Results 1 to 9 of 9

Thread: Protecting files from theft

  1. #1

    Thread Starter
    Lively Member
    Join Date
    Nov 2019
    Posts
    94

    Protecting files from theft

    I have created a number of propriety applications that live on the company server.

    When a user requests an update, all these files are copied to their hard drive so that when they are off line, they can run the programs.

    A concern exists that unauthorized persons gain access to these files, perhaps by copying on to an authorized computer.

    I am wondering if their is some kind of time stamp that can be stored in the registry that each program can check if it exists and if it does, if it has expired. Each time an authorized user logs on to the server that timestamp would be updated for with a 30 day increment from the present day.

    Can this be done?

    Any other thoughts?

    Thanks
    Richard

  2. #2
    Hyperactive Member
    Join Date
    Sep 2004
    Posts
    474

    Re: Protecting files from theft

    Quote Originally Posted by Richard Friedman View Post
    I have created a number of propriety applications that live on the company server.

    When a user requests an update, all these files are copied to their hard drive so that when they are off line, they can run the programs.

    A concern exists that unauthorized persons gain access to these files, perhaps by copying on to an authorized computer.

    I am wondering if their is some kind of time stamp that can be stored in the registry that each program can check if it exists and if it does, if it has expired. Each time an authorized user logs on to the server that timestamp would be updated for with a 30 day increment from the present day.

    Can this be done?

    Any other thoughts?

    Thanks
    Richard
    It can be yes. However this is easily defeated by them manually changing the registry and updating the value.

    A much better solution would be:
    When the program loads, create a computer fingerprint (some combination of MAC addresses, processor serial numbers, and/or other unique identifiers) and hash that into a value.
    When a user logs in for the first time on a new PC, use two factor authentication (send email or text with a code).
    Once the user has logged in with the two factor auth, store that fingerprint hash in the user database as a "known PC" (you can choose to allow multiple known PC's per user or not).
    On future logins, check the current PC fingerprint hash against known PC hashes in the database for that user and if there is a match they log in, if not then require two factor auth again.

    This is very difficult to defeat without having access to the users email and or text messages.

  3. #3
    Frenzied Member
    Join Date
    Nov 2017
    Posts
    1,459

    Re: Protecting files from theft

    Quote Originally Posted by Maverickz View Post
    It can be yes. However this is easily defeated by them manually changing the registry and updating the value.

    A much better solution would be:
    When the program loads, create a computer fingerprint (some combination of MAC addresses, processor serial numbers, and/or other unique identifiers) and hash that into a value.
    When a user logs in for the first time on a new PC, use two factor authentication (send email or text with a code).
    Once the user has logged in with the two factor auth, store that fingerprint hash in the user database as a "known PC" (you can choose to allow multiple known PC's per user or not).
    On future logins, check the current PC fingerprint hash against known PC hashes in the database for that user and if there is a match they log in, if not then require two factor auth again.

    This is very difficult to defeat without having access to the users email and or text messages.
    The OP indicated that this is to be used on remote devices in an offline mode, so there wouldn't be a connection back to the server to perform the bolded action.

  4. #4
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    5,885

    Re: Protecting files from theft

    I would suggest to better fix the network authorization of the users rather than creating fingerprints.
    If an unauthorized person gains access by copying to an authorized computer then you have much more to worry about than the files.
    .

  5. #5
    Hyperactive Member
    Join Date
    Sep 2004
    Posts
    474

    Re: Protecting files from theft

    Quote Originally Posted by OptionBase1 View Post
    The OP indicated that this is to be used on remote devices in an offline mode, so there wouldn't be a connection back to the server to perform the bolded action.
    I did miss that part.

    Well something similar could still be done. When the authorized user logs into the server, create the fingerprint hash (if one doesn't already exist) and store that in the local registry. On Load have the program check the current PC fingerprint against that stored fingerprint. If they match show the form, if not throw an error and close.

    Again, hard to defeat because even if they copy the program and the registry key to another PC, the key won't match the new PC. So without knowing exactly what the source string was and how it was hashed they can't create a proper hash for the new PC themselves.

    Some additional points:
    If the data files that these applications use are not encrypted this may or may not all be moot anyway. Depends on what they are and what they contain.
    Additional security steps could include making sure the hard drives are encrypted themselves, as well as using Domain policy to make USB ports read only (can't copy data to USB sticks). These will make it harder for someone to get the software.
    Last edited by Maverickz; Apr 8th, 2021 at 02:57 PM.

  6. #6
    Hyperactive Member
    Join Date
    Sep 2004
    Posts
    474

    Re: Protecting files from theft

    Quote Originally Posted by sapator View Post
    I would suggest to better fix the network authorization of the users rather than creating fingerprints.
    If an unauthorized person gains access by copying to an authorized computer then you have much more to worry about than the files.
    I agree always logging in would be preferred, but if these are remote techs using them or something that may not always be possible.

  7. #7
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    5,885

    Re: Protecting files from theft

    We are at lockdown right now.
    I'm logging to my job and I have specific rights. I have admin rights to most of our servers and access to most of our files.
    We have a couple of thousand people login to the same network that have rights to specific files and folders.
    Even if they try and log in to my remote PC (they can't but let's say,if) with there account, they still cannot gain access to my files.

    So I don't have an answer on protecting files the way he asks because there is no need to protect the files that way and that should always be the case in a company.
    I'm not bashing or anything but this is the way to go if you think you are in real danger but, OK another way , rar the files with password.
    .

  8. #8
    Karen Payne MVP kareninstructor's Avatar
    Join Date
    Jun 2008
    Location
    Oregon
    Posts
    6,557

    Re: Protecting files from theft

    For proper protection consider purchasing this which many companies do. A random suggestion and if you search the web you will find others. Bottom line, a software developer should focus on coding and not writing their own protection if the software is valuable is worthy of proper protection.

    Also, if your company has network engineers that have setup monitoring of file activities ask them about filtering for anyone copying these files and get alerts and if needed take actions.

    Lastly, what level of protection is dependent on how savvy users are in the company. And finally have employees sign an agreement paper or digital that they will not copy said files etc.

  9. #9
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    5,885

    Re: Protecting files from theft

    Quote Originally Posted by kareninstructor View Post
    And finally have employees sign an agreement paper or digital that they will not copy said files etc.
    That one made me giggle, because it does not really apply in Greece. Here we have a WYSIWYG on file copying policy so we double protect stuff just to be sure
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width