packaging zebedee and vnc with delphi zebedee secure tunnel vnc remote screen viewer
Post on 18-Dec-2015
251 views
TRANSCRIPT
Packaging Zebedee and VNC with Delphi
Zebedee Secure Tunnel
VNC Remote Screen Viewer
Plan
• Aim• VNC• Zebedee• Delphi Wrap Application• Hardware Firewalls• Software Firewalls• Database Access Via Zebedee• Look at some Code
Primary Aim
• To run “PC support” over the internet safely.• Two free products
– Real VNC (Free Version)• Allows remote screen control over TCP/IP
• http://www.realvnc.com/products/enterprise/4.1/ – Zebedee
• Secure TCP Tunnel software• http://www.winton.org.uk/zebedee/
• Delphi application used as a coordinator.• Starts and confirms servers• Provides simple tools
Free VNC
• Used alone– No Encryption– Could be Picked up by anyone on the Internet with a VNC
Viewer by calling port 5900• Password Authentication Only
• Suggested configuration with Zebedee– Encrypted.– Accepts only local (127.0.0.1) calls.– Port 5900 should be blocked at firewalls– Only activated when required – Remove service mode
• Possible improvements– Warn when service mode is present– Change port used from 5900
Internet
Zebedee
• An encrypted tunnel with compression• Can provide authentication• Can enable reverse call• Only Zebedee port need be exposed through firewall
zbd zbd
VNC alone
Zebedee Tunnel
Zebedee
• Out of the box– Sample Configuration files including one for VNC
• Typically “Execute” client or server configuration file• No Filtering of permitted calls • No Authentication
– Establish call by redirecting calling application to local Zebedee client port.
• Suggested Configuration– Coded in the server and client configuration files.– Can be extended in the command line .– Make use of Zebedee public private key Authentication– Carefully manage server filters to limit permitted calls– Change port numbers– Use Reverse mode
Putting it all Together• Wrapper programs attempt to ease the installation of the remote
service and trouble shoot both before and after connection is established.– Confirms connection to net and discovers network side IP address of
machine– Confirms VNC and Zebedee executables are installed
• If not install them from delivery files– Starts programs and confirms servers are operating
• Basic status diagnostics– Facilitates viewing of configuration and log files– Anything else we think might be useful
• Single Inno Setup Install of all required files from URL– http://www.innovasolutions.com.au/test/RmtSprt.html– I think we need to deliver 3rd party installs as is
• including undesirable configuration files
Hardware Firewall
Best form of Firewall
192.168.0.23-26 192.168.0.1 34.23.26.2 168.3.23.88
PCs are connected to safe local area network.They can share files etc., contact LAN servers and do not need firewall software
Controls access from Internet with clear rules
Corporate Fws, typically running on dedicated boxes, will also control outgoing calls
InternetProtected LAN
Hardware Firewalls
• The simple router based firewall generally requires no rules for a customer call home implementation.
• At the Support Center the incoming ports have to be forwarded to the specific server– Could use broadcast I think– Should use specific server
• Generally requires fixed IP address on the LAN
Software Firewall
• A software program which intercepts calls to the IP stack to impose its rules.
• Essential when connected to a public LAN or dial up. – Otherwise I am not a fan of these firewalls
• They are a major cause of network problems• They are generally configured via an uninformed
click
• They can manage installed software trying to initiating calls.
