# Data Security **For the network security of the application we have enforced the following standards.** 1. Web Application Firewall (WAF) Configured at Domain level to prevent access to coronasafe.network from countries like US, China, Hongkong, Pakistan , Russian Federation Etc 2. Open Web Application Security Project (OWASP) core rule set based WAF rules implemented to provide protection against common attack categories, including Structured Query Language (SQL) Injection and Cross-Site Scripting. 3. Customised WAF rules created to prevent common attacks and Bot Access 4. Autonomous system number (ASN) based lockdown in WAF against common threat matrix. 5. Sanity Check Based Block and Rate Limiting Enabled 6. Network level Port Blocking allowing only port 80 and 443 from internet in the entire network 7. IP blacklist and lockdown based on Threat Score ( Score Greater than 8 is blocked) based on IP reputation. 8. Customised Content Security policy (CSP) Header implemented to prevent common Clickjacking and other attacks . 9. HTTP Strict Transport Security (HSTS) preloaded domain wide to enforce Hypertext Transfer Protocol Secure (HTTPS) only traffic with a Max Age of 1 year 10. Origin to domain, domain to domain, and domain to User traffic encrypted via Transport Layer Security 1.2 (tls1.2) and above 11. Content Security Policy (CSP) and Certificate Transparency CT violations monitoring done to update threat matrix 12. The Domain Name System Security Extensions (DNSSEC) enabled to prevent domain takeovers .(DNSSEC protects against forged domain name system (DNS) answers. DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner.) 13. Speed up of page load speed by the Implementation of Brotli Compression 14. HTTP/2 and HTTP/3(Quick User Datagram Protocol Internet Connections) enabled for faster network speeds 15. Automatic Branch based Continuous integration (CI) and continuous delivery (CD) to prevent unauthorised access. 16. New pods are created before old pods with old code is terminated. 17. Database backups (Snapshots) are created daily at scheduled intervals and stored with Key Management Service (KMS) keys securely inside Cloud Infrastructure without external Access. 18. All server nodes and Volumes and database Instances are Encrypted with KMS based Cryptographic Keys. 19. Database Connectivity allowed only using internal Private Network and allowed for the backend host only. 20. Virtual Private Network(VPN) + Jump Host( Bastion Host) Based Server Maintenance (Cluster Management Shell ) to enhance security. Reverse Proxying all network traffic to mask origin IP to enhance security.\ \ Apart from the above rules, additional measures could be added to enforce maximum security of data --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dev.coronasafe.network/security/data-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.