End-to-End Wireless Network Security
Access Points & User Access
- KodaCloud Access Points do not allow any kind of external access. They connect to the cloud and only our Network Operations Center (NOC) experts can access them (via the cloud). Communications is done using HTTPS certificates.
- We offer a Captive Portal and Guest & Hidden SSIDs. SSIDs can be secured with WPA2 pre-shared key and 802.1x authentication. KodaCloud also supports RADIUS proxy and Management VLANs for additional security.
User Generated Data and Content
- All user generated data, usernames, passwords, authentication credentials, etc. remain within a customers local network.
- User-generated content is not allowed in the database queries and we use bind variables to prevent SQL-injection attacks.
Access Point, Platform & System Components
- All communication between Access Points and the cloud is protected by secure HTTP with mutual authentication.
- KodaCloud services are deployed inside a Virtual Private Cloud provided by Amazon Web Services. See https://aws.amazon.com/vpc/.
- Each component of the KodaCloud system has isolated permissions. Access is enforced by Amazon’s IAM service. See https://aws.amazon.com/iam/.
- Only authorized KodaCloud developers and Network Operations Center (NOC) experts have comprehensive access to the system via revocable roles and policies.
- The KodaCloud portal does not use any unsecured HTTP sessions or cookies to ensure that web sessions are never compromised.
Web Services and APIs
- Only a thin layer of web services is available externally and any access is protected by secure HTTP with authentication securely executed by digitally signed key pairs.
- All APIs enforce per-client data isolation and data ownership checks are performed for any customer-accessible API call.