Notify of login over WAN (security) (1 Viewer)

[ironfelix717]

Hi all,

I have a personal split DB that has proprietary information in. (Lets not go down the rabbit hole of integrity of Access secuirty) or any other hypotheticals related to security.

Let's say in the event that a hacker compromises this database and steals the file, I would like to at least be informed that my DB was stolen. Therefore, I would like to somehow implement a script that notifies me of a login. For example, sends me an email with PC name, maybe some other info that would be helpful is discovering the hacker. But ultimately, the idea is to simply be informed that a login occured that was not me (not on my network or PC). Nothing more or less. This would obviously check for active internet connection, etc. All of that i can work out.

What I dont know is what sort of script would achieve this. The solution would have to be free and light enough that it would not require any additional references on said hackers client.

Perhaps I can make a dummy email account and send the login details from that account to my actual email? Just trying to get ideas.

Thanks a lot!

 

[theDBguy]

Just an idea... make the database for Internet connection and quit if not connected. With Internet connection, you can host a website where the app could post the hacker's info.

 

[arnelgp]

steals the file

steal the db?

you can modify the db, to instead of Display a Message, Send an Email to you.
the first time you open the db, it saves the Harddisk serial.
so when somebody "steal" the db and use on his machine, it will fail
since it check the saved serial against the computer serial.

 

[The_Doc_Man]

In the case where the hypothetical hacker logged into your system and somehow got IMPERSONATE privilege, you would never notice it and would have limited reason to even realize that you needed a second look.

If the person didn't use any Windows privilege but had some other vector to get in, if s/he actually LAUNCHED the app, you could try to test the connection. We have had many threads here on the subject of detecting the hardware aspects of the socket and how difficult that really is. There are some things you can do that would involve launching something from the CMD prompt with the >filename redirection. The WMI interface also has some useful options. However, it is very hard to do this without being noticed. (I'm assuming you want this test to be stealthy.)

If it was done via VPN in order to maintain anonymity, I think the party's over right there. A VPN hides nearly everything. The biggest stumbling block is "free and light" when you have to try to drill down through the network drivers to figure out that your user is doing something illicit.

In the case where the hypothetical hacker just flat-out copied the DB without first launching it (perhaps a monolithic DB, OR the theft of two files - a FE and a BE), I suggest that it might just be a gone pecan, because your stolen DB would have to send your mail message through an SMTP gateway if you tried to use CDO (about as lightweight as it gets), and it is possible for a hacker to prevent mail from being sent through a specific program (once the file(s) have been stolen.) Which means you would have to try to activate a browser, and that might lead you down another garden path to figure out which browser you are using so you would know how to send something SILENTLY. Unfortunately, the network automation depends on which browser you are using (to at least some extent), which greatly complicates matters.

The biggest part of the problem is Windows itself, which is designed to block surreptitious image launches. Oh, you CAN do it, but it takes extra work and it is possible to set a Windows Policy that would absolutely block "silent" launches such as you might need to web-mail something.

In summary, about the best path I've seen here involves the WMI interface as a source of connection data. You might wish to search the forum for network connection topics.

 

[gemma-the-husky]

It's a bit late, but 3 things you can do

First. release your database as an acccde/mde rather than a accdb/mdb so there is no code.
Second. Consider using something like this code protector to make disassembly less useful
Code Protector for Microsoft Access - Protect the VBA source code from being reverse engineered from your MDE and ACCDE files (everythingaccess.com)
Third. Include some judicious startup code to limit use of the database to properly licenced users

These together make the database less helpful to anyone who acquires a copy.

 

[Pat Hartman]

There is nothing your application can do if someone copies the files. It would have no way of knowing that it happened.

I would look at encryption for both the FE and BE. Then when the client installs the app, you include something in a table in the BE like the hard drive id for each user ID. Every time the app opens, it should compare the stored ID to the current one and refuse to open if they are different. Since it is possible to replace a HD, you might include code to allow an override and store the new value.

Since we all know that Jet/ACE are inappropriate for storing sensitive information, perhaps you have some responsibility to convince the client to move the BE to SQL Server.