Deaddrop
Deaddrop is a web based secure file transfer appliance. It is designed from the ground up with security in mind. Operating system, sub systems, web server and web applications are all hardened. The deaddrop application is used to transfer files between single persons or groups of persons as easy as possible. Usability and awesome security features, was key design properties built-in from the beginning.
Only by having an appliance, not using a service by some unknown entity on the other side of the Internet, one has the possibility to have control over file imports/exports into an organization, to have a policy compliant way to transfer information, to have security controls in place that you configure and control.
Use cases include having Deaddrop
A controlled way to export sensitive files to third parties, e.g. contracts or reports, to get access control, secure transport and not least an audit trail with timestamped upload and download recepits.
A printing company that need to receive large files. Sensitive files better not be sent by traditional unencrypted FTP or mail
An internal distribution mechanism, as a datalock, between different security zones, where only certain files are allowed to be transferred in certain directions
As a file distribution mechanism for projects working with internal and external partners
A chokepoint and controlpoint for importing files to an organization, for example patches and executables that is not covered by automatic patch solutions (e.g. WSUS)
A controlled way to export documents to members of the board, with full access control, secure transport and not least an audit trail with timestamped upload and download recepits
A data washing machine, that is used to check that only allowed content is exported. And that information is checked before beeing forwarded
Features
Security
- Hardened operating system with minimal and restricted install
- Files are virus scanned with multiple antivirus scanners
- No sideloading or mashup of data, or program code
- File up and downloads are protected by TLS
Technical
- Support for several 3rd party SMS gateway suppliers
- Built for Internet standards: TLS, HTTP, SMTP, NTP
- Hardened SElinux policy enforcing all processes
- SElinux MCS isolation between users
Usability
- As simple to send one file to one party as sending multiple files to many receivers
- Receiver get reminder notification if file is not downloaded for some time
- Possibility to transfer very large files (many gigabytes)
- Simple 3 click-to-send setup with reasonable defaults
Features in upcoming releases include
Whitelisting of files
Blacklisting of files
Timed release of files, upload a file that gets released tomorrow or in two weeks
Metadata cleaner to allow an uploader to clense files
ActiveDirectory intergration
SAML support
Support for TSP (Time stamp protocol) for cryptographically timestamped audit trails that a certain file passed a certain time
Enhanced statistics and administration pages
Additional languages supported
Additional Authentication Methods