Highlights

A unique solution

Important features

Deaddrop is an appliance that can be used on-prem and in the cloud to allow users to share files more securely. Files will only be on the server during the time a file is shared and will be removed after the timer has expired.

A user can not only share files to multiple contacts, it is also possible to receive files from the contacts and without any file size limitation.

Users have an audit log which includes data about all sending and receiving files. The receiver has the possibility to view the metadata of the file before downloading.

The watermark functionality allows a sender to stamp the receivers email-address on every page of a PDF-file. This gives the sender better confidence in that the file will not be shared with others.

Secure Sharing
  • Send one or more files
  • Have one or more receivers
  • Receive files from anyone
  • Can add visible watermark
  • No file size limitation
Traceabillity
  • Email receipt when files have been received
  • Log list of events
  • No account required for Receivers
  • software packages and applications to implement an evergreen solution
Functions
  • Responsive design to work with both computers and mobile devices
  • Cold standby server to gain higher availability and automatic backup
  • Resume upload if any network errors occur when users are in less stable environment

Usability

User-friendly from the core and on.

Designed for everyone

After sharing a file to a contact, the sender will get an email when the file has been downloaded. The receiver will get reminders if they have not downloaded the file before the files will be removed from the system. The history of sending and receiving will is accessible to the users.

The system is very easy to use and has a built-in help section to explain all functions. Only three clicks are needed to share a file to a person.

The interface has been built with responsive design and allows drag-and-dropping files to be shared.

The system is built for file sharing which simplifies the user interface and removes complex functions which require a lot of training before users can use the system. A user without a permanent account that should download a file will only get a one-page view with links to the files that can be downloaded.

Reminders
  • Sender get receipt when file is downloaded
  • Receiver get reminders if a file not has been downloaded
  • Automatic purging of messages by policy
  • User inbox and outbox
Training not needed
  • Built-in online help system
  • Support for multiple languages
  • Branding possibillities
  • Simple 3 click-to-send setup with reasonable defaults
Built to only share files
  • Possibility to transfer very large files
  • Receiver does not need to have an account to receive files

Security

Hardened and no side-loading of data.

All in for hardening

By following OWASP recommendations and using all security functions available for web applications, deaddrop will be more secure compared to regular web applications.

By using a simple design without complex database solutions, common attack patterns like SQL-injection are erased in the solution. The software has been audited by several customers and no vulnerability has been found by anyone that could compromise the security.

By using a minimal Linux operating system and hardening, the exposure in the appliance is minimal. Hardening has also been measured against external standards like CIS. All packages are digitally signed and validated before installation. It is also possible to enable automatic patching to gain an evergreen solution.

HTTP security
  • CSRF (Cross Source Reference Forging) protection
  • Several layers of input data validation
  • HSTS (HTTP Strict Transport Security) to force use of always encrypted HTTPS traffic
  • Support for CSP (Content Security Policy)
  • Hardened web server installation
  • Hardened TLS configuration
Code security
  • No sideloading or mashup of data, or program code
  • Source code available for assessment and review for customers
  • No usage of database in back-end to simplify solution and minimize attack surface
  • Massive logging on activities in the appliance
Appliance security
  • Hardened operating system
  • Minimal installation
  • Digitally signed program packages from sysctl
  • Restricted installation
  • Automatic patching and update mechanism of OS

Technical

Mature technology and standards.

Standards and documentation

User accounts can both be local accounts and accounts from external systems. When using external account databases the access to the system will be role based and only users in certain groups can log in to the system.

SELinux is one of the core functions to build a secure appliance. All parts use custom built policies and users are handled with MLS to remove all possibility to access another users files. Besides SELinux, Seccomp and other regular Linux functions are used to ensure that any potential bug will be protected by another security function.

To allow non MFA users access, the password will be distributed by text message to ensure that different transportation is used. A unique link to the account is sent over email. Deaddrop has support for several SMS gateways and new ones can be integrated. By using a local modem, almost every telecom provider can be used.

Identity
  • Support for local accounts
  • ActiveDirectory integration
  • Support for client certificate
  • SAML support
  • MFA (Multi Factor Authentication
Standard components
  • Linux operating system
  • Apache web server
  • TLS for transportation
  • HTTP protocol to API
  • SMTP to send emails
  • NTP to ensure correct time
Built in security tools
  • SElinux policy enforcing all processes
  • Local firewall with iptables
  • SElinux MCS isolation between users
  • Seccomp-bpf enabled on all user facing code
  • Taint to ensure data validation
SMS providers
  • Support for local SMS modems
  • 46 elks SMS gateway
  • Bosbec SMS gateway
  • Clickatell SMS gateway
  • Link mobility SMS gateway
  • Sergel SMS gateway
  • TDC SMS gateway
  • Telia SMS gateway
  • Twilio SMS gateway

Interested in Deaddrop?

Contact sysctl