An unique solution
Deaddrop is an appliance that can be used on-preem and in the cloud to allow users to share files more securely. Files will only be on the server during the time a file is shared and will be removed after the time has expired.
A user can not only share files to multiple contacts, it is also possible to receive files from the contacts and without any file size limitation.
Users have an audit log which includes data about all sending and receiving files. The receiver has the possibility to view the metadata of the file before downloading.
With the watermark function that adds the receivers email address on every page in PDF-files can the sender get better trust the the receiver not sharing the file to others.
- Send one or more files
- Have one or more receivers
- Receive files from anyone
- Can add vissible watermark
- No file size limitation
- Email receipt when files has been received
- Log list of events
- No account required for Receivers
- software packages and applications to implement an evergreen solution
- Responsive design to work with both computers and mobile devices
- Cold standby server to gain higher availabillity and automatic backup
- Resume upload if any network errors accour when users are in less stable environment
User-friendly from the core and on.
Designed for everyone
After sharing a file to a receiver will the sender get an email when the file has been downloaded. The receiver will get reminders if they have not downloaded the file before the files will be removed from the system. The history of sending and receiving will is accessible to the users.
The system is very easy to use and has a built-in help section to explain all functions. Only three click are needed to share a file to a person.
The interface has been built with responsive design and allows to drag-and-drop files that should be shared.
The system is built for file sharing which simplifies the user interface and removes complex functions which require a lot of training before users can use the system. A user without a permanent account that should download a file will only get a one-page view with links to the files that can be downloaded.
- Sender get receipt when file is downloaded
- Receiver get reminders if a file not has been downloaded
- Automatic purging of messages by policy
- User inbox and outbox
Training not needed
- Built-in online help system
- Support for multiple languages
- Branding possibillities
- Simple 3 click-to-send setup with reasonable defaults
Built to only share files
- Possibility to transfer very large files
- Receiver does not need to have an account to receive files
Hardened and no side-loading of data.
All in for hardening
By following OWASP recommendations and using all security functions available for web applications will the system be more secure compared to regular web applications.
By using a simple design without complex database solutions can common attack patterns like SQL-injection be erased in the solution. The software has been audited by several customers and no vulnerability has been found by anyone that could compromise the security.
By using a minimal Linux operating system and hardening is the exposure in appliance minimal. Hardening has also been meassuerd against external standars like CIS. All packages are digitally signed and validated before installation. It is also possible to enable automatic patching to gain an evergreen solution.
- CSRF (Cross Source Reference Forging) protection
- Several layers of input data validation
- HSTS (HTTP Strict Transport Security) to force use of always encrypted HTTPS traffic
- Support for CSP (Content Security Policy)
- Hardened web server installation
- Hardened TLS configuration
- No sideloading or mashup of data, or program code
- Source code available for assessment and review for customers
- No usage of database in back-end to simplify solution and minimize attack surface
- Massive logging on activities in the appliance
- Hardened operating system
- Minimal installation
- Digitally signed program packages from sysctl
- Restricted installation
- Automatic patching and update mechanism of OS
Mature technology and standards.
Standards and documentation
User accounts can both be local accounts and accounts from external systems. When using external account databases will the access to the system be role based and only users in certain groups can log in to the system.
SELinux is one of the core functions to build a secure appliance. All parts use custom built policies and users are handled with MLS to remove all possibility to access another users files. Besides SELinux is Seccomp and other regular Linux functions used to ensure any potential bug can be protected by another security function.
To allow non MFA users access will the password be distributed by text message to ensure that different transportation is used. A unique link to the account is sent over email. Deaddrop has support for several SMS gateways and new ones can be integrated. By using a local modem can almost every telecom provider be used.
- Support for local accounts
- ActiveDirectory intergration
- LDAP intergration
- Support for client certificate
- SAML support
- MFA (Multi Factor Authentication
- Linux operating system
- Apache web server
- TLS for transportation
- HTTP protocol to API
- SMTP to send emails
- NTP to ensure correct time
Built in security tools
- SElinux policy enforcing all processes
- Local firewall with iptables
- SElinux MCS isolation between users
- Seccomp-bpf enabled on all user facing code
- Taint to ensure data validation
- Support for local SMS modems
- 46 elks SMS gateway
- Bosbec SMS gateway
- Clickatell SMS gateway
- Link mobility SMS gateway
- Sergel SMS gateway
- TDC SMS gateway
- Telia SMS gateway
- Twilio SMS gateway