Software Firewalls
• Firewall rules must be configured on a per connection basis
InternetDeny incomingCall anywhere(If Authorised)
IntranetIntranetShare DirectoriesShare Directories
Share PrintersShare PrintersShare DatabasesShare Databases
EthernetEthernet Hotel EthernetHotel Ethernet
Dial UpDial Up
CaféCaféWirelessWirelessWirelessWireless
Database Via Zebedee
• Configuration file at server needs to allow access to the Db Server Port Number– target MyDbServer:3050
• Configuration file at client end needs to forward a specified port to the Db Server– tunnel 1020:192.168.0.76:3050
• MyDbServer fails here on version 2.4.1 as resolved locally
• The database client needs to be directed to that client port– Firebird can be specified by port no
• Localhost/1020– Interbase needs an entry in services
• Localhost/gds_zebedee• Add gds_zebedee to C:\WINDOWS\system32\drivers\etc\Services
Look at Delphi CodeProcess Control
Starting ProcessFZebedeeProc := LaunchProcessAndReturnHandle(Cmd, FZebedeeTmpFile);>>>>>>> if StdOut > 0 then {where StdOut = FZebedeeTmpFile.Handle - Inheritable} begin SI.hStdOutput := StdOut; SI.hStdError := StdOut; end; if not CreateProcess(nil, PChar(Cmd), nil, nil, True, CreateFlag, nil, nil, SI, PI) then raise ……….. CloseHandle(PI.hThread); Proc := PI.hProcess;
Terminating Process TerminateProcess(FZebedeeProc, 8); >>>>>> ExitProcess????? CloseHandle(FZebedeeProc); FZebedeeProc := 0; FreeAndNil(FZebedeeTmpFile);
Look at Delphi CodeViewing Config and Log Files
function ViewFileInNotePad(const ALogFileName: string): Boolean;function ViewFileInNotePad(const ALogFileName: string): Boolean;varvar SystemRootDir: string;SystemRootDir: string; NotePad: string;NotePad: string;beginbegin Result := false;Result := false;
if FileExists(ALogFileName) thenif FileExists(ALogFileName) then beginbegin SystemRootDir := GetEnvironmentVariable('SystemRoot');SystemRootDir := GetEnvironmentVariable('SystemRoot'); NotePad := ConcatToFullFileName(SystemRootDir, '\system32\notepad.exe');NotePad := ConcatToFullFileName(SystemRootDir, '\system32\notepad.exe'); Result := CreateProcessAndWait(NotePad + ' "' +Result := CreateProcessAndWait(NotePad + ' "' + ALogFileName + '"', 0, SW_Normal, '', '') > 0;ALogFileName + '"', 0, SW_Normal, '', '') > 0; end;end;end;end;
Look at Delphi CodeDos Commands
Example Do IPConfigExample Do IPConfig
ACmd:=‘IPConfig’; ACmd:=‘IPConfig’;
TmpFile := TTemporyFile.Create;TmpFile := TTemporyFile.Create; trytry Return:= CreateProcessAndWait(ACmd, 30000, SW_SHOW,Return:= CreateProcessAndWait(ACmd, 30000, SW_SHOW, '', '', true, 0, TmpFile.Handle);'', '', true, 0, TmpFile.Handle); if Return=0 thenif Return=0 then ViewFileInNotePad(TmpFile.Filename)ViewFileInNotePad(TmpFile.Filename) elseelse raise Exception.Create('Command <' + ACmd + '> Failed::‘raise Exception.Create('Command <' + ACmd + '> Failed::‘ + WindowsErrorString(0));+ WindowsErrorString(0)); Sleep(1000); Sleep(1000); finallyfinally TmpFile.Free;TmpFile.Free; end;end;
Look at Delphi CodeQuery or Probe A Port
In A ThreadIn A Thread
>>>>FSocket.Open; {Where FSocket is a TClientSocket}FSocket.Open; {Where FSocket is a TClientSocket}if FSocket.Active {Connected} thenif FSocket.Active {Connected} then BeginBegin if not (FSocket.Socket.SendText(FQuery) = Length(FQuery)) thenif not (FSocket.Socket.SendText(FQuery) = Length(FQuery)) then FError := 'Could not Send All Data';FError := 'Could not Send All Data'; if FSocket.Active {Connected} and not FProbe thenif FSocket.Active {Connected} and not FProbe then FResponse := FSocket.Socket.ReceiveTextFResponse := FSocket.Socket.ReceiveText endend elseelse FError := 'Failed to Connect to ' + FHost + '::' + IntToStr(FSocket.Port) ;FError := 'Failed to Connect to ' + FHost + '::' + IntToStr(FSocket.Port) ;FIpWait.SetEvent;FIpWait.SetEvent;Suspend;Suspend;<<<<FSocket.Close;FSocket.Close;
Thank You