LiquidFiles

 

LiquidFiles

 

How do you Send a Large File using LiquidFiles?

 

LiquidFiles is a virtual appliance server you install in your environment. This is a typical deployment and a typical usage:

 

In this example, Jenny in marketing is sending a marketing brief to Joe at an advertising company they're working with for a new campaign. Since the files she needs to send are large, about 100 MB (100 MB is large in the context of email, LiquidFiles can send unlimited file sizes so 100 MB is not very large for LiquidFiles), and somewhat sensitive, email doesn't really work. Instead, she uses the company's installed LiquidFiles File transfer appliance.

1. First, she visits https://securesend.company.com, the company's configured URL for their LiquidFiles appliance. Not that Jenny knows, but it's installed in the company's DMZ, behind the company's firewall. Once logged in with her AD username and password, she uploads the marketing brief, enters Joe's email address and writes a short message.
2. An email is delivered to Joe with a link for him to download the marketing brief.
3. When he clicks on the link, Joe is taken to the LiquidFiles server. When he's validated his email address to prove that it's really Joe, he downloads the files over a secure https connection. Joe does not have an account on the LiquidFiles server but using email validation can still be authenticated.
4. When the download has completed, a download receipt is sent to Jenny, so that she knows that Joe has received the files.

 

How does it look?

This is how the main part of the interface looks when someone logs in to LiquidFiles to send a file.

 

1. You can enter as many recipients as you need (hundreds...). Click on the CC and BCC button if you want to add CC or BCC addresses as well.
2. Enter a subject line and a message just as you would in an email.
3. To add files you can either drop files in the "Drop Files Here" section, add files using the "Add Files" button or select files you've already sent, so you don't have to re-upload that 20GB Cad drawing again to send to another recipient.
4. You can select if the recipient needs to authenticate to access the message. If it's sensitive information, you want to require authentication. If the data is completely open, you may want to send without requiring authentication.
5. You can select who has access to this message:

• Only Specified Recipients — i.e. only recipients on the To, CC and BCC fields.
• Only Specified Recipients and local users — so you can forward the message within your own organization.
• Anyone after authentication — perfect for sending marketing material, since they have to authenticate, you will know who downloaded the files (they don't need accounts to download).

6. The message expires, and the files will be deleted at this date.
7. The message expires after this many downloads per recipient.
8. Send a copy to myself (to store in your sent folder).
9. A private message is when the body of the message is treated as sensitive and won't be copied to the recipient. You will also get a read receipt when someone's opened the message.
10. If there are storage or admin set limits to how large files you can send, and any file type restrictions. LiquidFiles supports Unlimited Size Files, but you may want to set quotas for certain groups of users.

 

What happens when the recipient downloads a file?

One important aspect of sending large files securely is the logging of who downloaded what and when. LiquidFiles records not only who downloaded what and when, but also uses geo-location to track where the download was initiated, what operating system and browser was used and so on.

With LiquidFiles, you will always know what happened with your data.

 

Receive Large Files

Receiving Large Files can often be just as challenging as sending large files. To help facilitate Receiving Large Files Fast and Secure to your local users, LiquidFiles has many functions on offer:

 

Filedrops

A Filedrop is a permanent URL on your LiquidFiles server.

Filedrops are perfect for functions such as receiving Field Reports, Large Print Jobs, Tender Submissions, Technical Support files, ... We even have customers that use Filedrops to receive Job Applications.

When someone submits a Filedrop, the files are sent through to a pre-defined recipient. The support team will receive the support files, HR will receive job applications and so on.

 

User Filedrops

Similar to Filedrops above with the difference being that User Filedrops are pre-defined for your local users as a group.

 

When enabled, all your local users will get their own Filedrop that they can use. Many of our customers’ users add the link to their User Filedrop to their Email Signature.

 

File Requests

When you're expecting someone to send something to you, you can use LiquidFiles to send a File Request to someone.

 

The recipient of the File Request will get an email with a one-time link that they can click on and send the files. With a File Request, there's no To or From to fill in, we know that already so it's a very simple way for the recipient to just add the files requested, type a message and click send to respond to the File Request.

