|
-
Apr 8th, 2021, 11:38 AM
#1
Thread Starter
Lively Member
Protecting files from theft
I have created a number of propriety applications that live on the company server.
When a user requests an update, all these files are copied to their hard drive so that when they are off line, they can run the programs.
A concern exists that unauthorized persons gain access to these files, perhaps by copying on to an authorized computer.
I am wondering if their is some kind of time stamp that can be stored in the registry that each program can check if it exists and if it does, if it has expired. Each time an authorized user logs on to the server that timestamp would be updated for with a 30 day increment from the present day.
Can this be done?
Any other thoughts?
Thanks
Richard
-
Apr 8th, 2021, 12:38 PM
#2
Hyperactive Member
Re: Protecting files from theft
 Originally Posted by Richard Friedman
I have created a number of propriety applications that live on the company server.
When a user requests an update, all these files are copied to their hard drive so that when they are off line, they can run the programs.
A concern exists that unauthorized persons gain access to these files, perhaps by copying on to an authorized computer.
I am wondering if their is some kind of time stamp that can be stored in the registry that each program can check if it exists and if it does, if it has expired. Each time an authorized user logs on to the server that timestamp would be updated for with a 30 day increment from the present day.
Can this be done?
Any other thoughts?
Thanks
Richard
It can be yes. However this is easily defeated by them manually changing the registry and updating the value.
A much better solution would be:
When the program loads, create a computer fingerprint (some combination of MAC addresses, processor serial numbers, and/or other unique identifiers) and hash that into a value.
When a user logs in for the first time on a new PC, use two factor authentication (send email or text with a code).
Once the user has logged in with the two factor auth, store that fingerprint hash in the user database as a "known PC" (you can choose to allow multiple known PC's per user or not).
On future logins, check the current PC fingerprint hash against known PC hashes in the database for that user and if there is a match they log in, if not then require two factor auth again.
This is very difficult to defeat without having access to the users email and or text messages.
-
Apr 8th, 2021, 12:45 PM
#3
Re: Protecting files from theft
Originally Posted by Maverickz
It can be yes. However this is easily defeated by them manually changing the registry and updating the value.
A much better solution would be:
When the program loads, create a computer fingerprint (some combination of MAC addresses, processor serial numbers, and/or other unique identifiers) and hash that into a value.
When a user logs in for the first time on a new PC, use two factor authentication (send email or text with a code).
Once the user has logged in with the two factor auth, store that fingerprint hash in the user database as a "known PC" (you can choose to allow multiple known PC's per user or not).
On future logins, check the current PC fingerprint hash against known PC hashes in the database for that user and if there is a match they log in, if not then require two factor auth again.
This is very difficult to defeat without having access to the users email and or text messages.
The OP indicated that this is to be used on remote devices in an offline mode, so there wouldn't be a connection back to the server to perform the bolded action.
-
Apr 8th, 2021, 01:03 PM
#4
Re: Protecting files from theft
I would suggest to better fix the network authorization of the users rather than creating fingerprints.
If an unauthorized person gains access by copying to an authorized computer then you have much more to worry about than the files.
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Apr 8th, 2021, 02:47 PM
#5
Hyperactive Member
Re: Protecting files from theft
Originally Posted by OptionBase1
The OP indicated that this is to be used on remote devices in an offline mode, so there wouldn't be a connection back to the server to perform the bolded action.
I did miss that part.
Well something similar could still be done. When the authorized user logs into the server, create the fingerprint hash (if one doesn't already exist) and store that in the local registry. On Load have the program check the current PC fingerprint against that stored fingerprint. If they match show the form, if not throw an error and close.
Again, hard to defeat because even if they copy the program and the registry key to another PC, the key won't match the new PC. So without knowing exactly what the source string was and how it was hashed they can't create a proper hash for the new PC themselves.
Some additional points:
If the data files that these applications use are not encrypted this may or may not all be moot anyway. Depends on what they are and what they contain.
Additional security steps could include making sure the hard drives are encrypted themselves, as well as using Domain policy to make USB ports read only (can't copy data to USB sticks). These will make it harder for someone to get the software.
Last edited by Maverickz; Apr 8th, 2021 at 02:57 PM.
-
Apr 8th, 2021, 02:52 PM
#6
Hyperactive Member
Re: Protecting files from theft
Originally Posted by sapator
I would suggest to better fix the network authorization of the users rather than creating fingerprints.
If an unauthorized person gains access by copying to an authorized computer then you have much more to worry about than the files.
I agree always logging in would be preferred, but if these are remote techs using them or something that may not always be possible.
-
Apr 8th, 2021, 03:46 PM
#7
Re: Protecting files from theft
We are at lockdown right now.
I'm logging to my job and I have specific rights. I have admin rights to most of our servers and access to most of our files.
We have a couple of thousand people login to the same network that have rights to specific files and folders.
Even if they try and log in to my remote PC (they can't but let's say,if) with there account, they still cannot gain access to my files.
So I don't have an answer on protecting files the way he asks because there is no need to protect the files that way and that should always be the case in a company.
I'm not bashing or anything but this is the way to go if you think you are in real danger but, OK another way , rar the files with password.
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Apr 9th, 2021, 07:33 AM
#8
Re: Protecting files from theft
For proper protection consider purchasing this which many companies do. A random suggestion and if you search the web you will find others. Bottom line, a software developer should focus on coding and not writing their own protection if the software is valuable is worthy of proper protection.
Also, if your company has network engineers that have setup monitoring of file activities ask them about filtering for anyone copying these files and get alerts and if needed take actions.
Lastly, what level of protection is dependent on how savvy users are in the company. And finally have employees sign an agreement paper or digital that they will not copy said files etc.
-
Apr 9th, 2021, 11:41 AM
#9
Re: Protecting files from theft
Originally Posted by kareninstructor
And finally have employees sign an agreement paper or digital that they will not copy said files etc.
That one made me giggle, because it does not really apply in Greece. Here we have a WYSIWYG on file copying policy so we double protect stuff just to be sure 
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
