Security Overview

At Mutexer, prioritizing cloud security is non-negotiable. As a Mutexer customer, you can trust in our robust data center and networking architecture security measures for your peace of mind.

With respect to CloudLink, Mutexer adopts the following security practices:

• Wireguard is used as the VPN protocol: CloudLink establishes, operates and maintains dedicated Wireguard networks for each project. Mutexer handles the configuration, patching and maintenance of the Wireguard infrastructure.

• Server isolation: Unlike most VPN providers, each project you create in Mutexer has a dedicated Wireguard server assigned to it. Each Wireguard instance is logically separated on its own virtual machines, and only your organizations traffic will traverse your project's CloudLink network.

• Secure storage and transfer of cryptographic data: When you use CloudLink Tunnels all traffic traverses a secure TLS (HTTPS/WSS) connection. Any cryptographic data you provide to Mutexer is stored securely.

Wireguard

WireGuard is a modern VPN protocol known for its streamlined design and strong security features. Its security foundation relies on advanced cryptographic techniques, including Curve25519 for key exchange and ChaCha20 for symmetric encryption, ensuring protection against threats like passive eavesdropping and key compromise. WireGuard's minimalist codebase reduces the potential for vulnerabilities and enhances its auditability.

It employs the Noise Protocol Framework to defend against protocol-level attacks such as downgrade and man-in-the-middle attacks. WireGuard's design prioritizes simplicity, making it easier to analyze and scrutinize for potential security issues. The protocol's use of cryptographic hashing functions like BLAKE2s protects against tampering and data corruption, preserving the integrity of transmitted data. WireGuard's key management strategies, including the use of ephemeral keys and efficient key rotation, minimize exposure to key-related vulnerabilities.

In summary, WireGuard offers robust security through its combination of modern cryptographic primitives, minimalist design principles, and proactive defense mechanisms.

Isolation

In contrast to conventional VPN providers, Mutexer implements a distinctive approach whereby each project established within our infrastructure is equipped with a designated Wireguard server. This dedicated allocation ensures heightened security and efficiency, as each Wireguard instance operates within its own encapsulated virtual environment. By employing this methodology, we strengthen the segregation of network traffic, permitting only the transmission of data pertinent to your organization across the CloudLink network associated with your project.

Secure storage of cryptographic data

Any authentication data you provide to Mutexer when using CloudLink Tunnels, such as passwords or private keys is encrypted while in transit and during storage.

Every unique piece of supplied authentication data is encrypted with its own, unique internal encryption key. Mutexer uses hardware security modules (HSM) over APIs to protect and validate our internal encryption keys. All HSMs are vetted under the FIPS 140-2 Cryptographic Module Validation Program.