Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft ® Office Access ® 2003 Training Introduction to security Your STS, Tom Redd, presents:

Published byEmory Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft ® Office Access ® 2003 Training Introduction to security Your STS, Tom Redd, presents:"— Presentation transcript:

1 Microsoft ® Office Access ® 2003 Training Introduction to security Your STS, Tom Redd, presents:

2 Introduction to security Course contents Overview: Take steps to protect your data Lesson 1: Viruses, dangerous code, and the macro security level Lesson 2: Access sandbox mode Lesson 3: Working with digitally signed files One lesson includes a list of suggested tasks, and all have a set of test questions.

3 Introduction to security Help protect your data and your computer from intruders, corruption, and loss. Start by using antivirus software. Also: Overview: Take steps to protect your data Choose an appropriate macro security level. And work with digitally signed files. Enable an important Microsoft Office Access environment called sandbox mode.

4 Introduction to security Course goals Change the Access macro security level and options to the settings that work best for you. Understand the security warning messages you'll encounter in Access and how to work with them to help protect your data. Install and enable sandbox mode, and see how it helps you work more safely in Access.

5 Lesson 1 Viruses, dangerous code, macro security levels

6 Introduction to security Viruses, dangerous code, macro security levels Whether you are a home user or part of a large organization, losing your data or suffering from computer downtime can cost you valuable time and money. Learn about potential security risks and how to help prevent them.

7 Introduction to security Viruses, dangerous code, macro security levels Running antivirus software and being careful about which files you open can help protect you.

8 Introduction to security Viruses, dangerous code, macro security levels Your database or computer can be attacked or damaged by many sources: Viruses attached to files and e-mail messages Files downloaded from the Web Network worms Programming code that uses commands available inside Access

9 Introduction to security About viruses and dangerous code Viruses are destructive programs that can act as program files, or attach themselves to innocent- looking files and corrupt them. Viruses and dangerous code have many sources.

10 Introduction to security About viruses and dangerous code Computer viruses and malicious (destructive) code can corrupt your data or even take control of your computer. Viruses and dangerous code have many sources.

11 Introduction to security About viruses and dangerous code Antivirus software can help detect viruses and stop them in their tracks before they can run. But you need to work as a team with your antivirus program to achieve the best results: Keep your antivirus software up to date. Manually scan downloaded files. Be careful about which files you open or run. Viruses and dangerous code have many sources.

12 Introduction to security About viruses and dangerous code Dangerous code is not necessarily a virus, but can consist of powerful commands that may exist in an Access file you open — in its objects (such as queries, forms, reports, and macros) or in its Microsoft Visual Basic ® for Applications (VBA) modules. Viruses and dangerous code have many sources.

13 Introduction to security About viruses and dangerous code You can prevent some potentially dangerous code from running by running Access in sandbox mode, which is strongly recommended. Viruses and dangerous code have many sources.

14 Introduction to security How the macro security levels work Access features three different macro security levels that control what happens when you first try to open a database file and what can then happen while you have that database open. These levels are: Security dialog box High Medium Low

15 Introduction to security How the macro security levels work Security dialog box To set the macro security level in Access, click an option on the Security Level tab of the Security dialog box.

16 Introduction to security How the macro security levels work At the High macro security level, you cannot open any file in Access unless it is digitally signed. Security dialog box The effect for each security level setting is as follows: You get this message.

17 Introduction to security How the macro security levels work Security dialog box At the Medium macro security level, Access prompts you with a message when you first open a file. This message warns you that the file could contain code that might damage your computer or data, and gives you the choice of opening the file.

18 Introduction to security How the macro security levels work At the Low macro security level, you can open any database file in Access without being prompted. We recommend that you never use the Low macro security level. Security dialog box

19 Introduction to security More about the macro security level The macro security level for each Microsoft Office program is independent of all other Office programs.

20 Introduction to security More about the macro security level Choose one of the three macro security levels that fits your work environment. In Access, it is recommended that you choose High.

21 Introduction to security More about the macro security level If you need to work with unsigned files from other sources, you can use the Medium macro security level. Always examine such files and sources carefully before choosing to enable any macros. Change back to High when you no longer need to use the Medium level.

