MS Access 2010 security when accessing SQL Server online

I built an Access 2010 front-end application that connects via ODBC linked tables to MS SQL Server which is hosted online. My customer is happy with the database in general but has become concerned with a perceived risk from hackers that might be able to grab/sniff his login credentials to the SQL Server while using this database on public wifi networks, etc.

What are my options for making this database configuration more secure? I have researched this online some, but I'm not coming away with anything that I really understand.

Thank you,
Riverwalk
RiverWalkAsked:
Who is Participating?
 
Jim Dettman (Microsoft MVP/ EE MVE)Connect With a Mentor President / OwnerCommented:
As has been said, most connections are done over a VPN (Virtual Private Network), which is an encrypted form of communications.

But if your not using VPN's, then you'll want to make sure SQL Server is configured to use SSL (Secure Sockets Layer).

This is a form of encryption that occurs over TCP/IP connections and anything that is transmitted is not visible.

This is what is used with web sites when you use a URL starting with https and see the little lock icon in your web browser.

Jim.
0
 
jadedataConnect With a Mentor MS Access Systems CreatorCommented:
My projects are launched from behind client firewalls via VPN or secure (as secure as their IT departments have made them) connections.  My clients can VPN in from airports and cafes all they like.

I suggest that a secure connection be required to start the front end, perhaps by putting up a terminal or application server as I have done on all of my projects in the last 15 years.  Virtualization technology has made this alot easier and cheaper to do.

If the client is so concerned ... what are they doing logging into a suspect connection from a public zone.

Just because you CAN do a thing, does not mean you SHOULD do a thing
0
 
RiverWalkAuthor Commented:
jadedata - Thank you for the info. I am a little confused about how VPN works. Are your clients opening an MS Access front-end that resides on their local hard drive or are they connecting to another PC and using Access remotely, on another PC?

Thank you,
Riverwalk
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
jadedataMS Access Systems CreatorCommented:
the MDB/AccDB is located on a virtual server with a copy set aside in a user folder on the Virtual Svr on a MS Application server.  The user can't even see it until they are securely behind the firewall
0
 
RiverWalkAuthor Commented:
JDettman - Thank you for your response.  Is there something that I also configure in the ODBC connection to make this work? And so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?

Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.

Thank you,
Riverwalk
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<Is there something that I also configure in the ODBC connection to make this work? >>

  You configure it on the client side or on the server side.  For details on all that, you can refer to this:

How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
http://support.microsoft.com/kb/316898

<<so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?>>

 That is correct.  It will all be encrypted.

<<Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.>>

  Yes.

 Same is true with VPN.   A VPN is a defined point to point tunnel over public connections.  

 It's typically used for remote users when they need to reach a specific network (like the one in your office).   All VPN traffic is encrypted, so if your using VPN's, you would not need to use SSL on top of that.  

 Besides the encryption, VPN gives users access to network resources, such as shared drives, printers, etc.   It's as if you walked into the office, plugged your laptop into a network port, and were on the office network.

 SSL doesn't give you that.   It only gives you a secure connection from one point to another, and the points don't have to be predefined.

 For example, I can have an SSL connection with Google, and then a few minutes later have one with Amazon.  But I can't see any of the computers, printers, etc on Amazon's or Google's network.

Jim.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.