IT Fact Sheet
Who are we?
We are the first port of call when it comes to the simple provision of personalized, confidential, and highly available access to decentralized IP end devices via the Internet. We always think in terms of “security” and “safety”.
What do we do?
HOOC develops, operates, and maintains software platforms and hardware components for secure, personalized, and reliable remote access to devices in local area networks via the public Internet. The goal is to be able to link the connected devices as functional blocks within the software platform to create new, higher-value services.
How do we do it?
The HOOC gateway (HOOC Connect) establishes an encrypted VPN connection from a site (remote network infrastructure) to the HOOC Cloud. In the HOOC Cloud, a separate, virtual, and completely isolated network is created for each facility.
On the user side, the HOOC app functions in the same way to establish an encrypted VPN connection to the HOOC Cloud for the corresponding virtual network. Once the connections have been established, a “virtual network cable” (Ethernet, Layer 2) is created between the system and the HOOC app. All protocols provided in the system’s network can be applied accordingly when using the HOOC solution.
The network traffic transported via HOOC is encapsulated in HTTPS and therefore appears as normal HTTPS-over-TLS network traffic.
Why is it safe?
Encryption
All network traffic is encrypted using the latest and most common methods:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Authentication of participants
The HOOC gateways are equipped with unique certificates for authentication to the HOOC Cloud.
The HOOC gateways and the HOOC app verify the identity of the HOOC Cloud by using certificates.
No port forwarding
No ports need to be opened or forwarded on firewalls in order to operate the HOOC gateway. This means that no access points to the local network are created that could be misused by third parties. Instead, the HOOC gateways establish a connection from the local network to the HOOC Cloud.
Personal passwords and two-factor authentication
The supporter approach gives every user of the HOOC app their own personal access with a password and optional two-factor authentication. This prevents passwords from being passed on to other users. It also allows users to be uniquely authenticated.
Time limit on access
Personal access can be time-restricted. This means that when creating access, you can specify when it starts and how long it is valid.
Access logging
Access via the HOOC app is logged in the HOOC Cloud. This means that it is possible to track at any time which user was connected to the remote network, at what time, and for how long.
Network filter
Network filters in the HOOC Cloud allow access to network resources to be further restricted based on MAC and IP addresses, protocols (TCP, UDP, ICMP), and ports. This allows access to be defined in a very targeted manner.
DevOps and microservice architecture
HOOC AG develops and operates its cloud using state-of-the-art DevOps methods. This guarantees traceable testing and automated rollout of the HOOC Cloud.
The microservice architecture also allows agile and targeted expansion of functions and rollout of security-related fixes.
Security audits
HOOC’s applications have been awarded the rating “Excellent” by the Swiss cyber security expert InfoGuard, guaranteeing above-average security standards. HOOC’s solutions are designed to meet the highest security requirements and are therefore ideal for use in critical infrastructure and government applications.
Reliable operation
The HOOC Cloud has been operated with 99.9% availability in recent years, making it extremely reliable. Maintenance windows are communicated in a timely manner and designed to minimize disruption to users. The HOOC Cloud is operated in accordance with the highest security standards.
Swiss data center
The HOOC Cloud is operated exclusively in certified Swiss data centers that meet the requirements of the Swiss FINMA and a range of certifications:
- ISO 9001:2008
- ISO/IEC 27001:2013
- PCI DSS 3.2
- SOC-1 type II
- SOC-2 type II
IT requirements
The following requirements must be met by the IT infrastructure in order for HOOC gateways and HOOC apps to function properly:
- Communication with the domains *.hooc.me must be possible.
- Port 443/TCP outgoing, whereby the connection must not run through a web proxy.
- Port 53/UDP outgoing, all subdomains of hooc.me must be resolvable.