Solved Security issue in the work network (against hacker employers)

[LSDalKa]

I work in the accounting department of a big hotel complex and I have a very complex VBA script in EXCEL which saves a tremendous amount of time (especially at the end of each month that we 'close' the books). That script I have been developing it through the last years using knowledge from past jobs too. The reason I did this was to make my life easier and it is a project entirely mine having nothing to do with my job obligations.

The thing is that my employers are really pressing me to give them the script. They even passed on the wild side, threatening me indirectly that they will fire me.
Of course what they really want is (as I found out from inside sources) to take the script, sack me and hire someone 5 years younger with half the salary to just run the almost fully automated script to do the job!!

So:
1)The network is running DameWare
2)We cannot run any .exe on the pc and probably other executables
3)I am always running the script from a usb stick of mine

What I would like is some help from you guys to tell me how can I protect the script from possible hacking, and to be more exact:
1)How to encrypt/lock the files on the usb in case of physical theft?
2)How to prevent the hacking\copying of the script (through the network) at the time I am actually using it?
3)After using the script is there any chance that it stays on the disc in the form of cache or temporary files or anything like that.If it does how can I wipe the 'footprints'?

If you read this line you must have a lot of patience.
I would appreciate any answer from you guys as the annual closing of the books is in 2 weeks and the pressure is really on! (they hire staff through 1year contracts if you know what I mean)

 

[richnrockville]

LSDAlka, welcome to the windows 7 forums.
I recommend you search for a password protected folder program. That way you can put your script in a folder on your USB stick and then before you can open the folder to execute your script, they would need your password.

Other than that, why don't you password protect your VBA Excel script?

Rich

 

[doubled822]

Interesting situation you have yourself in there. As far as the security of your script, I would suggest that you purchase an AES-256 bit encrypted thumb drive. Do a google search for "encrypted thumb drives" or the like and you'll find a plethora of options. Go for the ones offering hardware-based encryption.

Since you mentioned you can run the script off of the thumb drive, continue to do so. Although I'm sure it won't take long for the IT department to catch on--it's surprising that they allow USB removable devices, let alone the ability to run VB scripts. Never leave your thumb drive unattended, and plug it in and use it only when you intend to run the script. Unplug when done. That's probably the best thing you can do.

2)How to prevent the hacking\copying of the script (through the network) at the time I am actually using it?

If you run the script, you don't have any visible code popping up on screen, correct? I don't think you'll have to worry about this. I'd have to know a little more about how the script works to provide an effective answer.

3)After using the script is there any chance that it stays on the disc in the form of cache or temporary files or anything like that.If it does how can I wipe the 'footprints'?

As far as I know, VBscripts are not cached on the local machine unless they are login scripts from a domain controller. I don't think you'll have to worry with this one either. Good luck!

 

[LSDalKa]

Thank you both!I really appreciate the response.
doubled822 you really made me feel a little bit more reassured. I think I am going to sleep better tonight
richnrockville I think it will be a piece of cake for someone who has the 'know how' to hack the password of excel vba script.
But since I don't think that I'll go to the 'buy hardware protection' with only one month and something on my contract I would like a clarification about the 'password protected folder program' cause I don't really get it (Note:no .exe can run on the pc, though I haven't tried it from the USB -not even from the HD-they just told us that on the first days)

Thank you for the welcome!I at last decided to register after the 1001st time I visited sevenforums!!!

 

[doubled822]

Thank you both!I really appreciate the response.
doubled822 you really made me feel a little bit more reassured. I think I am going to sleep better tonight
richnrockville I think it will be a piece of cake for someone who has the 'know how' to hack the password of excel vba script.
But since I don't think that I'll go to the 'buy hardware protection' with only one month and something on my contract I would like a clarification about the 'password protected folder program' cause I don't really get it (Note:no .exe can run on the pc, though I haven't tried it from the USB -not even from the HD-they just told us that on the first days)

Thank you for the welcome!I at last decided to register after the 1001st time I visited sevenforums!!!

I just thought of something--a lot of those encrypted thumb drives require an executable to be run to "unlock" the hidden/encrypted partition of the thumb drive. You may want to do some extra research on some of them to be sure.

 

[LSDalKa]

I am sure your idea will provide the best drive protection but it admittedly hurts my 'ego' to go in that direction with so litlle time on my contract.If I renew my contract this is probably the first thing I'm gonna do!
You know this is the first time in the 7 years I have in the profession that I meet so profoundly greedy managers!!!
And it is the general economic CRISIS i guess:sarc:

What about BitLocker as a free alternative?I have never tried it(I even removed it from the context menu

 

[Alejandro85]

To begin with, I would encrypt the pendrive to prevent anyone from using it. I'm using a free program called Truecrypt to do that job, it's portable and works great. Carry it in the drive, run from there and put the Excel inside the encrypted archive (remember to set a VERY good password). The Excel itself may have another, different, password. Also have CCleaner portable handy on the pendrive. It comes with an option to wipe out files securely by overwriting them (in expert hands, recover deleted files from a HDD is really easy).

If network may be a problem, you must use a good firewall. Block EVERYTHING you don't need, and only allow specific executables though specific ports, nothing more. If you're paranoid, they may try to break into your computer by the various security holes the default Windows install has, or may have installed some spyware to send info back. A firewall prevents both of those. But if they can get admin permissions when you're away, they can disable all that.

Another solution may be running the script exclusively at home, using your work computer just to start a remote session on your home PC, which contains and run the script and sends back the results. Again, if you're really paranoid, use a SSH server on your home with a private/public key authentication to avoid network sniffers and keyloggers.

And ultimately, take some legal protection. Go and register the script as your work. Then, if they get it somehow, you have the legal right to demand them for copyright violation. Optionally, you can make the script "phone home" each time it's used to get some evidence.

I'm too becoming too paranoid with security
Hope that helps.

 

[LSDalKa]

thanks alejandro for the Truecrypt solution.It seems appropriate.
In general I think you didn't get that it is the administrator of the network at work that I am afraid of, not anyone outside. Moreover we don't have internet access and we can't tweak the firewall etc, not run wipers(at least from an exe-maybe from bat I don't know).
Anyway I think I am going to try to bring my laptop at work, do the job and copy the data afterwards
However I don't know how they will react, as I have not taken my laptop at work not even once

Last Question: How strong is BitLocker protection in case of physical theft of the usb stick??

 

[doubled822]

I second TrueCrypt as a free solution. We use that at work and it is great!

Last Question: How strong is BitLocker protection in case of physical theft of the usb stick??

BitLocker offers 128- and 256-bit AES encryption. TrueCrypt gives you a bit more options, but that would definitely be sufficient. However, to use BitLocker, you'll need a computer running Windows 7 Ultimate or Enterprise to perform the initial encryption.

 

[LSDalKa]

Thanks

 

[PatrickGSR94]

I'm no expert, but could you/should you be getting legal consultation or representation regarding the possibility of someone trying to steal your work and/or fire you if you don't cooperate, or even fire you if you do cooperate?

Sounds like a sticky situation. Have you thought about looking for something else that might be "safer" and quitting what seems to be a risky position? Of course I know that may be very much impossible given the current state of employment in this country.