Why Is QuotaGuard Shield More Secure Than QuotaGuard Static? - Static IP's from QuotaGuard

Why is QuotaGuard Shield More
Secure Than QuotaGuard Static?

QuotaGuard Pricing Separator

The Story Behind QuotaGuard Shield

Shield was developed at the request of our healthcare customers that required a HIPAA compliant solution that would guarantee a full, end to end encrypted solution and be acceptable for Internet traffic that routes HIPAA, Financial/FinTech, and Personally Identifiable Information (PII), or other secure information.

There were two issues that needed to be addressed to make QuotaGuard Static a truly end to end secure solution.

For security-conscious implementations, even with a full end to end HTTPS connection, the proxy username, password, host, and port are sent in the clear between the internal source and the QuotaGuard proxy. This is true for any HTTP/SOCKS proxy provider (despite what they may tell you).

To enable routing for HTTPS connections, companies had to upload their SSL certificates to an external proxy server, opening up another attack vector that could be exploited in the event of a compromise of the routed traffic or illegitimate network/physical access to the certificate storage location.

Therefore we created QuotaGuard Shield to solve these problems.

Heroku Static IP's from QuotaGuard Service and Features
Differences between QuotaGuard Static and QuotaGuard Shield for Heroku Static IP's

Shield Handling of Private Keys

To maximize security, a customer or organization is not permitted to share their SSL certs/private key(s) with a QuotaGuard Shield solution to prevent any PII from being potentially exposed in the case the QuotaGuard system or network traffic is compromised or stolen.

Shield Outbound Service

Shield’s HTTPS and Secure SOCKS outbound service can be used with many languages directly or with our QGPass wrapper program.

When using HTTPS requests through the HTTPS proxy, the data is encrypted from end to end (like an HTTP proxy) and your credentials to the proxy are encrypted as well (unlike an HTTP proxy) and the data is never decrypted at any point in the journey – to include endpoints – because we do not maintain the private key of the sending/receiving organization(s).

Shield Inbound Service

Shield’s inbound proxy uses SSL passthrough.

When sending an HTTPS request through the QG Shield inbound proxies, the HTTP data is encrypted end to end. We use SNI to route your requests to the correct location, so there is no need to give us your SSL certificates and your data is never decrypted at any endpoints, for the same reason, because we do not have the private key of the sending/receiving organization(s).

Regardless of HTTP (QG Static) vs HTTPS proxy (QG Shield), if you are connecting to an HTTPS server through the proxy, the data itself is encrypted from end to end, but the authentication credentials, final destination hostname, and port would still be in the clear with any other proxy service.

If you have any questions about the differences, please feel free to email us at Support.

We use cookies to understand how you use our site and to improve your experience. This includes personalizing content and advertising. To learn more, click "more information" link. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close