Skip to main content
Version: 3.25

Architecture

senhasegura.go is constituted by an application that will install on users workstations, and a management module installed on the senhasegura web service.

The Windows application is composed of four executed services on the system layer (local system) and one performed desktop application on user sessions.

The Windows application

The application available to the user, which will execute on the user's Windows session with an authentication token of your session, has just the data visualization and available actions. In other words, it is simply the interface for the features.

The Windows services

The Windows services are all always automatically executed using the user LOCAL_SYSTEM.

The confidential data are stored safely on Microsoft Isolated Storage following security standards described by Microsoft.

The transfer data between senhasegura web platform and senhasegura.go occur through the connection HTTPS and API REST. This communication occurs inside the senhasegura.go services to prevent the capture by logged in users. Concluding, the messages exchange has additional asynchronous encryption with a dedicated random key for each installation.

go Service

This service is responsible for any interaction that occurs in the system, for example:

  • IDS Service to block administrative privileges applications executed outside the senhasegura.go .
  • Enables the identification of applications that have been automatically elevating privileges without the user knowledge, or even with its consent.
  • Responsible service for the license file and machine register on the server, logs synchronization and directories and files monitoring.
  • Prevents workstation cloning or the attempt of senhasegura.go misuse by a workstation or ghost user.
  • DS service for applications blocking that performs TCP/IP and UDP communication to destinies that are not the senhasegura .
  • Prevents horizontal hopping through network sharing or unapproved binary access to network resources.
  • Interconnection Service responsible for synchronization of any configurations from the senhasegura .
  • Interconnection Service with Windows Kernel for privilege elevation and session control.

Other Integrations

Besides these integrations through applications and services, senhasegura.go is also integrated through DLLs and Drivers that make it possible to act on Windows processes that involve user identification, such as login, RDP access and UAC elevation.

info

It is also possible to configure to force users to use the MFA OTP token to increase security at elevations.