).