Solved

MS Access 2010 security when accessing SQL Server online

Posted on 2014-04-15
6
588 Views
Last Modified: 2014-04-16
I built an Access 2010 front-end application that connects via ODBC linked tables to MS SQL Server which is hosted online. My customer is happy with the database in general but has become concerned with a perceived risk from hackers that might be able to grab/sniff his login credentials to the SQL Server while using this database on public wifi networks, etc.

What are my options for making this database configuration more secure? I have researched this online some, but I'm not coming away with anything that I really understand.

Thank you,
Riverwalk
0
Comment
Question by:RiverWalk
  • 2
  • 2
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:jadedata
jadedata earned 250 total points
Comment Utility
My projects are launched from behind client firewalls via VPN or secure (as secure as their IT departments have made them) connections.  My clients can VPN in from airports and cafes all they like.

I suggest that a secure connection be required to start the front end, perhaps by putting up a terminal or application server as I have done on all of my projects in the last 15 years.  Virtualization technology has made this alot easier and cheaper to do.

If the client is so concerned ... what are they doing logging into a suspect connection from a public zone.

Just because you CAN do a thing, does not mean you SHOULD do a thing
0
 
LVL 57

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 250 total points
Comment Utility
As has been said, most connections are done over a VPN (Virtual Private Network), which is an encrypted form of communications.

But if your not using VPN's, then you'll want to make sure SQL Server is configured to use SSL (Secure Sockets Layer).

This is a form of encryption that occurs over TCP/IP connections and anything that is transmitted is not visible.

This is what is used with web sites when you use a URL starting with https and see the little lock icon in your web browser.

Jim.
0
 

Author Comment

by:RiverWalk
Comment Utility
jadedata - Thank you for the info. I am a little confused about how VPN works. Are your clients opening an MS Access front-end that resides on their local hard drive or are they connecting to another PC and using Access remotely, on another PC?

Thank you,
Riverwalk
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 32

Expert Comment

by:jadedata
Comment Utility
the MDB/AccDB is located on a virtual server with a copy set aside in a user folder on the Virtual Svr on a MS Application server.  The user can't even see it until they are securely behind the firewall
0
 

Author Comment

by:RiverWalk
Comment Utility
JDettman - Thank you for your response.  Is there something that I also configure in the ODBC connection to make this work? And so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?

Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.

Thank you,
Riverwalk
0
 
LVL 57

Expert Comment

by:Jim Dettman (Microsoft MVP/ EE MVE)
Comment Utility
<<Is there something that I also configure in the ODBC connection to make this work? >>

  You configure it on the client side or on the server side.  For details on all that, you can refer to this:

How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
http://support.microsoft.com/kb/316898

<<so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?>>

 That is correct.  It will all be encrypted.

<<Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.>>

  Yes.

 Same is true with VPN.   A VPN is a defined point to point tunnel over public connections.  

 It's typically used for remote users when they need to reach a specific network (like the one in your office).   All VPN traffic is encrypted, so if your using VPN's, you would not need to use SSL on top of that.  

 Besides the encryption, VPN gives users access to network resources, such as shared drives, printers, etc.   It's as if you walked into the office, plugged your laptop into a network port, and were on the office network.

 SSL doesn't give you that.   It only gives you a secure connection from one point to another, and the points don't have to be predefined.

 For example, I can have an SSL connection with Google, and then a few minutes later have one with Amazon.  But I can't see any of the computers, printers, etc on Amazon's or Google's network.

Jim.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

When you are entering numbers in a speadsheet, and don't remember what 6×7 is, you just type “=6*7" instead. It works in every cell! This is not so in Access. To enter the elusive 42 in a text box, you have to find a calculator, and then copy the re…
In Debugging – Part 1, you learned the basics of the debugging process. You learned how to avoid bugs, as well as how to utilize the Immediate window in the debugging process. This article takes things to the next level by showing you how you can us…
Using Microsoft Access, learn some simple rules for how to construct tables in a relational database. Split up all multi-value fields into single values: Split up fields that belong to other things into separate tables: Make sure that all record…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now