Solved

MS Access 2010 security when accessing SQL Server online

Posted on 2014-04-15
6
605 Views
Last Modified: 2014-04-16
I built an Access 2010 front-end application that connects via ODBC linked tables to MS SQL Server which is hosted online. My customer is happy with the database in general but has become concerned with a perceived risk from hackers that might be able to grab/sniff his login credentials to the SQL Server while using this database on public wifi networks, etc.

What are my options for making this database configuration more secure? I have researched this online some, but I'm not coming away with anything that I really understand.

Thank you,
Riverwalk
0
Comment
Question by:RiverWalk
  • 2
  • 2
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:jadedata
jadedata earned 250 total points
ID: 40003760
My projects are launched from behind client firewalls via VPN or secure (as secure as their IT departments have made them) connections.  My clients can VPN in from airports and cafes all they like.

I suggest that a secure connection be required to start the front end, perhaps by putting up a terminal or application server as I have done on all of my projects in the last 15 years.  Virtualization technology has made this alot easier and cheaper to do.

If the client is so concerned ... what are they doing logging into a suspect connection from a public zone.

Just because you CAN do a thing, does not mean you SHOULD do a thing
0
 
LVL 57

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 250 total points
ID: 40003997
As has been said, most connections are done over a VPN (Virtual Private Network), which is an encrypted form of communications.

But if your not using VPN's, then you'll want to make sure SQL Server is configured to use SSL (Secure Sockets Layer).

This is a form of encryption that occurs over TCP/IP connections and anything that is transmitted is not visible.

This is what is used with web sites when you use a URL starting with https and see the little lock icon in your web browser.

Jim.
0
 

Author Comment

by:RiverWalk
ID: 40004083
jadedata - Thank you for the info. I am a little confused about how VPN works. Are your clients opening an MS Access front-end that resides on their local hard drive or are they connecting to another PC and using Access remotely, on another PC?

Thank you,
Riverwalk
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 32

Expert Comment

by:jadedata
ID: 40004100
the MDB/AccDB is located on a virtual server with a copy set aside in a user folder on the Virtual Svr on a MS Application server.  The user can't even see it until they are securely behind the firewall
0
 

Author Comment

by:RiverWalk
ID: 40004102
JDettman - Thank you for your response.  Is there something that I also configure in the ODBC connection to make this work? And so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?

Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.

Thank you,
Riverwalk
0
 
LVL 57
ID: 40004189
<<Is there something that I also configure in the ODBC connection to make this work? >>

  You configure it on the client side or on the server side.  For details on all that, you can refer to this:

How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
http://support.microsoft.com/kb/316898

<<so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?>>

 That is correct.  It will all be encrypted.

<<Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.>>

  Yes.

 Same is true with VPN.   A VPN is a defined point to point tunnel over public connections.  

 It's typically used for remote users when they need to reach a specific network (like the one in your office).   All VPN traffic is encrypted, so if your using VPN's, you would not need to use SSL on top of that.  

 Besides the encryption, VPN gives users access to network resources, such as shared drives, printers, etc.   It's as if you walked into the office, plugged your laptop into a network port, and were on the office network.

 SSL doesn't give you that.   It only gives you a secure connection from one point to another, and the points don't have to be predefined.

 For example, I can have an SSL connection with Google, and then a few minutes later have one with Amazon.  But I can't see any of the computers, printers, etc on Amazon's or Google's network.

Jim.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Experts-Exchange is a great place to come for help with solutions for your database issues, and many problems are resolved within minutes of being posted.  Others take a little more time and effort and often providing a sample database is very helpf…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
In Microsoft Access, learn the trick to repeating sub-report headings at the top of each page. The problem with sub-reports and headings: Add a dummy group to the sub report using the expression =1: Set the “Repeat Section” property of the dummy…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question