Highlights
A unique solution
Important features
Deaddrop is an appliance that can be used on-prem and in the cloud to allow users to share files more securely. Files will only be on the server during the time a file is shared and will be removed after the timer has expired.
A user can not only share files to multiple contacts, it is also possible to receive files from the contacts and without any file size limitation.
Users have an audit log which includes data about all sending and receiving files. The receiver has the possibility to view the metadata of the file before downloading.
The watermark functionality allows a sender to stamp the receivers email-address on every page of a PDF-file. This gives the sender better confidence in that the file will not be shared with others.
- Send one or more files
- Have one or more receivers
- Receive files from anyone
- Can add visible watermark
- No file size limitation
- Email receipt when files have been received
- Log list of events
- No account required for Receivers
- software packages and applications to implement an evergreen solution
- Responsive design to work with both computers and mobile devices
- Cold standby server to gain higher availability and automatic backup
- Resume upload if any network errors occur when users are in less stable environment
Usability
User-friendly from the core and on.
Designed for everyone
After sharing a file to a contact, the sender will get an email when the file has been downloaded. The receiver will get reminders if they have not downloaded the file before the files will be removed from the system. The history of sending and receiving will is accessible to the users.
The system is very easy to use and has a built-in help section to explain all functions. Only three clicks are needed to share a file to a person.
The interface has been built with responsive design and allows drag-and-dropping files to be shared.
The system is built for file sharing which simplifies the user interface and removes complex functions which require a lot of training before users can use the system. A user without a permanent account that should download a file will only get a one-page view with links to the files that can be downloaded.
- Sender get receipt when file is downloaded
- Receiver get reminders if a file not has been downloaded
- Automatic purging of messages by policy
- User inbox and outbox
- Built-in online help system
- Support for multiple languages
- Branding possibillities
- Simple 3 click-to-send setup with reasonable defaults
- Possibility to transfer very large files
- Receiver does not need to have an account to receive files
Security
Hardened and no side-loading of data.
All in for hardening
By following OWASP recommendations and using all security functions available for web applications, deaddrop will be more secure compared to regular web applications.
By using a simple design without complex database solutions, common attack patterns like SQL-injection are erased in the solution. The software has been audited by several customers and no vulnerability has been found by anyone that could compromise the security.
By using a minimal Linux operating system and hardening, the exposure in the appliance is minimal. Hardening has also been measured against external standards like CIS. All packages are digitally signed and validated before installation. It is also possible to enable automatic patching to gain an evergreen solution.
- CSRF (Cross Source Reference Forging) protection
- Several layers of input data validation
- HSTS (HTTP Strict Transport Security) to force use of always encrypted HTTPS traffic
- Support for CSP (Content Security Policy)
- Hardened web server installation
- Hardened TLS configuration
- No sideloading or mashup of data, or program code
- Source code available for assessment and review for customers
- No usage of database in back-end to simplify solution and minimize attack surface
- Massive logging on activities in the appliance
- Hardened operating system
- Minimal installation
- Digitally signed program packages from sysctl
- Restricted installation
- Automatic patching and update mechanism of OS
Technical
Mature technology and standards.
Standards and documentation
User accounts can both be local accounts and accounts from external systems. When using external account databases the access to the system will be role based and only users in certain groups can log in to the system.
SELinux is one of the core functions to build a secure appliance. All parts use custom built policies and users are handled with MLS to remove all possibility to access another users files. Besides SELinux, Seccomp and other regular Linux functions are used to ensure that any potential bug will be protected by another security function.
To allow non MFA users access, the password will be distributed by text message to ensure that different transportation is used. A unique link to the account is sent over email. Deaddrop has support for several SMS gateways and new ones can be integrated. By using a local modem, almost every telecom provider can be used.
- Support for local accounts
- ActiveDirectory integration
- Support for client certificate
- SAML support
- MFA (Multi Factor Authentication
- Linux operating system
- Apache web server
- TLS for transportation
- HTTP protocol to API
- SMTP to send emails
- NTP to ensure correct time
- SElinux policy enforcing all processes
- Local firewall with iptables
- SElinux MCS isolation between users
- Seccomp-bpf enabled on all user facing code
- Taint to ensure data validation
- Support for local SMS modems
- 46 elks SMS gateway
- Bosbec SMS gateway
- Clickatell SMS gateway
- Link mobility SMS gateway
- Sergel SMS gateway
- TDC SMS gateway
- Telia SMS gateway
- Twilio SMS gateway