How to connect to a remote server. What is remote access and how to organize it. Remote server
With COM, the client doesn't have to worry about where the object is located, it just makes a call to the interface of this object. COM technology provides all the necessary steps to make this call. The steps may vary depending on the location of the item. The object can be in the same process as the client, in a different process on the same computer as the client, or on another computer on the network. Depending on this, they apply different types servers:
1. internal server (In-process server);
2. local server or out-of-process server (Local server, Out-of-process server);
3. Remote server.
Internal server - This DLL, which is running in the same process along with the client. For example, element ActiveX controls, which is embedded in a Web page and viewed using Internet Explorer or Netscape Navigator. IN in this case ActiveX control loaded on client machine and is in the same process as Web browser. The client application communicates with the server within the process using direct calls to the COM interface. In Fig. 13.2. a diagram of interaction between the client and the internal server is presented.
Figure 13.2 - Scheme of client interaction with the internal server
The internal COM server must export four functions:
function DllRegisterServer: HResult; stdcall;
function DllUnregisterServer: HResult; stdcall;
function DllGetClassObject (const CLSID, IID: TGUID; var Obj): HResult;
function DllCanUnloadNow: HResult; stdcall;
All of the above functions are already implemented in the comserv module, you just need to add them to the exports descriptions of your project.
Let's look at these functions in more detail:
1. DllRegisterServer - used for DLL registration COM server in system registry Windows. When registering a COM class in the system registry, a section is created in HKEY_CZASSES_ROOTCLSID(XXXXXXXX-XXXX-XXXX-xxxx-xxxxxxxx), where the number written instead of the x characters is the CLSID of this COM class. For internal server V this section an additional subkey inProcserver32 is created. This subsection specifies the path to the internal server DLL (Fig. 3.4).
2. DllUnregisterServer - used to delete all sections, subsections and parameters that were created in the system registry by the DllRegisterServer function when registering the COM server DLL.
3. DllGetclassObject - returns the class factory for a specific COM class.
4. DllcanUnloadNow - used to determine whether it is possible to currently time to unload the COM server DLL from memory. The function checks whether there are pointers to any COM object of this DLL; if there are, it returns the value S_FALSE, i.e. the DLL cannot be unloaded. If no COM object of this DLL is used, then the function returns the value SJTRUE.
Figure 13.3 -Path to the local COM server in the system registry editor window
Local server - This is an EXE application that runs in a different process, but on the same computer as the client. For example, sheet spreadsheet Microsoft Excel linked to a document Microsoft Word. Moreover, two different applications work on the same computer. Local servers use COM to connect to the client.
When the client and server are in various applications, and also when they are on different computers on the network, COM uses internal (in-process) proxy(In-process proxy) to implement the procedure remote call. The proxy is located in the same process with the client, therefore, from the client's point of view, calling interfaces is carried out in the same way as in the case when the client and server are inside the same process. The proxy's task is to intercept client calls and redirect them to where the server is running. The mechanism that allows a client to access objects located in a different address space or on a different computer is called. marshaling(marshaling).
Marshalling functions:
1. accept an interface pointer from the server process and make the proxy pointer available in the client process;
2. pass arguments to interface calls as if they originated from the client and post the arguments to the remote object process.
For any interface call, the client pushes arguments onto the stack, calls required function COM object via an interface pointer. If the object is called outside of a process, the call goes through a proxy. The proxy packs the arguments into marshaling package and passes the resulting structure to the remote object. Stub(stub) of the object unpacks the marshaling package, selects arguments from the stack and calls the necessary function of the COM object.
Thus, marshaling is the process of packing information, and unmarshaling is the process of unpacking information.
The type of marshaling depends on the COM object ownership. Objects can use the standard marshaling mechanism provided by the IDispatch interface. Standard Marshalling allows you to establish communication using a standard system remote procedure call(Remote Procedure Call, RFC).
In Fig. Figure 13.4 shows a diagram showing the method of interaction between client and server in the case where applications run on the same computer, but in different applications.
Figure 13.4 - Scheme of client-server interaction in different processes on the same computer
The local COM server is registered in the system Windows registry the same as the internal COM server.
