Transcript Slide 1

Packaging Zebedee and VNC
with Delphi
Zebedee Secure Tunnel
VNC Remote Screen Viewer
Plan
•
•
•
•
•
•
•
•
Aim
VNC
Zebedee
Delphi Wrap Application
Hardware Firewalls
Software Firewalls
Database Access Via Zebedee
Look at some Code
Primary Aim
• To run “PC support” over the internet safely.
• Two free products
– Real VNC (Free Version)
• Allows remote screen control over TCP/IP
• http://www.realvnc.com/products/enterprise/4.1/
– Zebedee
• Secure TCP Tunnel software
• http://www.winton.org.uk/zebedee/
• Delphi application used as a coordinator.
• Starts and confirms servers
• Provides simple tools
Free VNC
• Used alone
– No Encryption
– Could be Picked up by anyone on the Internet with a VNC
Viewer by calling port 5900
• Password Authentication Only
• Suggested configuration with Zebedee
–
–
–
–
Encrypted.
Accepts only local (127.0.0.1) calls.
Port 5900 should be blocked at firewalls
Only activated when required – Remove service mode
• Possible improvements
– Warn when service mode is present
– Change port used from 5900
Zebedee
•
•
•
•
An encrypted tunnel with compression
Can provide authentication
Can enable reverse call
Only Zebedee port need be exposed through firewall
VNC alone
Internet
zbd
zbd
Zebedee Tunnel
Zebedee
• Out of the box
– Sample Configuration files including one for VNC
• Typically “Execute” client or server configuration file
• No Filtering of permitted calls
• No Authentication
– Establish call by redirecting calling application to local Zebedee
client port.
• Suggested Configuration
–
–
–
–
–
–
Coded in the server and client configuration files.
Can be extended in the command line .
Make use of Zebedee public private key Authentication
Carefully manage server filters to limit permitted calls
Change port numbers
Use Reverse mode
Putting it all Together
• Wrapper programs attempt to ease the installation of the remote
service and trouble shoot both before and after connection is
established.
– Confirms connection to net and discovers network side IP address of
machine
– Confirms VNC and Zebedee executables are installed
• If not install them from delivery files
– Starts programs and confirms servers are operating
• Basic status diagnostics
– Facilitates viewing of configuration and log files
– Anything else we think might be useful
• Single Inno Setup Install of all required files from URL
– http://www.innovasolutions.com.au/test/RmtSprt.html
– I think we need to deliver 3rd party installs as is
•
including undesirable configuration files
Hardware Firewall
Best form of Firewall
Protected LAN
192.168.0.23-26
PCs are connected
to safe local area
network.
They can share files
etc., contact LAN
servers and do not
need firewall
software
Internet
192.168.0.1
34.23.26.2
Controls access from
Internet with clear rules
Corporate Fws,
typically running on
dedicated boxes, will
also control outgoing
calls
168.3.23.88
Hardware Firewalls
• The simple router based firewall generally
requires no rules for a customer call home
implementation.
• At the Support Center the incoming ports
have to be forwarded to the specific server
– Could use broadcast I think
– Should use specific server
• Generally requires fixed IP address on the LAN
Software Firewall
• A software program which intercepts calls
to the IP stack to impose its rules.
• Essential when connected to a public LAN
or dial up.
– Otherwise I am not a fan of these firewalls
• They are a major cause of network problems
• They are generally configured via an uninformed
click
• They can manage installed software trying
to initiating calls.
Software Firewalls
• Firewall rules must be configured on a per
connection basis
Internet
Intranet
Share Directories
Share Printers
Share Databases
Wireless
Deny incoming
Call anywhere
(If Authorised)
Café
Wireless
Dial Up
Ethernet
Hotel Ethernet
Database Via Zebedee
• Configuration file at server needs to allow access to the
Db Server Port Number
– target MyDbServer:3050
• Configuration file at client end needs to forward a
specified port to the Db Server
– tunnel 1020:192.168.0.76:3050
• MyDbServer fails here on version 2.4.1 as resolved locally
• The database client needs to be directed to that client
port
– Firebird can be specified by port no
• Localhost/1020
– Interbase needs an entry in services
• Localhost/gds_zebedee
• Add gds_zebedee to C:\WINDOWS\system32\drivers\etc\Services
Look at Delphi Code
Process Control
Starting Process
FZebedeeProc := LaunchProcessAndReturnHandle(Cmd, FZebedeeTmpFile);
>>>>>>>
if StdOut > 0 then {where StdOut = FZebedeeTmpFile.Handle - Inheritable}
begin
SI.hStdOutput := StdOut;
SI.hStdError := StdOut;
end;
if not CreateProcess(nil, PChar(Cmd), nil, nil, True,
CreateFlag, nil, nil, SI, PI) then
raise ………..
CloseHandle(PI.hThread);
Proc := PI.hProcess;
Terminating Process
TerminateProcess(FZebedeeProc, 8);
CloseHandle(FZebedeeProc);
FZebedeeProc := 0;
FreeAndNil(FZebedeeTmpFile);
>>>>>>
ExitProcess?????
Look at Delphi Code
Viewing Config and Log Files
function ViewFileInNotePad(const ALogFileName: string): Boolean;
var
SystemRootDir: string;
NotePad: string;
begin
Result := false;
if FileExists(ALogFileName) then
begin
SystemRootDir := GetEnvironmentVariable('SystemRoot');
NotePad := ConcatToFullFileName(SystemRootDir, '\system32\notepad.exe');
Result := CreateProcessAndWait(NotePad + ' "' +
ALogFileName + '"', 0, SW_Normal, '', '') > 0;
end;
end;
Look at Delphi Code
Dos Commands
Example Do IPConfig
ACmd:=‘IPConfig’;
TmpFile := TTemporyFile.Create;
try
Return:= CreateProcessAndWait(ACmd, 30000, SW_SHOW,
'', '', true, 0, TmpFile.Handle);
if Return=0 then
ViewFileInNotePad(TmpFile.Filename)
else
raise Exception.Create('Command <' + ACmd + '> Failed::‘
+ WindowsErrorString(0));
Sleep(1000);
finally
TmpFile.Free;
end;
Look at Delphi Code
Query or Probe A Port
In A Thread
>>
FSocket.Open; {Where FSocket is a TClientSocket}
if FSocket.Active {Connected} then
Begin
if not (FSocket.Socket.SendText(FQuery) = Length(FQuery)) then
FError := 'Could not Send All Data';
if FSocket.Active {Connected} and not FProbe then
FResponse := FSocket.Socket.ReceiveText
end
else
FError := 'Failed to Connect to ' + FHost + '::' + IntToStr(FSocket.Port) ;
FIpWait.SetEvent;
Suspend;
<<
FSocket.Close;
Thank You