A User Manual for the 'DoorOpen' Application (Vn 1.1)
| Revision History | ||
|---|---|---|
| Revision 1.0 | 15 January 2008 | AJG |
|
DoorOpen v1.0 release. | ||
| Revision 1.1 | 17 February 2008 | AJG |
|
DoorOpen v1.1 release. | ||
Abstract
This document describes how to install and use the 'DoorOpen' software application. This is a .Net 2 Windows application which enables users to open ACTAtek controlled doors remotely, and to view any associated network cameras.
This document describes how to install and use the 'DoorOpen' Windows application, which has been developed by RCRT in partnership with Cambridge ICT.
For more information, see: http://www.rcrt.co.uk
The purpose of DoorOpen is to enable users to remotely open security doors that are controlled by ACTAtek units, and to view any network cameras that are associated with those doors. The DoorOpen application can be configured to manage one or more 'doors'.
This document consists of the following sections:
Section 1: An Introduction.
Section 2: Describes how to install the DoorOpen application on a client machine, and unlock the software.
Section 3: Provides an overview of the DoorOpen application's user Interface.
Section 4: Describes how to set-up and configure the DoorOpen application.
Section 5: Describes how to use the DoorOpen application.
Section 6: Covers some of the basic security considerations that should be taken into account when using the application.
The DoorOpen Application's User Interface
The DoorOpen application is distributed for installation by an 'msi installer'. Prior to installing DoorOpen, it is prudent to uninstall any previous versions of the tool that are already installed on the target machine.
The DoorOpen application can be installed by running the DoorOpen MSI installer, shown above. This installs the application, after which the DoorOpen application will be launched automatically[1].
When the application is first started, the user is asked whether they wish to 'unlock' the application. When they chose to do so, they will be presented with a product license 'unlock' dialog, as shown below:
The user should enter their e-mail address and license code in the fields provided. If this information is correct, then the license code will be validated, and the product unlocked, which is then confirmed to the user[2].
The DoorOpen application's user interface is as shown previously; the application's main form consists of: a menu bar, a central working area, and a status bar at the bottom of the form.
The central working area includes a series of tabs corresponding to the doors that are to be managed, together with application 'Exit' and 'Iconise' buttons[3].
The menu bar at the top of the form includes the following menus:
The File Menu
The 'File' Menu allows the user to 'Iconise' or 'Exit' the DoorOpen application.
The Doors Menu
The 'Doors' Menu allows the user to add a new door, edit an existing door, or remove a door from the application's configuration.
The Tools Menu
The 'Tools' Menu contains two entries: 'Test Actatek Connection' and 'Test Camera Connection'. These buttons launch utilities that check whether the Actatek unit and any associated camera are on-line and are accessible.
The Help Menu
The 'Help' Menu includes a set of links, including links to the RCRT and CAMICT websites, and to the DoorOpen application support page.
The Event-Log Menu
The 'Event-Log' Menu enables the user to view the RCRT Windows Event Log. This is the Windows log that is written to by our applications, including 'DoorOpen'.
Each door that is added to the application is represented by a 'Tab Page' on the main tab control. Each tab page includes an image viewer area on the left hand side of the tab, and some controls on the right. These include a button that enables the door to be opened.
The DoorOpen application also has an icon in the Windows 'Notification Area'[4], the application icon is a 'closed door' which temporarily changes to an 'open door' icon when a door is opened.
If this icon is 'double clicked' when the application is iconised, then the main application form is displayed on the Windows desktop. If the icon is 'right clicked' then a popup context menu is displayed, as shown below:
By clicking on the items in this menu, any of the doors can be opened, or the application can be closed down.
Doors are either added or edited using the 'Door Configuration Editor' form; each 'Door' has a unique name, and an associated ACTAtek unit, and (optionally) an associated network camera. A network camera also has (optional) authentication information, which should be provided as necessary.
There are two main sections in the door configuration editor:
ACTAtek Details.
This section contains connection configuration information for an ACTAtek unit.
Network Camera Details.
This section contains connection configuration information for a network camera.
The Door Configuration Editor's Menu Bar
The menu bar at the top of the Door Configuration form includes the following menus:
The File Menu
The 'File' menu provides the ability to 'close' the form.
The Tools Menu
The 'Tools' menu includes three entries: 'Detect Camera Type', 'Test Actatek Connection' and 'Test Camera Connection'. These are described in section 5.