22 Introduction to security More about the macro security level If you use only your own files in Access, you should self-sign these files and use the High macro security level.

23 Introduction to security More about the macro security level We routinely use phrases such as “help protect” or “probably feel safe” because there’s no such thing as absolute security. But you can greatly decrease the chance of a catastrophic security breach by doing the following:

24 Introduction to security More about the macro security level Use common sense Run antivirus software Choose strong security options Work with digitally signed files

25 Introduction to security If you don’t see the Security command The Security command, on the Macro submenu To change the macro security level in Access, use the Security command. On the Tools menu, select the Macro submenu.

26 Introduction to security Suggestions for practice 1.Change the macro security level to High. 2.Change the macro security level to Medium. Online practiceOnline practice (requires Access 2003)

27 Introduction to security After you complete the practice We strongly recommend that you run Access at the High macro security level. After completing the practice, make sure that you set the macro security level to High. If you need to work with unsigned files from other sources, you can use the Medium macro security level to do that; however, you should always examine such files and sources carefully before choosing to enable any macros, and change back to High when you no longer need to use the Medium macro security level. If you use only your own files in Access, you should self-sign your files and use the High macro security level.

28 Introduction to security Test 1, question 1 In Access, using the Low macro security level will protect you against: (Pick one answer.) 1. Dangerous code embedded in your VBA modules. 2. Computer viruses infecting your database. 3. Nothing.

29 Introduction to security Test 1, question 1: Answer Nothing. We strongly recommend that you avoid using the Low security level in all cases.

30 Introduction to security Test 1, question 2 You change the macro security level in Access by: (Pick one answer.) 1.Clicking either OK or Cancel in the dialog box when you open a file. 2. Setting the level in the Security dialog box. 3. Selecting a startup option.

31 Introduction to security Test 1, question 2: Answer Setting the level in the Security dialog box. It's an option you set once; then it's applied every time you use Access.

32 Introduction to security Test 1, question 3 By using common sense, running antivirus software, choosing strong security options, and working with digitally signed files, you should feel completely secure when working in Access. (Pick one answer.) 1. True. 2. False.

33 Introduction to security Test 1, question 3: Answer False. By taking this course, you are on your way to working more securely in Access, but absolute security is never a certainty.

34 Lesson 2 Access sandbox mode

35 Introduction to security Access sandbox mode For an additional layer of safety while working in Access, you can run the program in sandbox mode. Running in sandbox mode helps ensure that any potentially dangerous commands that could be run from an Access expression will be blocked.

36 Introduction to security How sandbox mode protects your computer In Access, it’s possible to run dangerous VBA code in expressions — strings of instructions that Access can use to perform operations on your database. Sandbox mode protects against harmful commands

37 Introduction to security How sandbox mode protects your computer Delete files Change file attributes Start other programs Change Access settings Change environment settings (such as the PATH statement) Potentially dangerous expressions can include commands and properties that could: Sandbox mode protects against harmful commands

38 Introduction to security How sandbox mode protects your computer Sandbox mode protects against harmful commands Running Access in sandbox mode helps prevent dangerous code from being run in expressions.

39 Introduction to security The Jet 4.0 Service Pack 8 update To run Access in sandbox mode, first install the Service Pack 8 (SP8) update for Microsoft Jet 4.0. Jet 4.0 is a program that Access uses behind the scenes for many of its operations, such as running queries and updates.

40 Introduction to security The Jet 4.0 Service Pack 8 update Jet Database Engine 4.0 Service Pack 8 (SP8) is part of a critical Windows update. On Microsoft.com, click Windows Update in the left column. Install all high-priority and critical Windows updates. To install the update:

41 Introduction to security The Jet 4.0 Service Pack 8 update Before you do this, determine if the Jet 4.0 SP8 update is already installed on your computer. Look in the Add or Remove Programs section of Control Panel. If you have installed the Service Pack 2 (SP2) update for Windows XP, make sure that the Show updates check box is selected at the top of the Add or Remove Programs window.