 

Send Files using the Regular Compose Message

LiquidFiles by default comes predefined with quite a few types of user groups, such as local users and external users. An external user is someone that can only send files to you. So if you're expecting someone to frequently send files to your organisation, you can create an account for them on your LiquidFiles system as an external user. This means that they can login and send files, and if your domain is @company.com, the external user can send something to joe.user@company.com but not to someone.else@external.com.

 

You can also create your own groups, for both local and external users, to further customize your requirements so that you can for instance define that some external users can only send Office Documents and others can send any file types. Or some external users can only send max 100MB files, while others can send 10GB at a time.

 

FTPdrops

In many organisations, there's many batch jobs and similar that uses legacy protocols such as FTP to send files periodically. If you want to standardize on LiquidFiles for all your file transfer needs in and out of your organization, you can setup LiquidFiles FTPdrops to be the target of these FTP file transfers. When a file is uploaded, LiquidFiles will perform it's usual Anti-Virus scan (and other type of scanning you may have configured), log and transfer the file onwards like a file received using a normal Filedrop.

 

FTPdrops supports FTP, FTP over SSL/TLS, SFTP and SCP.

 

Emaildrops

Emaildrops is similar to Filedrops or FTPdrops for email (regular SMTP Emails).

Emaildrops came to be because a customer had a procedure where they had many, many external brokers that filled out paper forms all over the country. When the form was filled in they would scan the form to a PDF in a multi-function printer and automatically email to a pre-defined email address. The company policy regarding regular emails was that everything needed to backed up for 7 years and they realized that Terabytes of these email backups was actually these one-time use PDF forms at about 5MB each that didn't really need to be backed up. So instead of sending these forms using email to their regular mail server, they sent it through LiquidFiles using an Emaildrop and in the process it saved them a lot of hassle and a fair bit of money.

 

Sharing Files & Folders with LiquidFiles

 

Often it's convenient to setup a place where you can share Files and Folders, for instance when working with a project and multiple people are contributing to the same project. Or just provide a convenient location to share organization documentation such as documentation, marketing materials, logo's and similar where only the marketing department can write to, and the entire organization can read the files.

 

Starting with LiquidFiles v3, File and Folder sharing is now part of the solution to facilitate this functionality. Specific Features regarding File and Folder sharing in LiquidFiles includes:

• Intuitive interface working exactly as expected — no manual needed.
• User and Group based access restrictions.
• Ability to upload Folders directly in supported browsers (i.e. Chrome).
• Ability to save as many revisions of each file as you need.
• Zip-download the current folder including sub-folders.

 

As you can see in the screenshot below, the File and Folder Sharing interface looks exactly as you expect from this functionality.

 

Your Files — Your Security

With LiquidFiles, you are in complete control over where your files are stored.

You can either deploy the application in your data center or in the Amazon EC2 cloud. The difference with almost all other options is that your sensitive corporate data is shared with other organizations and security is outside of your control. LiquidFiles is different and will match the security of your existing environment.

 

Encryption

LiquidFiles uses industry standard 256 bit AES encryption as default for all transfers. All cryptographic, randomization and token generation uses cryptographically strong OpenSSL functions to operate encryption and random number generation as opposed to often used default less secure functions in the operating system. This is particularly true for random number generators which is often the weak link in end to end cryptographic systems.

 

Authorization

Each message can be sent with the following different download permissions:

• Only Specified Recipients.
• Only Specified Recipients and local users — so you can forward within your own company.
• Anyone after authentication — perfect for sending marketing material, since they have to authenticate, you will know who downloaded the files (they don't need accounts to download).
• Anyone — if you don't need any authentication.

 

Local Users here refers to either a list of domains you've listed as being local, i.e. yourcompany.com. Or individual users that you've listed as local.

 

Authentication

LiquidFiles has very flexible Authentication mechanism that enables you to:

• Centralise all accounts using LDAP/Active Directory.
• Use Strong, Two Factor Authentication.
• Having remote users either with or without accounts. If you setup remote users without having to have accounts (the default), they will go through an email verification process (with a short timeframe) to verify their account.
• Configure users ability to enable or disable messages permissions.
• Limit administration of the appliance from hosts or networks.

 

Auditing

• Every uploaded and downloaded file and message is logged.
• All successful and failed logins are being logged.
• All LDAP activity is being logged.
• Any admin changes to any setting or user is logged.
• All logs are stored on the system for 30 days. You can forward logs to a syslog server if you need to keep them for longer.

