sysctl ab



last updated: 2017-10-13

Deaddrop is a web based secure file transfer appliance. It is designed from the ground up with security in mind. Operating system, sub systems, web server and web applications are all hardened. The deaddrop application is used to transfer files between single persons or groups of persons as easy as possible. Usability and awesome security features, was key design properties built-in from the beginning.


Only by having an appliance, not using a service by some unknown entity on the other side of the Internet, one has the possibility to have control over file imports/exports into an organization, to have a policy compliant way to transfer information, to have security controls in place that you configure and control

Usecases include having deaddrop...

  • as a file distribution mechanism for projects working with internal and external partners
  • a chokepoint and controlpoint for importing files to an organization, for example patches and executables that is not covered by automatic patch solutions (e.g. WSUS)
  • a controlled way to export sensitive files to third parties, e.g. contracts or reports, to get access control, secure transport and not least an audit trail with timestamped upload and download recepits.
  • a controlled way to export documents to members of the board, with full access control, secure transport and not least an audit trail with timestamped upload and download recepits.
  • a printing company that need to receive large files. Sensitive files better not be sent by traditional unencrypted FTP or mail
  • a data washing machine, that is used to check that only allowed content is exported. And that information is checked before beeing forwarded
  • an internal distribution mechanism, as a datalock, between different security zones, where only certain files are allowed to be transferred in certain directions

Do not hesitate contact us for more details or requesting a demo!

Download security white paper (swedish)

Download the API documentation

Download the requirements documentation

Download the server specification documentation

Important security features include

  • File up and downloads are protected by TLS
  • Hardened operating system with minimal and restricted install
  • Hardened web server installation, including TLS configuration
  • HSTS (HTTP Strict Transport Security) to force use of always encrypted HTTPS traffic
  • No usage of database in back-end to simplify solution and minimize attack surface
  • Files are virus scanned with multiple antivirus scanners
  • Authentication with onetime passwords sent by SMS
  • Receivers do not need to have an account to receive files
  • All files are set to only exist on the server for a time period that the uploader control, between 1 hour and 14 days
  • Files can get a digital watermark as they are sent out, to notify the receiver that it is a personal copy he receives
  • Advanced view allows you to view file metadata and cryptographic checksums of files
  • Massive logging on activities in the appliance
  • Control of password complexity for onetime passwords
  • Automatic logout of inactive users
  • Web part is designed and implemented with several layers of input data validation
  • Web part is designed and implemented with support for CSRF (Cross Source Reference Forging) protection
  • Support for CSP (Content Security Policy)
  • No sideloading or mashup of data, or program code
  • Automatic patching and update mechanism of OS, software packages and applications to implement an evergreen solution
  • Digitally signed program packages from sysctl
  • Source code available for assessment and review for customers

Usability features include

  • Clean user interface
  • Simple 3 click-to-send setup with reasonable defaults
  • Receiver does not need to have an account to receive files
  • As simple to send one file to one party as sending multiple files to many receivers
  • Support for multiple languages (english, swedish, finnish, estonian, german, dutch)
  • Possibility to transfer very large files (many gigabytes)
  • Sender get receipt when file is downloaded
  • Receiver get reminder notification if file is not downloaded for some time
  • Built-in online help system
  • User inbox and outbox
  • Automatic purging of messages by policy

Technical features

  • Support for several 3rd party SMS gateway suppliers
  • Support for local SMS modems
  • Built using mature technology: Linux, Apache
  • Built for Internet standards: TLS, HTTP, SMTP, NTP
  • Hardened SElinux policy enforcing all processes
  • SElinux MCS isolation between users
  • Seccomp-bpf enabled on all user facing code

Features in upcoming releases include

  • Whitelisting of files
  • Blacklisting of files
  • Timed release of files, upload a file that gets released tomorrow or in two weeks
  • Metadata cleaner to allow an uploader to clense files
  • ActiveDirectory integration
  • SAML support
  • Support for TSP (Time stamp protocol) for cryptographically timestamped audit trails that a certain file passed a certain time
  • additional authentication methods
  • Enhanced statistics and administration pages
  • Additional languages supported