Network Security Guide
This guide describes recommended network controls for deploying Invisiq in a secure, network-isolated environment.
Design Principles
Section titled “Design Principles”Invisiq is designed to operate in a network-isolated environment. The only required outbound internet connection is to auth.enprivacy.com for user authentication and entitlement. All other features work without general outbound internet access.
Required Outbound Connections
Section titled “Required Outbound Connections”| Destination | Port | Purpose |
|---|---|---|
auth.enprivacy.com | 443 (HTTPS) | User authentication and entitlement |
All other outbound internet connectivity can be blocked at the network layer.
Recommended Firewall Rules
Section titled “Recommended Firewall Rules”Inbound
Section titled “Inbound”Outbound
Section titled “Outbound”Network Segmentation
Section titled “Network Segmentation”TLS Configuration
Section titled “TLS Configuration”- The application exposes HTTPS endpoints only; HTTP is disabled or redirected.
- Internal service-to-service communication uses TLS 1.2+.
- TLS should be terminated at your load balancer or ingress controller using a certificate from a trusted CA.