42 Introduction to security The Jet 4.0 Service Pack 8 update If you find the Windows Hotfix KB837001 or KB829558, the Jet 4.0 SP8 update has been installed. Before you do this, determine if the Jet 4.0 SP8 update is already installed on your computer.

43 Introduction to security The Jet 4.0 Service Pack 8 update Important: Remember that this update to the Jet engine is a vital part of security in Access, and should be installed for every computer that runs Access.

44 Introduction to security After you have installed the Jet update When you start Access for the first time after installing the Jet 4.0 SP8 update, and Access is set to either the Medium or High macro security level, you will see the message shown on the left. Click Yes to block unsafe expressions and run Access in sandbox mode. Click Yes to block unsafe expressions.

45 Introduction to security After you have installed the Jet update Assuming that you are running Access at the High or Medium macro security level, you're all set — and you should not see any more messages about sandbox mode unless you change the macro security level and explicitly choose to allow blocked expressions. Click Yes to block unsafe expressions.

46 Introduction to security After you have installed the Jet update If your macro security level is set to Low, you won't be prompted about blocking unsafe expressions when you start Access for the first time after installing the Jet update. Click Yes to block unsafe expressions. Only when you change the macro security level to Medium or High will you see the message shown on the left. Change your macro security level to Medium or High, and then click Yes to block unsafe expressions.

47 Introduction to security After you have installed the Jet update While this message does not actually mention "sandbox mode" at all, just understand that choosing to block unsafe expressions is sandbox mode. Click Yes to block unsafe expressions. By clicking Yes, you are choosing to block unsafe expressions and therefore to run Access in sandbox mode.

48 Introduction to security Test 2, question 1 Sandbox mode can best be described as an environment where: (Pick one answer.) 1.Access and other Office programs can work safely with each other. 2.Interaction between Access and any other Office program is not allowed. 3.Certain potentially dangerous commands cannot be run from Access.

49 Introduction to security Test 2, question 1: Answer Certain potentially dangerous commands cannot be run from Access. Sandbox mode prevents certain potentially destructive commands from running in Access.

50 Introduction to security Test 2, question 2 Sandbox mode is related to the macro security level in the following way: (Pick one answer.) 1.There is a one-to-one correspondence between the state of sandbox mode and the macro security level. 2.Changing the macro security level lets you decide whether sandbox mode is enabled. 3.If your macro security level is set to High, sandbox mode must be enabled.

51 Introduction to security Test 2, question 2: Answer Changing the macro security level lets you decide whether sandbox mode is enabled. When you change the macro security level from Low to either Medium or High, Access will ask you if you want to block unsafe expressions by running Access in sandbox mode.

52 Introduction to security Test 2, question 3 Running Access in sandbox mode will prevent: (Pick one answer.) 1.Many dangerous commands from running in expressions. 2. Many dangerous macro commands from running. 3. Dangerous VBA code from running.

53 Introduction to security Test 2, question 3: Answer Many dangerous commands from running in expressions. For example, you can't delete files, format your hard disk drive, or rename folders.

54 Lesson 3 Working with digitally signed files

55 Introduction to security Working with digitally signed files Wondering which data you can trust? Wondering how you can verify the integrity of the files that you open? Working only with digitally signed files is a good practice that can help protect your database environment. A digital signature helps assure who originated and signed that file.

56 Introduction to security About digital signatures and trusted publishers Digital signatures can be issued by a “certificate authority.” A certificate authority is a third-party organization that issues certificates used to digitally sign files. Digital certificate: Can you trust it?

57 Introduction to security About digital signatures and trusted publishers You can also create digital certificates for your own use or for use within a small, closely trusted group. These are called “self-signed certificates.” Digital certificate: Can you trust it?

58 Introduction to security About digital signatures and trusted publishers When you explicitly trust a particular signer of files, you can add that person or company to your computer as a “trusted publisher.” Digital certificate: Can you trust it? A trusted publisher is someone who is known by you or by your company to be reputable.

59 Introduction to security About digital signatures and trusted publishers Although an entity (such as a software company or a consultant) may have a digital certificate from a certificate authority, that certificate means nothing until you do one of the following: Digital certificate: Can you trust it?

