Information Technology - Tcp/http Bridge

...

The project was born with a simple attempt to make system administrators lives easier by implementing a TCP / IP Bridge. Many brainstorming ideas and restless attempts had lead us to a new creation. The concept was to close the gap between HTTP services and Raw TCP protocol, in which the HTTP server would be protected behind a firewall and NAT (Network Address Translation). After various exhausting hours of research, our predicament was resolved by one of the team members suggesting using WSDL (Web Services Description Languages) and C# to implement this new concept. Following our limited background knowledge we had set out on a new journey to enlighten ourselves on new horizon that we have drawn for ourselves. This new idea had originated by an article from ic3.gov defining security as visibilty and control, in which we have based the project on this simple definition.

Overview:

The group created five web services using ASMX format to get a WSDL (Web Services Description Language) document to write up a TCP Client to Listen on the network for incoming connection and using the Web service to perform queries on the Five web Service. The web services were written in C# programming language. We used Raspberry PI to perform our queries. From a command prompt, telnet to an IP address and will return 5 different selections written in Bash Script (from ITIS 3110) which will ask for the user’s name and password before making a selection.

The selections are the five web services which are the main focus of the team’s project. From a command line, a user can execute a command, query the SQL server, get current time, check credentials, and send an email. The various services can be queried from different application that work on the HTTP level, therefore, we added a TCP Bridge to convert the HTTP server to a raw TCP services to be consumed by numerous methods and scripting languages. The prospect client can use Bash, Perl, PHP, AWK, Powershell, Ruby, and an abundance of other methods to implement the TCP services.

The team used The TCP Bridge, as part of our featured security implementation to handle all outside requests and forward to the HTTP server using NAT (Network Address Translation) behind a firewall. The new element added to our project is the Microsoft SQL Server 2008 Database to hold user’s credentials and keep the request logs. When valid credentials are supplied, the listener makes an HTTP request to a web server and returns the query back. The network listener will automatically Email the IT staff of any requests using raw SMTP (See figure A).

The reason we want to implement a TCP/IP based service is because web services are prone to many security vulnerabilities, such as SQL injection, local file inclusion, remote file include, directory traversal, and or command execution on ASMX and WSDL type web services. Another reason we implemented the TCP services is because unlike web services, TCP services can be implemented by many different scripting and programing languages. We ran the TCP listener on a high port number such as 1633 because Linux and Windows OS hold low port numbers for root and administrative services. We implemented 3 attempt authentications, if failed, the server will stop responding to that host for at least an hour.

Network Diagram:

Figure A.

[pic 1]

HTTP server, another word for web server

maps URL requests from a web client to a resource that will handle the request and return a response to the client. the Web client & the Web server use HTTP to comm over a TCP network

Hosts the web service that the TCP Bridge will use to implement the five services for our project

TCP bridge will act as an intermediary

between the internal infrastructure and the

outside world.

(See Figure F)

Network Table

Host

IP Address

Description

Windows Server 2008 R2

192.168.0.2

The Windows Server will hold the HTTP server and Microsoft SQL server 2008 R2

Linux Server (Raspberry Pi)

192.168.0.3

The Pi will contain the TCP Bridge Client

Router (Cisco 4512)

192.168.0.1 (Private Interface)

68.2.43.75 (Public interface)

The Router will be the gateway between the internal network and the outside world

Switch (Cisco 231G)

N/A

The Switch will connect all the various local network’s clients together.

Requirements:

1. From ITIS 2110

A. SMTP ( Simple Mail Transport Protocol )

- Purpose:

The SMTP was an important part of our project simply for relaying and notifying the IT staff of any requests that were made. This is an important service because if a fake request or multiple incorrect requests are made, the IT team would be notified.

- What tests failed?

Initially the SMTP service wasn’t automatically e-mailing the IT Service Staff whenever a request was made. This was because we attempted to route the mail to an individual user instead of a destination mail server.

- How was it resolved?

After many attempts of trying to get the SMTP to work we researched our issue and realized it was being unable to connect to the mail server. We changed our DNS server address and it resolved our issue.

SMTP Basic Workflow Diagram

[pic 2]

Figure B.

B. TCP ( Transmission Control Protocol )

-