Remote server - it is a DLL or other application running on another computer. That is, the client and server run on different computers on the network. For example, a database application written in Delphi connects to a server on another computer on the network. The remote server uses distributed COM interfaces(Distributed COM, DCOM) for communication with the client.
The remote server also works using a proxy. The difference in operation between a local and a remote server is the type of interprocess communication used. When local server- this is COM, and in the case of a remote server - DCOM. The interaction diagram between the client and the remote server is shown in Fig. 13.5.
Figure 13.5 - Scheme of client-server interaction on different computers
COM clients
It is very important when developing COM applications to create applications called COM clients that can query object interfaces to determine the services that a COM object can provide.
A typical COM client is the Automation Controller. Automation Manager - this is the part of the application that knows what type of information it needs from various server objects, and it requests this information as needed.
COM extensions
COM technology was initially developed as a core for interprogram interaction. Already at the development stage, it was planned to expand the capabilities of the technology using so-called COM extensions. COM expands its own functionality by creating specialized sets of interfaces to solve specific problems.
ActiveX technology is a technology that uses COM components, especially controls. It was created to make working with controls more efficient. This is especially necessary when working with Internet/Intranet applications where controls must be downloaded to the client computer before they can be used.
ActiveX technology is not the only COM extension. In table Figure 3.2 presents some of the COM extensions currently in use.
Listed in table. 13.1 COM extensions are not all of those available. Old ones are constantly being refined and new, more advanced technologies for inter-program interaction are being created.
Table 13.1 - List of COM extensions
| COM extension | Short description |
| Automation servers | Automation servers- These are objects that can be controlled from other applications while the application is running. Thus, automation- is the ability of an application to programmatically control objects of other applications |
| Automation Controllers or COM Clients | Automation Managers- these are automation server clients. They allow the developer or user to write scripts to control automation servers |
| ActiveX Controls | ActiveX controls are designed for in-process COM servers. ActiveX controls typically used by embedding into a client application |
| Type Libraries | Type libraries are static data structures that are often saved as resource files. They contain detailed information about an object and its interfaces. Automation server clients and ActiveX controls use this information and always consider it available |
| Active Server Pages | Active server pages- This ActiveX components, which allow you to create dynamically changing Web pages |
| Active Documents | Active documents - these are objects that support linking and embedding, visual editing, and drag-and-drop. An example of such documents is Microsoft documents Word and Microsoft books Excel |
| Visual Cross-process Objects | Visual Interprocess Objects- these are visual objects that can be manipulated from other processes |
In Fig. Figure 13.6 is a diagram that shows the relationship of some COM extensions and their relationship to COM technology.
Using COM objects has both advantages and some limitations. COM objects can be either visual or non-visual. Some COM objects must be launched in the same process with the client, others - in different processes or on different computers.
The table below Section 13.2 briefly describes the object features of each of the above COM extensions.
Figure 13.6 - Technologies based on COM
Table 13.2 -Features of COM objects
I was inspired to write this masterpiece by the article “A Paranoid’s Dream or Once Again About Encryption.” Very wonderful and useful with one exception - if the “mask shows” come, they will take the server along with all the flash drives and keys. Hence the question - how to make sure that there are no traces of encryption, keys, etc. on the server at all?
The answer is simple - do not store them on the server. And do not store it near the server. And generally anywhere within the reach of a potential attacker.
The idea of the proposed solution is simple:
- On the server that needs to be protected (let’s call it “working”), install two systems. The first is minimal, for a regular NOT encrypted partition and consisting only of the kernel, console and network interfaces and does not use swap. The second - to an encrypted partition using the FeNUMe method. The encrypted section must be encrypted in its entirety and not contain any headers. From the point of view of an outside observer, this should be an unformatted area of the disk filled with random data.
- There must be a second (let’s call it “hidden”) server, geographically located in another country and registered to another person. The server should not respond to ping and should only accept requests from one single IP - the IP of the working server. Moreover, other connections should be cut off at the firewall level - for the rest of the world, except for the working server, the hidden server is a “black hole”.
- Loading a working server begins with launching a minimal (open) unencrypted system. During loading they rise network interfaces, SSH and ram disk.
- After loading the open system, it contacts the second server via the HTTP/HTTPS protocol.
