Security & Firewall Rules

How we secure data and media, our AWS infrastructure & compliance posture, and the network rules recommended for best call quality.

Application & User Data

All access over HTTPS (TLS 1.3/1.2); credentials are hashed.
Optional 2-factor authentication (SMS).
Event access controls: each attendee receives a unique 12-digit key; access can be revoked any time.
Minimal PII (name, email, phone). Users may request changes or deletion; we never sell data.

Streaming Security (WebRTC)

DTLS secures data channels; SRTP provides encryption, integrity, and replay protection for media.
Device access (camera/mic) is explicitly permissioned and controlled by the browser.

Exhibits

Uploads/downloads over HTTPS.
Encrypted storage in Amazon S3 with access limited to owners.
Users authenticate before accessing exhibits; deletion is supported.

Infrastructure & Compliance

Hosted on AWS (primary us-west-2, DR us-east-1).

EC2

VPC

EBS (encrypted)

KMS

SES

S3 (encrypted)

IAM

CloudWatch

Inspector

Uses HIPAA-eligible AWS services; modern TLS in transit and encrypted volumes at rest.

Firewall Rules

LiveLitigation uses WebRTC in a peer-to-server SFU configuration. While TCP 443 often connects, opening the UDP ports below yields materially better media quality.

Video Service

IP Addresses

44.226.63.239
44.239.68.220
44.240.148.134
44.240.166.35
44.240.241.124
44.241.195.144
54.190.247.251
54.203.103.230
52.11.8.154
52.26.134.23
34.216.94.155

Ports

TCP 443

UDP 5000–65535

Audio Service

IP Range (CIDR)

185.167.188.0/22

Ports

TCP 443

UDP 7800–32000

If strict egress controls are required, allow the listed IPs and ranges over the specified UDP/TCP ports. If your network only allows HTTP/S, expect reduced A/V quality due to TURN over TCP.

Need help implementing rules or validating connectivity? Contact Support.