We are looking to design a security application that does the following on laptops:
If the ethernet adapter is used (cable plugged in) disable/block all other network connections (wireless WIFI, mobile broadband (PPP), virtual VPN adapters etc)
When ethernet adapter is not being used again, all connections allowed.
Does anyone have any good suggestion on how to accomplish this?
We have looked in the WMI a lot but there are no good ways of doing this. Only disabling the network connection is not secure enough because most mobile broadband applications try to re-establish the connection. This should be an application that works on all laptop vendors without any user interaction (such as choosing interfaces etc..).
So any suggestions on how to accomplish this would be much appreciated.
The simplest method for doing this is by disabling the adapter. You say this won't work for you, but I suspect it will. You can detect if something tries to re-enable it and act appropriately.
If that isn't going to work for you, then the next easiest thing to do is to remove the device itself. I believe you will need to used some unmanaged calls to get this done. There is some sample code on codeproject.com that will point you in the right direction.
Keep in mind, if the user runs a check for devices, it will show up again. You can monitor for DBT_DEVICEARRIVAL to detect when this happens, and again act appropriately.
You might also try simply disabling the device. Usually though I have seen that when you disable a network connection, this is exactly what it does. It might depend on the card and OS. I haven't experimented with it.
I suggest you reconsider simply disabling the network interface rather than going to the device level. It is a much cleaner way of doing this, and you can always detect if the interface comes back up. Anything else you do is going to be a bit hackish.
The only other method I can think of would be to block traffic using the Windows Firewall API. Just keep in mind that not all network traffic is over IP.
Well, this might not be the optimal solution but... You could use the route command to disable the interfaces ability to reach any network. It will probably require a lot of tweaking and constant monitoring of the routing table, but would effectively prevent the interfaces ability to communicate with any other device.
There are different ways of doing this. As stated by others in this question it needs to be done on a lower level than what the WMI allows. There are some C++ examples around that addresses this issue. Check out the library NETCONLib by Microsoft.
Related
I have a task where I need to understand the technical feasibility to setup a remote monitoring scenario for a HVAC solution which uses Bacnet/IP. I need to setup a .NET client that gets the telemetry and sends it to Azure IoT Hub. My current concern is to understand how can I connect to a Bacnet/IP network.
I don't have that much information information about the hardware installed besides the fact that it has sensors for pressure and humidity on the network and a DDC controller (EBCON - Delta Controls). As I was told, I don't need to care about the actually sensors since they are sending the telemetry to the controller, so I only to care about the controller and connect to it.
Yet based on what I have read so far, I have some doubts about this information, but I don't have the technical knowledge to support it. It seems that based on the information that I have read Bacnet communication is done by UDP listening on a port (which seems to go against the above information that I need to connect to a controller), if this is true and I listen on a UDP port, will all devices broadcast the telemetry on the network and I only need to be listening? What is the controller role then? Can I ignore it?
Any explanation or pointers can could help me understand this from a programmer PoV would be appreciated.
BACnet does indeed communicate via UDP. The scenario you describe, while possible, is quite a dangerous approach. Very few BACnet products offer any sort of BACnet protocol security, so to make a secure connection you will need to VPN into your site. Once on the VPN, then the VPN itself will most likely block broadcasts, so you will need to use BACnet "Foreign Device Registration" to connect. However most VPNs do a NAT translation too, so the BACnet server on site will have to supply "BACnet BBMD with FD with NAT" support. Quite rare. An alternative is to get a box on your site supplying connectivity from the site to the Azure IoT site. There are a few companies that offer this type of product, but it seems you want to program your own. This will not be trivial, and then you will have to do the "BACnet Object" to "whatever-data-format-you-need-on-Azure" mapping, which will need a rather deep understanding of the BACnet specification, which, on paper, is about 2.5 inches thick. You could ignore the VPN approach, port forward port 47808 (BACnet default, but it can be different per site config) to the controller. This is how some rather large companies have had their HVAC systems hacked. If you do pursue this approach, you will still need a BACNet Client-to-Azure mapping/transfer agent. You have not chosen a trivial project here. ;) Or you could purchase an off-the-shelf product (box) that does this all already.
And just by the way, there is a FOSS C# BACnet Client you can use for reference: https://sourceforge.net/projects/yetanotherbacnetexplorer/
For the benefit of others, if not also for yourself; there is the more BACnet-ty aspect of your question that I don't think has been addressed.
You have to be a bit more proactive with BACnet - you might have the presence of new devices (or at least devices that have just come online again) broadcast to you, but otherwise you have to actively read all the properties (/telemetry) values - at least the ones of interest.
There is the facility for subscribing for CoV (Change of Value) changes/values but at least in the past (if still not now) the concern was that this could flood the network, as well as possibly burden the device in having to keep sending updates to possibly many clients or just too-too often (above & beyond its primary job of monitoring & controlling the building for comfort and health & safety).
The standard does provide an 'object list' (upon 'device'-type objects), and a 'property list' upon every object, but you'll probably find that the 'property-list' is never supported/implemented despite it been a mandatory property (!?!).
So this is where you have to take an interest in every physical device - at least it's IP address & possibly MAC address too, along with all it's (relevant) objects & object-properties, for which you'll most likely have to sit with one/two/more engineers first to agree & understand as to what information that will actively be exposed (for you to monitor) & how (- e.g. the measurement units that a value is conveyed in).
In some cases (- e.g. maybe for small buildings), you might have to talk to all the devices individually, but in other cases you'll have points (/point 'object's) upon a gateway device that will represent all the devices that sit behind it.
