WhiteWall Total security & Tresorit

From year to year the amount of information processed and stored by us increases. Working documents, films, photos — all this daily fills the memory of our phones and computers. To solve this task, cloud storages were created. But these services have one big problem — security. Over the past few years, many such storages were hacked.

Secure Tersorit Cloud Storage

Tresorit is a cloud storage service aimed at increased data protection and privacy. At the moment, this service is considered the safest cloud storage in the world. In April 2013, Tresorit announced a competition for hackers with a reward of $ 10,000 to someone who could crack their encryption and gain access to servers. It’s been 5 years already, but so far no one has been able to receive a reward that has increased to $ 50,000. At the moment, I consider this a sufficient reason to recognize this service as the safest cloud storage in the world.

Using end-to-end encryption, Tresorit encrypts every file and relevant file metadata on your devices with unique, randomly generated encryption keys. These keys are never sent to their servers in unencrypted format. Accessing files is only possible with a user’s unique decryption key. Tresorit is based on industry-standard public key cryptography that has been thoroughly analyzed by experts and declared secure. Public key cryptography guarantees that even Tresorit cannot access the shared keys. Tresorit guarantees that the files’s content cannot be modified without your knowledge, even if somebody hacks their system. Tresorit clients apply a Message Authentication Code (MAC) to each file’s content, with a key known only to the user’s client and those they share the file with, but not by the server.

Tresorit service capabilities include:

· Proof with zero authentication.

· Two-factor authentication and device locking.

· Remote data removal.

· Exchange of files using encrypted links.

· Setting the TTL (time-to-live) for the encrypted links.

· Password protection for encrypted links.

· Setting a limit for the number of downloaded encrypted links.

Use of Tresorit in the Total Security tariff line.

After analyzing all the advantages of the cloud service Tresorit, the WhiteWall project management decided to integrate this service into the Total Security tariff line.

Tresorit working principle at WhiteWall VPS.

Tresorit working principle at WhiteWall VPS is based on creation of virtual drive from random access memory (RAM-drive). This method was chosen for convinience of our clients because data read/write speed of RAM-drive is almost 10 times higher than even modern SSD drives have. Tresorit client works on the Drag-and-Drop principle and gets synchronized with a cloud server right after writing to a drive. Data is being encrypted and sent to a cloud storage at the moment of synchronization. A key allowing to decode data in a cloud server and get access to it is being created at the moment of Tresosit launch at one’s device after passing the authorization and 2FA.

Why is this secure?

Potential attacker first needs to hack WhiteWall security system, locate VPS in internal subnet and only then try to hack VPS itself. There are several possible attack options: the first one is so-called “brute force attack”, the VPS is protected from it with Fail2Ban system limiting number of password entering attempts; the second one is an attempt of server reboot, but RAM-drive automatically resets at the moment of reboot.

Other VPS security systems coming with “Total Security” tariff plan.

It should be said that all the tariff plans ensure complete data and traffic protection: two-step encryption, migration, VPN. The special feature of “Total Security” tariff scale is customizable system for incoming and outcoming traffic blocking.

This system is based on users’ access control, that is, client is able to provide various accesses to programs installed on his server to other users. For any type of device or port it is possible to set “read only” access.

The system allows to provide content filtration of data sent to a printer, being copied to removable data storage devices or transmitted via personal computer network channel.

This component of our protection system provides an additional control over applications for communication and its selective blocking; reconstruction of reports and sessions with files, data and parameters recovering; also recording of events and shadow copying of all transferred data. Allows to control users’ communications via popular network applications, including mail transfers through open and SSL-protected SMTP-sessions and MAPI protocol (with separated control of messages and file attachments),

Web-access and other HTTP/HTTPS-applications,

E-mails like Gmail, etc.,

Messengers like Skype, ICQ, etc.,

Social networks like Twitter, Facebook, etc.,

File exchange via servers like Google Drive, Dropbox, RapidShare, etc.,

File transfers via protocols like SMB, FTP/FTP-SSL, and also Telnet-sessions.

Conclusion

I want to note that Total Security tariff line can be applied not just for private purposes, it can be used to create workplaces for your employees, freelancers and partner. You can be sure that your data is secured. The only way to steal information is to take a picture of monitor.