- In response to the knock of the working server, the hidden server logs into the console of the working server by SSH protocol, copies a certain script and a key file from a hidden partition of the working server to the ram disk and runs the script. After which it turns off safely.
- The script connects hidden section(he has the key file), and launches the kernel from there using kexec. Those. a new system is actually being launched.
- All. Finita, as they say, is a comedy and a complete comprehensive profit.
- For those who wish, the hidden server can be equipped with a shutdown function upon receipt of a certain message from the SMS-email gateway (in fact, a shutdown function by receiving SMS). Moreover, before shutting down, he must log into the working server via SSH and turn it off. Those. The function of remote shutdown of both servers is added.
What do we have as a result?
If you remove the production server, then there is nothing on it except a bare system, which, after loading, is accessed at some mysterious URL. Such a seized system will not do much, since its IP will change and the hidden server will ignore all requests. Moreover, the very fact of the existence of a hidden server will be unprovable, because it responds to requests from one specific IP.
There is no way to prove the presence of any useful data on the production server - only an unmarked area filled with random data is visible.
No keys are stored on the production server.
It is in no way possible to prove the fact that encryption tools were used, because each time they are copied from another computer (from a hidden server) and located on a ram disk.
The entire main system of the working server, together with the kernel and logs, is located on an encrypted partition and the fact of its existence cannot be proven.
The owner of the server (his friends, relatives, colleagues) can turn off the hidden server at any time, making it impossible to access data on the working server, and the very fact of the presence of any data cannot be proven.
If there is control via SMS, then in the case of a mask show, the owner can remotely turn off both servers and after turning on, there will be nothing on the working server except a bare system.
The method is completely and 100% resistant to even the most severe thermorectal cryptanalysis. Because if you physically format a hidden server or delete the key file from it, then even if you want, the owner will not be able to show anything to anyone.
The method is resistant to failures - if the secret server unexpectedly died, then the owner can have a flash drive with the files necessary to start a working server buried in a secret place under the treasured linden tree. And having these files (script and key) no one forbids you to log in to open system working server via SSH and launch the encrypted system. True, resistance to thermorectal cryptanalysis in this case drops noticeably.
Among the shortcomings we have:
- if the hidden server is unavailable, the working server cannot start, but normal servers are rarely rebooted and if there is no Internet, then the working server is most likely useless;
- no one forbids having two hidden servers (duplication).
P.S.
Because Here they send questions by email, so I’ll write a few comments:
1) Simply using a hidden server to store data is not interesting, because... it is far away and the ping to it is high, and the channel is narrow.
2) Nothing is returned from the hidden server - the hidden server accesses the working server via SSH. If you give something away, then the scheme of work becomes clear and a lot of questions arise, plus, there is a reason to put pressure on the owner because... he "obstructs".
3) Access to a hidden server, of course, via HTTPS, so that the IP cannot be replaced. Although, in fact, this is not necessary - we still accept one single IP. Plus, the person knocking needs to have SSH keys.
4) This is not a panacea or protection from everything. If the state wants to imprison someone, it will imprison it. And you don’t need any servers for this. And if the special services take on someone, they will get what they deserve. This is protection purely from arbitrariness and chaos - when, due to competitors or juvenile pranksters, an unsuspecting server owner can receive a real sentence.
5) This applies primarily to web hosting, when there is no physical access to the server. For corporate servers, probably also use something similar, but it’s not clear why :)
6) In the Comments, everyone became attached to this unfortunate soldering iron, like a bath leaf to an ass. A soldering iron won't help. Even the absence of a server.
P.P.S.
Tired of arguing with strange people from parallel universe I add
Remote access is a system in which a user can remotely connect and control specific computer as if it were right in front of him. The most common example is that you connect to a computer in the office via home laptop, allowing you to manage files, use the resources of your work computer, and do everything as if you were right next to it.
Thousands of companies around the world use remote access systems and rely on them to key function their IT departments. Remote access is applicable to countless industries, from multinational commercial corporations to educational institutions, providing remote learning for students.
And as is often the case with IT systems, there are both advantages and disadvantages. Let's look at the positives and negatives of introducing this technology into your business. Advantages:
- Security is all yours important information, including files and documents, will be stored in the safest places for this - data centers, where there is almost zero probability of their theft or loss. The connection to the remote server is established with complex systems encryption that mitigates the risk of attack and other data loss opportunities common in standard computer networks.