 

Flexible Deployment

LiquidFiles can either be deployed either in your own data center or running in the Amazon EC2 cloud.

 

Local Data Centre deployment

The by far most common deployment. You have complete control over the installation, where the data is stored, and the fastest performance for your staff when sending files.

Typically LiquidFiles will be deployed right next to your mail server, in a public facing DMZ.

 

Amazon EC2 deployment

When you want the flexibility of cloud deployments, while still retaining complete control and security of your data, the Amazon EC2 version of LiquidFiles is perfect for you.

You can always move your license between any supported platform, as long as you only run one server at a time with the same license.

 

Compliance

 

By using LiquidFiles, you will be able to send large files securely within the organization, to customers, contractors, accountants, patients, and anyone else you need to communicate with securely.

 

It will also help you achieve Policy Compliance for Sarbanes-Oxley, HIPAA, PCI and other standards by encrypting sensitive data in transit, provide cryptographically strong random access keys for accessing transmitted data, and achieve non-repudiation with download receipts of who download what, from where (even by mapped locations) and at what time.

 

LiquidFiles has been deployed and deemed compliant in Sarbanes-Oxley, HIPAA and PCI environments. Please note though that even though these standards should provide a sort of simple tick-box security check (i.e. is this product HIPAA compliant?), in reality they are all generically worded and subject to interpretation. LiquidFiles will also specifically deal with technical controls, but very little in regards to administrative, policy and physical controls. In many cases it is also possible to provide mitigating controls if required, which is why it's important to get an auditor to verify the compliant status in each individual case.

 

Ease of Use, Integrations & API

 

One of the goals with LiquidFiles is that it should be easy to integrate into existing workflow. One example of this is the Outlook Plugin. Another example is the availability of the API.

 

The API enables external integration sending files with the LiquidFiles. Example use could include:

• Send payment notifications from an HR system — previously you would probably use email. This can now be done securely and with download notifications.
• Build your own custom front-end for accepting large files through your website.
• Integrate into a help desk ticketing system.
• Send files from a unix system instead of using FTP.

• Automate downloading of files to a pre-defined location on your desktop.
• Integrate into your accounting system to automate sending bills to customers.
• Integration into any other system where you need to send large files, or secure files, or get confirmation that the recipient has indeed received the files you've sent them.

The API uses standard REST functions with an XML transport. You can code the API integrations using any modern language or framework such as C/Objective-C, Ruby, Perl, Java, .NET, ...

 

What some of our customers say...

 

“Perfect. I can't even begin to describe how pleased we are with your support and the product as a whole. We were referred to LiquidFiles by a partner of ours and we continue to recommend it every time someone asks us about it... you won’t be dissapointed.”

-- Ryan C

 

“Does exactly what it says. Plenty of options to configure it like you want. 2 minor support tickets were answered and fixed promptly. I would recommend this to anyone that needs secure transfer of large files.”

-- buzzra

 

LiquidFiles Features

 

Lots of Features, Still Easy to Use

This is a list of the Big ones and the Small and Important ones that shouldn't be overlooked either!

 

Overarching Design Principles

• LiquidFiles should be Easy to Use for End Users and Administrators alike.
• You shouldn't need to read a manual to perform basic operations like sending and receiving files.
• You shouldn't need to read a manual to perform the basic setup and configuration.
• LiquidFiles is built to be Self Administrating, as far as possible and practical.
• LiquidFiles is Secure out of the box.
• LiquidFiles is Fast and Lightweight.
• LiquidFiles follows general standards and conventions for how things "should" be done.
• LiquidFiles should Integrate Well into your environment.
• LiquidFiles should Delight your Users, Clients and Administrators.

 

Sending and Downloading Files with Ease

• Uses a simple, easy to understand, webmail-like interface for sending files.
• Unlimited Files Size.
• Modern HTML 5 upload mechanism where supported.
• Automatic Fallback to HTML 4 where needed.
• Support for the 4 major browser vendors with their last 2 major releases (last 3 for Internet Explorer).
• Splits files in 100Mb blocks during uploads to get around proxy limitations.
• No Flash, Java or any other plugin used to send or download files.
• No browser tweaks or browser reconfiguration required to send or download files.
• Each message is sent with an expiration date, the message can't be viewed and the files attached will be automatically deleted on expiration.
• Messages can expire on a certain date or after a set number of downloads.
• Multiple files can be automatically zip'ed and downloaded as one zip archive.
• Can set forwarding permission to control who other than the specified recipients should be able to download the files.
• Can limit message size on a per group or per user basis.
• Can BCC myself (to add to my email clients Sent folder).
• Can send files that have already been sent again without re-uploading.
• Can block files based on file extension, or only allow files to be sent with certain extensions.

