General information about the tool and IT security

Below, you will find an overview of the Ducky Challenge and IT security information.

General information

 

Processing of data: europe-west1 (Belgium)
Cloud Service Provider name: Google Cloud Platform
Country of origin of cloud Service Provider: United States
Service deployment UK, Norway, Canada
Nationality of personnel British, French, Canadian, Norwegian

Support of potential features

 

Supports authentication with centralized catalogue service N/A
Supports MFA authentication No
Supports role based authorization No
Supports labelling and tagging of information classification level No
Supports cryptography (network transmission, storage, disk) No
Traceability audit of user and administrative actions is logged N/A

Support of different systems

 

Supports latest operating systems available Yes We actively test our tool on Windows, macOS, Linux, Android and iOS
Supports running on the most common client device types and platforms Yes The tool can be used on smartphones, desktop, mac, etc.
Supports the most common web browsers Yes You can find the full list of the latest operating systems covered by our tool here

Documentation

 

Product and support documentation is available in English Yes As stated, product and support documentation is available in English

 

Can provide documentation of capacity and experience for relevant system and domain knowledge Yes  
Has a structured and documented way of continuously working with and improving information security (ISMS) Yes We run a yearly penetration test of the product ; as a result, security documentation is being provided and worked upon
Personally identifiable information managed according to GDPR (Data Processing Agreements, Databehandleravtaler) Yes Privacy policy can be found here
Ducky is available for audit Yes If the need arises, yes.
Are the systems/services developed and deployed according to a Secure Development Life Cycle process (SDLC)? Yes We use an iterative, agile process, following CI/CD principles. As well as this, we use error handling software, and track the test coverage of our code

 

Delivered with an installation guide Yes The organization will be onboarded by Ducky via materials and human support
Delivered with an administrators guide N/A This is not relevant since no administrators are required to use the tool
Delivered with a users guide Yes Help articles are available to the users of the tool
Delivered with a troubleshooting guide Yes The users have access access to a support form if they are facing technical issues
Delivered with an integrations guide N/A This is not relevant since integration is not part of our offering
All business, product and support documentation are available in English Yes English versions are available

Other types of support

 

Supports user authentication through MS Active Directory and Azure AD No  
Supports role-based user authorization through MS Active Directory and Azure AD No  
Supports single sign-on through MS Active Directory and Azure AD No  
Supports two-factor authentication No  
Supports enforcement of password length, complexity, age and use of temporary passwords Yes Passwords have to be at least 8 characters long
Supports labelling and tagging of information classification level No  
System does not monitor or disclose software usage to external parties N/A The app is not linked to any external parties
Supports role-based authorization (Applications that does not support authorization through AD or Azure AD) N/A There is no role-based functionality in the solution
Audit trail of who did what when N/A There is not such function in the app, so there is no need for such functionality
Supports log shipping to centralized SIEM No No, the app doesn't support it
Supports minimum FIPS 140-2 level 1 validated encryption (network transmission, storage, disk) No There is no company data transmitted or stored on the solution
Centralized management for de-centralized systems No Not a de-centralized system

 

Supports Windows 10 Yes It supports it
Supports Apple products (iOS, Mac) Yes It supports it
Supports Linux versions. (Redhat, Ubuntu etc.) Yes It supports it
Supports Android and IOS mobile devices Yes It supports it
Supports mainstream browsers (Firefox, MS Edge, Chrome) Yes It supports it
Fully functional without using Active X Yes Active X not necessary
Fully functional without using Java Yes Java not necessary
Supports Microsoft Systems Center for client distribution (CMS system) No  
Fully functional without the need for 3rd party software to be downloaded and installed Yes No 3rd party software needs to be installed
Fully functional without using system administrator rights Yes No system administrators rights need to be used
Fully functional without special local firewall configurations No It might depend on the organization's security system
Fully functional without using public cloud services such as Dropbox, Google Drive and OneDrive Yes Such services are not needed to use the tool
Can operate through a VPN connection Yes VNP connection should not impact the use of the tool
Optimized for a world wide user base through potentially high latency, low bandwidth networks Yes As long as the internet connection is good, the users should not experience high latency
Support English as the user interface language, even on a foreign language OS install Yes The tool is available in English
Supports running in a Citrix environment No This is not part of the offering
Uses an encrypted communication protocol between client and server (Minimum FIPS-140-2-1) N/A Communication is encrypted using private keys between client and servers
Client logs to trace irregular system behaviour is available No This is not available.
No required exeptions for antivirus systems Yes Antivirus systems should not impact the use of the tool

 

Supports latest virtualized Windows Yes It supports it
Supports latest Linux / Unix Yes It supports it
Supports latest MS SQL No Runs in the cloud, no server needed
Supports latest IIS No Runs in the cloud, no server needed
Does not use or rely on local built-in user accounts Yes All access through cloud IAM
Does not require service accounts with administrative rights Yes It doesn't require srvice accounts with administrative rights
Supports Windows managed service accounts No Runs in the cloud, no server needed
Supports load balancing No Runs in the cloud, no server needed
Supports zero downtime upgrades No Runs in the cloud, no server needed
Supports zero downtime backup No Runs in the cloud, no server needed
Has built-in mechanisms for disaster recovery No Runs in the cloud, no server needed
Configurable built-in admin account name, if any Yes Configuration is available in the tool
Configurable built-in admin account password Yes Configuration is available in the tool
No locally stored passwords in configurations Yes Passwords are encrypted
Supports redundancy and fault tolerant configurations N/A Thia is not relevant
Documented required exeptions for antivirus systems N/A This is not relevant
Logs to trace system behaviour is available Yes When using the app, the users compete by loggin activities which leads to some behaviour tracking in the platform
Functionality to discover and trace irregular system behaviour is available No