- Flexibility - the main task remote access systems - the ability for workers to perform their functions literally from anywhere at any time. All you need is a computer and a secure Internet connection.
- Savings - often using a remote access system allows you to avoid spending on multiple copies of the same software, since this software can be used on the only computer. In addition, the computers used to gain access to the target machine do not necessarily have to be the most powerful, and therefore expensive.
Flaws:
- Downtime - If your data center cannot ensure perfect uninterrupted connection operation, then the risk of downtime is high. And since we're talking about If your remote access system fails, your entire system will be unavailable until the connection is restored.
- Dependence network connection- similar previous point, here the system will work perfectly as long as the remote computers have a stable and fast Internet connection. If it is lost, the system becomes inaccessible to these computers.
- Reduced performance - Depending on the power of the target computer and the number of connected computers, performance degradation and interference may occur.
- Knowledge - the remote access system administrator must have good knowledge topics and be available in case problems arise during a normal workday. Without necessary assistance If the system fails, the consequences can be dire.
How to organize a remote access system? Usually remote access requires installation of the program on the target computer (host) to which you want to connect. When this happens, another computer or device with the necessary permissions (the client) can connect to the host and control it.
Don't be intimidated by the technical complexity of remote access programs. Getting started with most remote access programs requires no more than a few clicks. Let's look at the two most common programs - TeamViewer and Abbyy Admin.
TeamViewer is one of the best solutions among remote access systems. There are a lot of features, and the program itself is very easy to install. No router or firewall settings are required.
Host
The computer to which you connect via TeamViewer can run any OS - Windows, Mac or Linux.
The first option is fully installed TeamViewer version, it is suitable if you are not sure what you need to do. The second is a portable version of TeamViewer QuickSupport, great choice in case the remote server needs to be configured once, or if installation is not possible. Third, TeamViewer Host - the best option, if the remote server must be able to constantly connect to it.
Client
TeamViewer provides many options for connecting to a remote computer on the client side. There are installable and portable versions for Windows, Mac, Linux, and also mobile applications for iOS, BlackBerry, Android and Windows Phone. This means you can connect and control a remote computer using your smartphone or tablet. In addition, it is possible to use the browser interface.
In addition, a number of other functions are included, for example, the ability to open access to a separate application window (instead of the entire desktop), as well as printing files from remote computer on a local printer.
Ammyy Admin- fully portable program remote access, which is very easy to set up. It works by connecting one computer to another through an ID generated by the program.
Host
Launch Ammyy Admin on the computer you want to access. No installation is required to work, and the application file weighs less than 1 MB.
From the Ammyy menu, select Service and launch the Ammyy Admin service so that you can access your computer without having to manually launch the program. You can also simply run the program and write down the ID number to which the client will connect.
Client
To connect to a host with Ammyy Admin, simply run the program on the client side and enter the ID of the other computer. The required identifier is displayed in Ammyy Admin on the computer from the host side. After this you can use the clipboard, voice chat and the function of transferring files in both directions.
Instructions
Go to the Start button menu and select Run. To create a remote server, you need to configure remote connections so that they are resolved and recorded in the database server and reports. IN command line enter the following: Microsoft SQL Server 2008 R2.
In the window that appears, open the “Customization Tools” tab. In it, go to the “Configuration Manager” section server and SQL". After that, find the “Network Configuration” node server and SQL". Unfold it double click left mouse button.
Select "Protocols" to make a remote server. In it, enable the TCP/IP protocol. Restart services server and SQL so that installed settings came into force. Go to the Start button menu. Now you need to activate remote administration in your system's firewall.
Select "Run". In the command line, enter the following: netsh.exe firewall set service type=REMOTEADMIN mode=Enable scope=ALL and click Enter key. Go to the Start button menu again.
Select "Control Panel". This time you need to configure DCOM permission for remote access to WMI utilities. Double-click on “Administration”. In the window that opens, go to the “Component Services” tab.
Find the “Computers” node, expand it, select “My Computer”. In the "Actions" section, find the "Properties" tab. To set up remote server Select "COM Security" and then click the "Edit Restrictions" button in the "Launch and Activation Permissions" section.