 

Receiving Files as easy as possible

• Users can Receive files from external parties with no prior registration.
• Users can Request files from external parties that won't need to register to send files back from the request.

 

Filedrop pages static URLs for receiving files

A Filedrop page is a unique URL like https://liquidfiles.example.com/filedrop/status_reports, where the recipient is pre-set and the sender can be anyone.

• Requires no registration for the external party to use.
• You can have as many Filedrop pages as you need.
• Each Filedrop page have their own settings for restricted file types and max file size.
• Each Filedrop page can have individual forwarding permission to restrict who can download the sent files.
• User Filedrop pages — each local users can get their own static URL they can share in their email signature and is unique to them.
• User Filedrops can use a nice looking URL with the users email in the URL, a secure random string or both, as required.

 

File & Folder Sharing

Simple File & Folder sharing for internal and external projects, collaboration and sharing.

• User & Group based authentication.
• Ability to upload Folders directly in supported browsers (i.e. Chrome).
• Ability to save as many revisions of each file as you need.
• Zip-download the current folder including sub-folders.

 

FileLinks links to individual files

A FileLink is a link to an individual file. It's perfect for when you don't know who the recipient is going to be, or for quickly post links to files in a forum, instant messager, post on an intranet and similar.

• You can create as many FileLinks as you need.
• Each FileLink has its own expiration and authentication setting.
• When attempted to download an authenticated message from a non-existent user, they will authenticate with their email address.

 

File Requests one time file receive

A File Request is a one-time file request users can send to any user. The recipient of the file request will get a one-time use link they can use to send files back to the requester.

• Requires no registration for the external party to use.
• One time use so it can never be abused.
• File Requests can be enabled on a per group basis.

 

Security protects you even when you don't realize it

• Secure by Default deployment.
• Can be deployed with no cloud interaction for maximum security.
• Builtin Firewall configured and enabled for maximum security.
• Can be deployed on the Internet with no other firewall or other protection.
• Minimal installed packages in the operating system configuration.
• All transfers can be required to use Industry Standard HTTPs.
• Only Strong SSL algorithms enabled.
• Only Strong TLS/SSL versions enabled.
• Protection from Cross Site Scripting (XSS) attacks.
• Protection from Cross Site Request Forgery (CSRF).
• HTTP Strict Transport Security (HSTS) enabled.
• All Downloads protected with 3 x 128 bit random tokens (384 bits).
• FIPS140-2 enabled OpenSSL for cryptographic functions (as opposed to weak standard system functions).
• Option to deploy using builtin full disk encryption for data-at-rest encryption.
• Builtin support for Let's Encrypt Certificates.
• All files are protected for integrity using SHA-1 hashes.
• SHA-1 hashes are visible on all emails sent, on the message page and download information page.
• Can be configured as a closed system with no external user access.
• Passwords are never sent in cleartext.
• Custom Password complexity validation.
• User accounts can be configured to automatically be deleted after a number of days without activity.
• Default to not require external users to have accounts, and still provide authentication.
• Can require all users to have accounts.
• Strong 2-factor authentication can be enabled.
• 2-factor authentication can be enabled on a per group or per user basis.
• Secure local password store using the Bcrypt method.
• Single Sign-On (SSO) Integration with SAML 2 providers.
• Simple SSO integration with static shared secrets for simple local integration.
• Spam Protection without CAPTCHA — use of hidden fields in forms that bots will fill in but hidden from users with stylesheets.
• Brute Force Protection — default to block the ip address from the attacker for 15 minutes after 5 failed attempts within 5 minutes.
• Possible to block groups of users to only login from certain ip address ranges.
• Possible to block administrators to only administer the system from certain ip address ranges.
• All activity is logged. This include sending files, downloading files, successful and failed logins, creation, deletion and updates of user accounts, changes to any configuration...
• Can export all logs using Syslog.
• All files are scanned with ClamAV Antivirus on default.
• AV signatures is configured to update every 2 hours.
• AV Engine is configured to update nightly.
• Ability to add custom file scan (for integration into other AV engines, DLP solution and similar).
• Ability to limit forwarding permissions on a per group basis.
• Ability to limit recipient email domain on a per group basis.
• Ability to limit file extensions or only accept certain file extensions on a per group basis.
• Remember-me can be configured to not enabled, 2 weeks or indefinite.
• Geoloction and Google MAPS integration to get a visual representation of where a file has been downloaded from.
• Display Browser and Operating System details for downloaded files.

