SecureBridge Details
SecureBridge can protect any TCP traffic using SSH or SSL.
SSH and SSL are secure transport layer protocols that provide authentication
for both client and server, strong encryption, and data integrity verification.
SecureBridge can be used in conjunction with data access components to prevent
data interception or modification in an untrusted network.
Advantages of SecureBridge Library
SecureBridge is very convenient in setup and usage. It is
enough to place several components on the form and specify the server address
and the user login information to establish a secure connection.
Applications that have to work with secure information are easy to deploy, as
they do not require any external files.
Full Support for the SSH2 Protocol
SecureBridge supports SSH2 protocol which is one of the most reliable protocols
for data encryption.
SSH2 is an acknowledged industry standard in the area of secure data transfer
through unprotected connections.
Full Support for SSL 3.0 a TLS 1.0 Protocols
SecureBridge supports Secure Socket Layer (SSL) protocol, which is one of the
most reliable protocols
for data encryption along with SSH. SSL is a widely used protocol for ensuring
safety of financial operations in Internet.
Any Internet-resource that deals with money, protects its operations with SSL.
SSH Client
SecureBridge SSH client, which is implemented in the TScSSHClient component,
can work with different
SSH servers like OpenSSH, WinSSHD. It allows you to achieve high performance
due to connection parameters
management.
SSH client unites several unprotected channels from client to server in one
protected connection.
Logical channels can exist in different threads.
SSH Server
High-performance SSH server with wide abilities for connection setup
and users management.
SSH server works with different types of SSH clients such as OpenSSH,
PuTTY etc. Number of the clients connected
simultaneously is limited only by system resources.
SFTP Client
SecureBridge SFTP Client, that is implemented in the TScSFTPClient
component, serves for secure file transfer (and more generally
- file system access).
SSL Client
SecureBridge SSL client is implemented in the TScSSLClient component.
It can work with other applications through SSL 3.0 and TLS 1.0 protocols.
SSL client validates server certificate, encrypts/decrypts data transferred
through a network.
Protection Against Diverse Attacks
SecureBridge protects transferred data against different kinds of attacks.
SecureBridge uses the Diffie-Hellman
key exchange algorithm for connection establishing. A reliable random number
generator is used for generating keys.
To protect data against illegal access, information gets encrypted by symmetric
algorithms that provide high speed and reliability.
For data integrity verification hash algorithms like SHA1 are used.
Support for Third Party Components
SecureBridge supports Internet Direct components (Indy) and Data Access
Components for MySQL (MyDAC).
This allows you to implement all the advantages of encrypted connections
within a single application without any
external files.
How Does SecureBridge Work?
In order to ensure data safety in insecure networks, it is essential to take
care of data protection and integrity, as well as
of data receiver identification. So before putting the data into the insecure
area, it should be encrypted.
On the other side the data should be decrypted. In a general case an encrypted
connection between a client
and a server may look like this:
General view of secure connections
Both security client and security server can be implemented with SecureBridge
just by adding several components
into your application. This will not affect its architecture, and will not add
any external dependencies.
It is also possible with SecureBridge to make separate security client and server
applications to protect connections
between trusted networks.
Both SSH and SSL are designed to protect network connections.
As these protocols have certain differences, they have to be described
separately.
SSH tunnel can ensure data transferring from several clients of
one secure area to clients in another secure area through one
protected TCP connection. The general chart of computer ties when connecting
through the SSH tunnel is presented below:
SSH tunnel diagram
SecureBridge can act as both SSH client (TScSSHClient) and SSH server
(TScSSHServer).
In some cases SSH client and SSH server are embedded into applications
whose connections have
to be protected.
SSL connection resembles SSH tunnel. The difference is that
SSL client and SSL server are
always embedded into applications. To put some data into network, an application
calls methods of the embedded SSL client/server, and data is encrypted and sent.
To get data from network,
the application also calls methods of SSL. So, SSL clients and servers operate
within the application's address space.
The general chart of computer ties when connecting through SSL is
presented below:
SSL connection diagram
Functionality of the SSL client is implemented in the TScSSLClient component.
It lets building fast clients for different servers that support SSL.
Components
SecureBridge includes the following components:
- TScSSHClient - SSH-client, unites several logical unprotected connections
to the server into
one protected connection. Logical connections can exist in different threads
- TScSSHChannel - logical connection to TScSSHClient within the client
secure area.
Receives/sends data from/to SSH server or forwards from the TCP port of one
computer to another computer through a secure channel
- TScSSHShell - Serves for remote commands execution using abilities of
an SSH server
- TScSSHServer - implements SSH server functionality
- TScSFTPClient - implements the functionality of SFTP protocol.
- TScSSLClient - SSL-client, supports SSL 3.0 and TLS 1.0 protocols. It
validates server certificate, encrypts/decrypts data transferred
through a network
- TScFileStorage - stores list of certificates, keys, and users in files
- TScRegStorage - stores list of certificates, keys, and users in
the system registry
- TScCryptoAPIStorage - stores list of certificates and keys in system
and external storages using the CryptoAPI functionality
- TScIdIOHandler - provides easy integration with Indy components to
protect data transferred through network by Indy
- TMySSHIOHandler - lets MyDAC connecting to MySQL server through
secure connection (this component is included into MyDAC as a demo project)
- TMySSLIOHandler - lets MyDAC connecting to MySQL server through SSL
connection (this component is included into MyDAC as a demo project)
Compatibility
SecureBridge is tested with OpenSSH 3.8 and PuTTY.
SecureBridge is compatible with the following IDEs:
SecureBridge supports only Professional, Enterprise, and Architect
IDE editions.
SecureBridge Design-Time View