DoorOpen Door Configuration Fields
Table 1. Door Configuration Fields
| ACTAtek Connection | ||
| Address | Text Field | This is the address for the ACTAtek unit. |
| Protocol | Pull down | There is a choice of 'http' or 'https'. The latter uses SSL to encrypt the SOAP network traffic between DoorOpen and the ACTAtek unit. |
| Login ID | Text Field | The account to be used to log in to the ACTAtek unit. Note: it is recommended that a dedicated 'User Administrator' account is set up on ACTAtek, rather than using a 'Super Administrator' account. |
| Password | Password Field | The password for the ACTAtek account to be used. Note: the letters of the password are displayed as asterisks. |
| Network Camera Details | ||
| Camera | Checkbox | This is ticked to indicate that the Door has an associated network camera. The other controls in this section are only enabled if this checkbox is ticked. |
| Authentication | Checkbox | This is ticked to indicate that the camera requires authentication. The 'login' and 'password' fields are only enabled if this checkbox is ticked. |
| Model | Pull down | This sets the type of network camera that is to be used. |
| Address | Text Field | This sets the address of the network camera to be used. |
| Protocol | Pull down | There is a choice of 'http' or 'https'. Most cameras are usually configured for 'http' access. |
| Login | Text Field | This login to be used for the camera. |
| Password | Password Field | This password to be used for the camera. |
The DoorOpen application can be started in the usual way; it is recommended that the application is added to the 'Start' menu when frequent access is required.
A network camera can be viewed using the 'Camera' controls on the tab page for the associated door. The camera viewer can display images captured from a network camera; the 'Camera Mode' control has the settings: 'Off', 'Snapshot', or 'Repeat'.
When in 'Snapshot' mode, the image is updated on request (using a 'Snapshot' button that is only shown in that mode), after a short period the viewer is then cleared. In 'Repeat' mode, the image is continuously updated at regular intervals.
The 'Open Door' button - opens the door for the tab on which it is located.
Alternatively, the 'Open' entry for the required door can be clicked in the popup menu that appears when the Notification Icon is 'right clicked'.
The DoorOpen application writes logging information to a Windows Event Log, which is shared by all RCRT Windows applications. This logs application events, including 'Door Open' events, together with any errors that occur.
This event log can be viewed, either using standard Windows tools, or the application's Event Log Viewer, which is shown below, and can be launched from the 'Event-Log' menu on the main menu bar.
The Application's Windows Event Log Viewer
If the user 'clicks' on a row in the event list, then a separate dialog is launched showing that event's details. The 'Clear Log' button clears the RCRT Windows Event Log, and the 'Export Log' button exports the contents of the log to an xml file. The latter facility is often useful for remote application support.
The 'Actatek Test' utility checks that the DoorOpen client can connect to the Actatek unit and log in to it successfully. This tool can be launched from the 'Tools' menu that appears both on the main application form, and also on the 'Door Configuration Editor' form.
The 'Camera Test' utility checks that the DoorOpen client can connect to the network camera. This tool can be launched from the 'Tools' menu that appears both on the main application form, and also on the 'Door Configuration Editor' form.
The main security issues that are raised by the use of the DoorOpen application[5], are as follows:
The DoorOpen application is controlled by Windows account security, it is not separately password protected. Clearly, the machine/account hosting the application should never be left unguarded in an unsecure environment.
If the DoorOpen application's host terminal were left open, then ACTAtek and/or Network Camera login details could be read directly from the application. However, the corresponding passwords are obscured on the front-end.
A technically sophisticated miscreant might also, in principle, extract the user ids and passwords from the Windows account's .Net isolated storage files, if the host account were left unprotected.
The DoorOpen application communicates with the ACTAtek unit over a network using the SOAP protocol, which transmits requests and responses encoded as xml, which is 'readable'.
Consequently, if standard http is used to transmit these SOAP messages, then there is a risk that a 'network sniffer' could intercept and acquire the message contents, including the ACTAtek's login information, and any other data being passed to it.
In situations where this is a concern, DoorOpen can be configured to use the https protocol[6]; data will then be transmitted to and from the ACTAtek in an encrypted format using SSL. This option can be selected using the 'protocol' selector in the door configuration tab.
[1] The DoorOpen application requires that MS .Net 2 is installed on the target machine.
[2] Users should use the same e-mail address for any subsequent 'unlocks', also if the user has a registered account on the RCRT website, then they should use their registered e-mail address.
[3] When the application is first started, there will be no doors configured, and so the central tab control will be empty.
[4] This is a row of icons that usually appears at the bottom right of a user's desktop.
[5] These are issues specific to the 'DoorOpen' application, and excluding any others specific to ACTAtek units.
[6] https is the application start-up default setting.