 

Platform and Deployment

• Can be deployed locally on your premise or can run in the Cloud.
• Local deployment can be deployed with no cloud interaction (for maximum performance and security).
• Comes as a Virtual Appliance with operating system, all required components and the application already installed.
• Can be installed in VMware, Xen, Hyper-V and any other virtualization platform that support CentOS/RedHat 6.
• Can be installed on your own physical server.
• Pre-configured Amazon AMI images for deployment in your own Virtual Private Cloud in Amazon EC2.
• Can be deployed by any cloud provider that supports installation from ISO images and supports CentOS/RedHat 6.
• Local deployments using either ISO image, VMware OVF or VMware VMDK images.
• Support for installation of VMware Tools and Hyper-V Integrated Services from the console app.
• Installation is Secure by Default.
• Reverse Proxy deployment with trusted reverse proxy configuration to set the end users ip address from X-Forwarded-For only from certain proxies.
• DHCP or Static ip address configuration.
• IPv6 support.
• Bandwidth limitation with different upload and download limits configured per interface.
• Use standard http and https ports on default, but can be configured to use different ports if required.
• Can use as many network interfaces as needed.
• Default to require all transfers to use HTTPs, but can be configured to use HTTP when deployed behind an SSL off-loader, or for general increased transfer speed and ability to scan content using a network IPS.
• Can use NFS for data storage outside of the LiquidFiles system.
• Can integrate with LDAP/Active Directory for easy user deployment.
• Can use an unlimited number of LDAP/Active Directory Servers that will be searched in order.

 

Branding and Localization

• Can be configured look completely like an internal company system.
• Can be configured with no vendor branding visible to the end user at all.
• Ability to customize the front page with own logos and information.
• Ability to customize the header and title with different branding names.
• Ability to use own page footer on all user visible pages.
• Ability to insert custom Stylesheet to change the visual appearance of all visible user pages.
• Ability to insert custom JavaScript to change the behavior of all visible user pages.
• Can change any text or form label on any user visible page.
• Can change all emails sent from the system.
• Will detect system locale from the end users browser and display all pages in that locale (if available) with a fallback to English.
• Will detect the end users time zone and display all times in that time zone, with a fall back to a selectable user default time zone.

 

User and Group Management

• Unlimited number of Users
• Unlimited number of Groups
• Configuration is mostly controlled by group belongings.
• Can integrate with LDAP/Active Directory for easy user deployment.
• Unlimited number of LDAP/Active Directory Servers that will be searched in specified order.
• Can set default fall back groups for users authenticate with LDAP or not.
• Can set max size per group.
• Can set default and max message expiration per group.
• Can enable/disable editing for message expiration per group.
• Can enable/disable/set max number of times a file can be downloaded per group.
• Can delete inactive users in a group after a specified number of days.
• Can limit ip ranges that users can login from per group.
• Can configure message permissions per group.
• Can configure BCC myself per group.
• Can limit recipient domains per group (limit to what email domains users can send files).
• Can block file extenstions/only allow certain extensions per group.
• Can automatically assign users to groups based on LDAP/Active Directory Group.
• Can automatically assign users to groups based on email domain match.
• Can configure API settings per group.
• Can configure Filedrops and File Requests per group.
• Can enable ability to invite other users per group.

 

API and plugins

• Outlook plugin available, supported in Windows XP, Office 2003 and later.
• Outlook plugin is configurable using distributable Windows Registry settings.
• Outlook plugin can be configurable to automatically send files above a certain size using LiquidFiles.
• Outlook plugin can send files as well as attach folders.
• Outlook plugin can send the body of the email as a secure attachments.
• Windows Systray Agent available.
• Windows CLI agent available, making it easier to integrate sending through the API in your application without having to program the API directly.