Highlights

An unique solution

Important features

Deaddrop is an appliance that can be used on-preem and in the cloud to allow users to share files more securely. Files will only be on the server during the time a file is shared and will be removed after the time has expired.

A user can not only share files to multiple contacts, it is also possible to receive files from the contacts and without any file size limitation.

Users have an audit log which includes data about all sending and receiving files. The receiver has the possibility to view the metadata of the file before downloading.

With the watermark function that adds the receivers email address on every page in PDF-files can the sender get better trust the the receiver not sharing the file to others.

Secure Sharing

  • Send one or more files
  • Have one or more receivers
  • Receive files from anyone
  • Can add vissible watermark
  • No file size limitation

Traceabillity

  • Email receipt when files has been received
  • Log list of events
  • No account required for Receivers
  • software packages and applications to implement an evergreen solution

Functions

  • Responsive design to work with both computers and mobile devices
  • Cold standby server to gain higher availabillity and automatic backup
  • Resume upload if any network errors accour when users are in less stable environment

Usability

User-friendly from the core and on.

Designed for everyone

After sharing a file to a receiver will the sender get an email when the file has been downloaded. The receiver will get reminders if they have not downloaded the file before the files will be removed from the system. The history of sending and receiving will is accessible to the users.

The system is very easy to use and has a built-in help section to explain all functions. Only three click are needed to share a file to a person.

The interface has been built with responsive design and allows to drag-and-drop files that should be shared.

The system is built for file sharing which simplifies the user interface and removes complex functions which require a lot of training before users can use the system. A user without a permanent account that should download a file will only get a one-page view with links to the files that can be downloaded.

Reminders

  • Sender get receipt when file is downloaded
  • Receiver get reminders if a file not has been downloaded
  • Automatic purging of messages by policy
  • User inbox and outbox

Training not needed

  • Built-in online help system
  • Support for multiple languages
  • Branding possibillities
  • Simple 3 click-to-send setup with reasonable defaults

Built to only share files

  • Possibility to transfer very large files
  • Receiver does not need to have an account to receive files

Security

Hardened and no side-loading of data.

All in for hardening

By following OWASP recommendations and using all security functions available for web applications will the system be more secure compared to regular web applications.

By using a simple design without complex database solutions can common attack patterns like SQL-injection be erased in the solution. The software has been audited by several customers and no vulnerability has been found by anyone that could compromise the security.

By using a minimal Linux operating system and hardening is the exposure in appliance minimal. Hardening has also been meassuerd against external standars like CIS. All packages are digitally signed and validated before installation. It is also possible to enable automatic patching to gain an evergreen solution.

HTTP security

  • CSRF (Cross Source Reference Forging) protection
  • Several layers of input data validation
  • HSTS (HTTP Strict Transport Security) to force use of always encrypted HTTPS traffic
  • Support for CSP (Content Security Policy)
  • Hardened web server installation
  • Hardened TLS configuration

Code security

  • No sideloading or mashup of data, or program code
  • Source code available for assessment and review for customers
  • No usage of database in back-end to simplify solution and minimize attack surface
  • Massive logging on activities in the appliance

Appliance security

  • Hardened operating system
  • Minimal installation
  • Digitally signed program packages from sysctl
  • Restricted installation
  • Automatic patching and update mechanism of OS

Technical

Mature technology and standards.

Standards and documentation

User accounts can both be local accounts and accounts from external systems. When using external account databases will the access to the system be role based and only users in certain groups can log in to the system.

SELinux is one of the core functions to build a secure appliance. All parts use custom built policies and users are handled with MLS to remove all possibility to access another users files. Besides SELinux is Seccomp and other regular Linux functions used to ensure any potential bug can be protected by another security function.

To allow non MFA users access will the password be distributed by text message to ensure that different transportation is used. A unique link to the account is sent over email. Deaddrop has support for several SMS gateways and new ones can be integrated. By using a local modem can almost every telecom provider be used.

Identity

  • Support for local accounts
  • ActiveDirectory intergration
  • LDAP intergration
  • Support for client certificate
  • SAML support
  • MFA (Multi Factor Authentication

Standard components

  • Linux operating system
  • Apache web server
  • TLS for transportation
  • HTTP protocol to API
  • SMTP to send emails
  • NTP to ensure correct time

Built in security tools

  • SElinux policy enforcing all processes
  • Local firewall with iptables
  • SElinux MCS isolation between users
  • Seccomp-bpf enabled on all user facing code
  • Taint to ensure data validation

SMS providers

  • Support for local SMS modems
  • 46 elks SMS gateway
  • Bosbec SMS gateway
  • Clickatell SMS gateway
  • Link mobility SMS gateway
  • Sergel SMS gateway
  • TDC SMS gateway
  • Telia SMS gateway
  • Twilio SMS gateway

Interested in Deaddrop?

Contact sysctl