Packaging Zebedee and VNC with Delphi Zebedee Secure

Packaging Zebedee and VNC with Delphi Zebedee Secure Tunnel VNC Remote Screen Viewer

Plan • • Aim VNC Zebedee Delphi Wrap Application Hardware Firewalls Software Firewalls Database Access Via Zebedee Look at some Code

Primary Aim • To run “PC support” over the internet safely. • Two free products – Real VNC (Free Version) • Allows remote screen control over TCP/IP • http: //www. realvnc. com/products/enterprise/4. 1/ – Zebedee • Secure TCP Tunnel software • http: //www. winton. org. uk/zebedee/ • Delphi application used as a coordinator. • Starts and confirms servers • Provides simple tools

Free VNC • Used alone – No Encryption – Could be Picked up by anyone on the Internet with a VNC Viewer by calling port 5900 • Password Authentication Only • Suggested configuration with Zebedee – – Encrypted. Accepts only local (127. 0. 0. 1) calls. Port 5900 should be blocked at firewalls Only activated when required – Remove service mode • Possible improvements – Warn when service mode is present – Change port used from 5900

Zebedee • • An encrypted tunnel with compression Can provide authentication Can enable reverse call Only Zebedee port need be exposed through firewall VNC alone Internet zbd Zebedee Tunnel zbd

Zebedee • Out of the box – Sample Configuration files including one for VNC • Typically “Execute” client or server configuration file • No Filtering of permitted calls • No Authentication – Establish call by redirecting calling application to local Zebedee client port. • Suggested Configuration – – – Coded in the server and client configuration files. Can be extended in the command line. Make use of Zebedee public private key Authentication Carefully manage server filters to limit permitted calls Change port numbers Use Reverse mode

Putting it all Together • Wrapper programs attempt to ease the installation of the remote service and trouble shoot both before and after connection is established. – Confirms connection to net and discovers network side IP address of machine – Confirms VNC and Zebedee executables are installed • If not install them from delivery files – Starts programs and confirms servers are operating • Basic status diagnostics – Facilitates viewing of configuration and log files – Anything else we think might be useful • Single Inno Setup Install of all required files from URL – http: //www. innovasolutions. com. au/test/Rmt. Sprt. html – I think we need to deliver 3 rd party installs as is • including undesirable configuration files

Hardware Firewall Best form of Firewall Protected LAN 192. 168. 0. 23 -26 PCs are connected to safe local area network. They can share files etc. , contact LAN servers and do not need firewall software Internet 192. 168. 0. 1 34. 23. 26. 2 Controls access from Internet with clear rules Corporate Fws, typically running on dedicated boxes, will also control outgoing calls 168. 3. 23. 88

Hardware Firewalls • The simple router based firewall generally requires no rules for a customer call home implementation. • At the Support Center the incoming ports have to be forwarded to the specific server – Could use broadcast I think – Should use specific server • Generally requires fixed IP address on the LAN

Software Firewall • A software program which intercepts calls to the IP stack to impose its rules. • Essential when connected to a public LAN or dial up. – Otherwise I am not a fan of these firewalls • They are a major cause of network problems • They are generally configured via an uninformed click • They can manage installed software trying to initiating calls.

Software Firewalls • Firewall rules must be configured on a per connection basis Internet Intranet Share Directories Share Printers Share Databases Wireless Deny incoming Call anywhere (If Authorised) Café Wireless Dial Up Ethernet Hotel Ethernet

Database Via Zebedee • Configuration file at server needs to allow access to the Db Server Port Number – target My. Db. Server: 3050 • Configuration file at client end needs to forward a specified port to the Db Server – tunnel 1020: 192. 168. 0. 76: 3050 • My. Db. Server fails here on version 2. 4. 1 as resolved locally • The database client needs to be directed to that client port – Firebird can be specified by port no • Localhost/1020 – Interbase needs an entry in services • Localhost/gds_zebedee • Add gds_zebedee to C: WINDOWSsystem 32driversetcServices

Look at Delphi Code Process Control Starting Process FZebedee. Proc : = Launch. Process. And. Return. Handle(Cmd, FZebedee. Tmp. File); >>>>>>> if Std. Out > 0 then {where Std. Out = FZebedee. Tmp. File. Handle - Inheritable} begin SI. h. Std. Output : = Std. Out; SI. h. Std. Error : = Std. Out; end; if not Create. Process(nil, PChar(Cmd), nil, True, Create. Flag, nil, SI, PI) then raise ………. . Close. Handle(PI. h. Thread); Proc : = PI. h. Process; Terminating Process Terminate. Process(FZebedee. Proc, 8); Close. Handle(FZebedee. Proc); FZebedee. Proc : = 0; Free. And. Nil(FZebedee. Tmp. File); >>>>>> Exit. Process? ? ?

Look at Delphi Code Viewing Config and Log Files function View. File. In. Note. Pad(const ALog. File. Name: string): Boolean; var System. Root. Dir: string; Note. Pad: string; begin Result : = false; if File. Exists(ALog. File. Name) then begin System. Root. Dir : = Get. Environment. Variable('System. Root'); Note. Pad : = Concat. To. Full. File. Name(System. Root. Dir, 'system 32notepad. exe'); Result : = Create. Process. And. Wait(Note. Pad + ' "' + ALog. File. Name + '"', 0, SW_Normal, '') > 0; end;

Look at Delphi Code Dos Commands Example Do IPConfig ACmd: =‘IPConfig’; Tmp. File : = TTempory. File. Create; try Return: = Create. Process. And. Wait(ACmd, 30000, SW_SHOW, '', true, 0, Tmp. File. Handle); if Return=0 then View. File. In. Note. Pad(Tmp. Filename) else raise Exception. Create('Command <' + ACmd + '> Failed: : ‘ + Windows. Error. String(0)); Sleep(1000); finally Tmp. File. Free; end;

Look at Delphi Code Query or Probe A Port In A Thread >> FSocket. Open; {Where FSocket is a TClient. Socket} if FSocket. Active {Connected} then Begin if not (FSocket. Send. Text(FQuery) = Length(FQuery)) then FError : = 'Could not Send All Data'; if FSocket. Active {Connected} and not FProbe then FResponse : = FSocket. Receive. Text end else FError : = 'Failed to Connect to ' + FHost + ': : ' + Int. To. Str(FSocket. Port) ; FIp. Wait. Set. Event; Suspend; << FSocket. Close;

Thank You