Data Encryption

All data at rest is encrypted using AES-256-GCM. All data in transit is protected with TLS 1.3. Database backups are encrypted before storage. Credential vaults use hardware-backed key storage where available.

Authentication

NetRecon supports multi-factor authentication (MFA) with TOTP, OAuth2 for third-party identity providers, and SAML SSO for enterprise environments. Session tokens are short-lived with configurable expiration. All authentication events are logged for audit purposes.

Architecture

Self-hosted deployments keep all data on your own infrastructure. No telemetry, scan results, or device data leaves your network. Cloud-hosted plans use isolated tenancies with strict data segregation. Probe-to-cloud communication uses mutual TLS (mTLS) through Cloudflare Tunnel — no inbound ports are ever opened.

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you have found a security issue in NetRecon, please report it through our vulnerability reporting page.

Contact

For security-related inquiries, reach us at security@netreconapp.com.