Networking and Encryption
- Networking throughout the app uses HTTPS encrypted communication
- Keys can be revoked for each unique user/device combination and are never kept in permanent storage
- TLS 1.2+ is enforced by the app at the device Operating System level
- OS-level encryption and sandboxing protects stored data
- Databases are encrypted with SQLCipher
- Everbridge servers are registered using DNS CAA records to prevent man-in-the-middle attacks
End points:
- member.everbridge.net (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
- https://mobilemember.everbridge.net/
- https://geolocation.everbridge.net/locations/batch (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
URL access:
- member.everbridge.net (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
- https://mobilemember.everbridge.net/
- https://geolocation.everbridge.net/locations/batch (Note: This is not a complete URL and will not work as is. The full URL depends on your site settings.)
- *.pubnub.com (for incident chat)
Apple push notifications:
- https://support.apple.com/en-us/HT203609
- TCP port 5223 (used by devices to communicate to the APNs servers)
- TCP port 2195 (used to send notifications to the APNs)
- TCP port 2196 (used by the APNs feedback service)
- TCP Port 443 (used as a fallback on Wi-fi only, when devices are unable to communicate to APNs on port 5223)
- The entire 17.0.0.0/8 address block is assigned to Apple, so it’s best to allow this range in your firewall settings
Android push notifications:
- https://firebase.google.com/docs/cloud-messaging/concept-options#messaging_ports_and_your_firewall
- Port 5228
- Port 5229
- Port 5230
- If you’re using Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for connections over ports 5228-5230. This enables us to provide reliable connectivity while reducing the battery consumption of your users’ mobile devices.
- FCM IPs change frequently so for outbound google connections: No IP restrictions OR all IP in IPv4 & IPv6 blocks listed in Google’s ASN of 15169
Article Feedback
Please sign in to leave a comment.