The first thing to point out is that our unit sits behind your firewall alongside all your other network devices. And because we don’t require any port forwarding or DMZ designation, unsolicited traffic from the internet simply can’t reach us. But beyond that, our device connects into the cloud using an encrypted connection. Each one has its own unique 2048-bit RSA key pair and X.509 certificate associated with it, and there is absolutely no reuse of security credentials. In addition to the one TCP session (for connectivity testing and basic status messaging) we also exchange UDP test datagrams of various sizes with our regional cloud servers for performance and reliability testing.