Enter your username and click OK. Expand the User or Group Permissions node. Check the boxes next to “Remote activation” and “Remote access”. Click OK. Then change WMI settings server A. Return to Computer Management in the Administrative Tools section.
Open the Security tab. Expand the folders there, then highlight the Admin folder and click the “Security” button again. Activate the items: “Enable account", "Enable remotely", "Read security". Click OK.
Sources:
- how to remove a server from the menu
If you have to do work in addition to the office at home, remote connection to a second computer may be useful. Indeed, carrying disks and flash drives with information back and forth is simply inconvenient - you need to think about not forgetting the media with work materials. In addition, not everything can be foreseen, and when installing remote access, all problems are solved by themselves, and necessary information turns out to be at hand.
You will need
- To establish remote access to a second computer, you will need its ID, password, and the TeamViewer program. If this is your PC, you know all this data. If this is your colleague's computer, you can get this data from him.
Instructions
Video on the topic
note
TeamViewer program very easy to use, but you can choose any other to your taste.
After establishing a remote connection, you will be able to work with documents located on the second computer and even download necessary files.
As practice shows, when working on the Internet, you may encounter a problem that displays next text"cannot find remote server" This problem prevents you from downloading files and does not allow you to access the site. Message about similar problem appears in computer games. This can be solved with simple operations.
You will need
- Personal Computer, MasterServers program
Instructions
In such cases, you can use special programs for searching remote server A. For example, download and install “MasterServers” on your computer. This patch server s necessary for the game, especially for Counter-Strike. Place the resulting “MasterServers.vdf” file in the folder where the game components are stored. For example, the file path might look like this: “C:GamesCounter-Strike 1.6platformconfigMasterServers.vdf”. By MasterServers.vdf click right click mice. A window will open where you will find the “Properties” section. Click on it with your mouse. Then a window will open again, where you select “Attributes”. In the box where it says “Read Only”, check the box. Everything is ready and now server s will be found.
You can also find the server. Open Internet Explorer with your mouse. Go to the menu called “Tools”, and then naturally to “Internet Options”. Select "Connection". Click the button LAN setup" Usually they are written there required addresses with number. Write them down or remember them, as you will need them later. In the “FF” item, go to “Tools”. Next, select Settings and Advanced. In the “Network” tab, click the “Configure” button. Go to the “Configure connection settings manually” tab. Enter the proxy and port there. The server will be up and running.
Video on the topic
Sources:
- impossible to find remote server in 2019
Connecting using the Remote Desktop Administration component does not require a separate license access terminal server clients, but implies the presence of an administrator access to computer resources.
To create a remote server, you first need to change the settings operating system and a firewall, so that it is possible to use requests for ports that will be used in the operation of the remote server.
Instructions
Go to the Start button menu and select Run. To create a remote server, you need to configure remote connections so that they are allowed and recorded in the database server and reports. Enter the following on the command line: Microsoft SQL Server 2008 R2.
In the window that appears, open the “Customization Tools” tab. In it, go to the “Configuration Manager” section server and SQL". After that, find the “Network Configuration” node server and SQL". Expand it by double-clicking with the left mouse button.
Select "Protocols" to make a remote server. In it, enable the TCP/IP protocol. Restart services server and SQL so that the configured settings take effect. Go to the Start button menu. Now you need to enable remote administration in your system's firewall.
Select "Run". In the command line, enter the following: netsh.exe firewall set service type=REMOTEADMIN mode=Enable scope=ALL and press Enter. Go to the Start button menu again.
Select "Control Panel". This time you need to configure DCOM permission for remote access to WMI utilities. Double-click on “Administration”. In the window that opens, go to the “Component Services” tab.
Find the “Computers” node, expand it, select “My Computer”. In the "Actions" section, find the "Properties" tab. To set up remote server Select "COM Security" and then click the "Edit Restrictions" button in the "Launch and Activation Permissions" section.
Enter your username and click OK. Expand the User or Group Permissions node. Check the boxes next to “Remote activation” and “Remote access”. Click OK. Then change WMI settings server A. Return to Computer Management in the Administrative Tools section.
Open the Security tab. Expand the folders there, then highlight the Admin folder and click the “Security” button again. Activate the items: “Enable account”, “Enable remotely”, “Read security”. Click OK.
