A unique solution
Deaddrop is an appliance that can be used on-prem and in the cloud to allow users to share files more securely. Files will only be on the server during the time a file is shared and will be removed after the timer has expired.
A user can not only share files to multiple contacts, it is also possible to receive files from the contacts and without any file size limitation.
Users have an audit log which includes data about all sending and receiving files. The receiver has the possibility to view the metadata of the file before downloading.
The watermark functionality allows a sender to stamp the receivers email-address on every page of a PDF-file. This gives the sender better confidence in that the file will not be shared with others.
User-friendly from the core and on.
After sharing a file to a contact, the sender will get an email when the file has been downloaded. The receiver will get reminders if they have not downloaded the file before the files will be removed from the system. The history of sending and receiving will is accessible to the users.
The system is very easy to use and has a built-in help section to explain all functions. Only three clicks are needed to share a file to a person.
The interface has been built with responsive design and allows drag-and-dropping files to be shared.
The system is built for file sharing which simplifies the user interface and removes complex functions which require a lot of training before users can use the system. A user without a permanent account that should download a file will only get a one-page view with links to the files that can be downloaded.
Hardened and no side-loading of data.
By following OWASP recommendations and using all security functions available for web applications, deaddrop will be more secure compared to regular web applications.
By using a simple design without complex database solutions, common attack patterns like SQL-injection are erased in the solution. The software has been audited by several customers and no vulnerability has been found by anyone that could compromise the security.
By using a minimal Linux operating system and hardening, the exposure in the appliance is minimal. Hardening has also been measured against external standards like CIS. All packages are digitally signed and validated before installation. It is also possible to enable automatic patching to gain an evergreen solution.
Mature technology and standards.
User accounts can both be local accounts and accounts from external systems. When using external account databases the access to the system will be role based and only users in certain groups can log in to the system.
SELinux is one of the core functions to build a secure appliance. All parts use custom built policies and users are handled with MLS to remove all possibility to access another users files. Besides SELinux, Seccomp and other regular Linux functions are used to ensure that any potential bug will be protected by another security function.
To allow non MFA users access, the password will be distributed by text message to ensure that different transportation is used. A unique link to the account is sent over email. Deaddrop has support for several SMS gateways and new ones can be integrated. By using a local modem, almost every telecom provider can be used.