So all in all, whether you direct to up to say 300 devices, or you interrogate 300 objects upon a gateway device - each one representing a physical device, you still might have a few properties of interest that you're interested in - under the guise of your telemetry, so 300 x 3 (for example), it adds up quite quickly, and then there's the error handling and complexity of the standard as a whole (- an uphill learning curve / you have to buy-in to understanding the foundations at least).
I'd recommend you also take a look at the (advanced & free) VTS (Visual Test Shell) tool.
Not sure if this helps but it was worth pointing out; underestimate BACnet at your own peril (!!). ;)
Can you tell me please how can I establish/tear down an existing ethernet (LAN) connection using C#?
In Windows UI it's quite simple, you're clicking right mouse button on the connection and choosing "Connect"/"Disconnect" command from the context menu. Is there any programmatic analogue of that action? It seemed rather simple to me but eventually I've found nothing on this matter. I found how to check a connection status, how to enumerate all the network interfaces, how to dial a 3G modem connection, how to enable/disable a network card, how to monitor availability of the net, etc, anything but this! Generally I need a software switcher that will be able to turn on and off an ethernet connection (not a network card!).
Isn't there a simple method something like GetConnection(connectionName).Connect()?
Make some searches on TCP/IP Client/Server modeling in c#, you actually can start by some already existing sample codes like this
Ethernet doesn't have a concept of "connected" or "disconnected". It is really a multiple random access medium. Also, I'm not sure what UI element you are talking about. On my machine, I can "connect/disconnect" wireless adapters, but not Ethernet adapters. This is because most wireless protocols have an actual concept of being "connected" to some access point. If you are really talking about a wireless adapter, I'm sure there are windows API's that can control them, but I don't know off hand where to point you. Otherwise, I think you might need to take a step back and explain the larger context of what you want to accomplish.
I'm writing an network related application and I want to protect it from reverse engineering by shutting it down, if packet sniffer is detected. How can I detect if packet sniffer is running? I could check the running apps and check their names against pre-defined strings (wireshark, httpanalyzer, etc..), but that doesn't seem to be the best way to do it. Is there a way to determinate if application is sniffing packets? Thanks
There is fundamentally no way to do this in general. Most networks in use today are intended to send the packets across the network in a manner that permits (or even requires) all devices on the cable to see the packets.
You have to get over the concept that your work is so valuable that you need to protect it in this way (or by using copy protection, obfuscation, etc). Protect your application by producing a great application that everyone will want to actually pay for.
You know you can run the sniffer on the router using openwrt and there is no way you could detect that.Just encrypt the stream.
I'm thinking like the methods games like Counter Sstrike, WoW etc uses. In CS you often have just like 50 ping, is there any way to send information to an online MySQL database at that speed?
Currently I'm using an online PHP script which my program requests, but this is really slow, because the program first has to send headers and post-information to it, and then retrieve the result as an ordinary webpage.
There really have to be any easier, faster way of doing this? I've heard about TCP/IP, is this what I should use here? Is it possible for it to connect to the database in a faster way than indirectly via the PHP script?
TCP/IP is made up of three protocols:
TCP
UDP
ICMP
ICMP is what you are using when you ping another computer on a network.
Games, like CounterStrike, don't care about what you previously did. So there's no requirement for completeness, to be able to reconstruct what you did (which is why competitors have to tape what they are doing). This is what UDP is used for - there's no guarantee that data is delivered or received. Which is why lag can be such a problem - you're already dead, you just didn't know it.
TCP guarantees that data is sent and received. Slower than UDP.
There are numerous things to be aware of to have a fast connection - less hops, etc.
Client-to-server for latency-critical stuff? Use non-blocking UDP.
For reliable stuff that can be a little slower, if you use TCP make sure you do so in a non-blocking fashion (select(), non-blocking send, etc.).
The big reason to use UDP is if you have time-sensitive data - if the position of a critter gets dropped, you're better off ignoring it and sending the next position packet rather than re-sending the last one.
And I don't think any high-performance game has each and every call resolve to a call to the database. It's more common to (if a database is even used) persist data occasionally, or at important events.
You're not going to implement Counterstrike or anything similar on top of http.
Most games like the ones you cite use UDP for this (one of the TCP/IP suite of protocols.) UDP is chosen over TCP for this application since it's lighter weight allowing for better performance and TCP's reliability features aren't necessary.
Keep in mind though, those games have standalone clients and servers usually written in C or C++. If your application is browser-based and you're trying to do this over HTTP then use a long-lived connection and strip back the headers as much as possible, including cookies. The Tornado framework may be of interest to you there. You may also want to look into HTML5 WebSockets however widespread support is still a fair way off.
If you are targeting a browser-based plugin like Flash, Java, SilverLight then you may be able to use UDP but I don't know enough about those platforms to confirm.
Edit:
Also worth mentioning: once your networking code and protocol is sufficiently optimized there are still things you can do to improve the experience for players with high pings.
I am working on an application that needs to control another device.
This control should be using Wi-Fi.
How can this be done in C#?
Important to know that the other device I want to make it.
I can afford the part of making and design but how to make it connect to PC using Wi-Fi?
I don't know about it.
I just need a key to start searching or some thing similar.
Connecting over Wi-Fi could be as easy as opening a socket on the server, and another on the client, and start streaming data. Of course this if both devices are compatible and has Wi-Fi receivers. Just think of them as two computers connected with a wire, or without a wire they will just behave the same.
The connection protocol will care about doing the magic of converting what you write on the socket, into RF signals received from the other device and converted back to bytes.
But if you are building your own antenna/receiver/protocol ... then things will be much more complicated.
If you have to ask then you're probably going to want a single board computer. Popular choices are:
gumstix
Zii EGG
nwg100 by Atmel
(XBee) --not too sure about these, I haven't used.
You can install a network stack and everything on them.