Architecture
senhasegura.go is constituted by an application that will install on users workstations, and a management module installed on the senhasegura web service.
The Windows application is composed of four executed services on the system layer (local system) and one performed desktop application on user sessions.
The Windows application
The application available to the user, which will execute on the user's Windows session with an authentication token of your session, has just the data visualization and available actions. In other words, it is simply the interface for the features.
The Windows services
The Windows services are all always automatically executed using the user LOCAL_SYSTEM
.
The confidential data are stored safely on Microsoft Isolated Storage following security standards described by Microsoft.
The transfer data between senhasegura web platform and senhasegura.go occur through the connection HTTPS
and API REST
. This communication occurs inside the senhasegura.go services to prevent the capture by logged in users. Concluding, the messages exchange has additional asynchronous encryption with a dedicated random key for each installation.
These services are key to the product, because all communication for installation, deployment of policies, and settings in general happens through this communication channel.
Every service runs into separate threads to avoid unavailable service chained reaction.
They are:
ssgosvcidsprocess
: "senhasegura.go - Elevation blocker"- IDS Service to block administrative privileges applications executed outside the senhasegura.go .
- Enables the identification of applications that have been automatically elevating privileges without the user knowledge, or even with its consent.
ssgosvclicense
: "senhasegura.go - License Manager"Responsible service for the license file and machine register on the server, logs synchronization and directories and files monitoring.
Prevents workstation cloning or the attempt of senhasegura.go misuse by a workstation or ghost user.
ssgosvcidsnetwork
: "senhasegura.go - Network access control"DS service for applications blocking that performs TCP/IP and UDP communication to destinies that are not the senhasegura .
Prevents horizontal hopping through network sharing or unapproved binary access to network resources.
ssgosvcbridge
: "senhasegura.go - Bridge"- Interconnection Service responsible for synchronization of any configurations from the senhasegura .
- Interconnection Service with Windows Kernel for privilege elevation and session control.
Other Integrations
Besides these integrations through applications and services, senhasegura.go is also integrated through DLLs and Drivers that make it possible to act on Windows processes that involve user identification, such as login, RDP access and UAC elevation.
It is also possible to configure to force users to use the 2FA OTP token to increase security at elevations.