60 Introduction to security About digital signatures and trusted publishers Open the file (Medium macro security level). Digital certificate: Can you trust it? — Or — Add the owner of that certificate to the list of trusted publishers on your computer (High or Medium macro security level).

61 Introduction to security Digital signatures and macro security level Consider two major factors when deciding whether to accept a digitally signed file: The macro security level setting in Access What actions you will take when you open the file Access warning, Medium macro security level

62 Introduction to security At the Medium macro security level, when you open a digitally signed file for the first time, you can either: Click Open, and open that file right away. — Or — Permanently add its signer to your list of trusted publishers. Access warning, Medium macro security level Digital signatures and macro security level

63 Introduction to security At the High macro security level, things are buttoned down a bit more tightly: To be opened, any file must be digitally signed (no exceptions). You must accept the digital signature and permanently add its signer to your list of trusted publishers. Digital signatures and macro security level Access warning, High macro security level

64 Introduction to security In Access, unlike most other Office programs, you can't open a file that has no digital signature at the High macro security level. Access warning, High macro security level Digital signatures and macro security level It’s different in Microsoft Excel and Word.

65 Introduction to security You can verify the authenticity of a digital signature by inspecting its certificate through your Web browser. The unsigned file warning, High macro security level Digital signatures and macro security level

66 Introduction to security Summing it up: The safer, the better In general, when you receive a digitally signed file from a trusted entity, you can feel reasonably confident the file is safe. This is primarily due to two things: Has this Access file lost its digital signature, or has it never been signed?

67 Introduction to security Summing it up: The safer, the better To digitally sign a file, you must have what is known as the "private key" for the signature — the private key allows you to add its unique signature to a file. Has this Access file lost its digital signature, or has it never been signed? Thus, if someone without the private key changes a signed file by making potentially dangerous changes, the digital signature will become invalid and will be removed from the file.

68 Introduction to security Summing it up: The safer, the better Caution: At the Medium macro security level in Access, when you open a digitally signed file that has lost its signature, the standard security warning message for the Medium level displays (see the picture at left), as if the file had never been signed at all. Has this Access file lost its digital signature, or has it never been signed? Exercise great care when you consider opening any file that's not signed.

69 Introduction to security Summing it up: The safer, the better Before you open a file that has lost its signature, you should exercise extreme caution. You can: Run a virus scan Notify the publisher that the signature for the file is no longer valid — Or — Retrieve a backup version of the file Has this Access file lost its digital signature, or has it never been signed?

70 Introduction to security Summing it up: The safer, the better In summary, at the Medium and High macro security levels, when you open a file that has a digital signature from a trusted publisher, you won’t be prompted with any security warnings. Has this Access file lost its digital signature, or has it never been signed? If you do see a warning, this indicates the file may have been changed by an unauthorized party or is corrupted.

71 Introduction to security Summing it up: The safer, the better It is recommended that you operate at the High macro security level. Has this Access file lost its digital signature, or has it never been signed? If you need to work with unsigned files from other sources, you can use the Medium macro security level to do that.

72 Introduction to security Summing it up: The safer, the better At the Medium macro security level, when you open a file with a signature that you have not yet added as a trusted publisher, the warning message from Access should cause you to think about which files you can trust. Has this Access file lost its digital signature, or has it never been signed?

73 Introduction to security Test 3, question 1 Which of the following is true about opening files in Access? (Pick one answer.) 1.You can open all files by clearing the Only open files from the trusted publishers list check box. 2.You can selectively open a digitally signed file by adding the file to the trusted publishers list. 3.You can open only digitally signed files from a trusted publisher at the High macro security level.

74 Introduction to security Test 3, question 1: Answer You can open only digitally signed files from a trusted publisher at the High macro security level. We strongly recommend that you work in Access at the High macro security level.

75 Introduction to security Test 3, question 2 To selectively open digitally signed files, you would: (Pick one answer.) 1.Run Access at the High macro security level after adding the file’s signer as a trusted publisher. 2.Run Access at the Medium macro security level, but not add the file's signer as a trusted publisher. 3.Run Access at the Medium macro security level after adding the file’s signer as a trusted publisher.

76 Introduction to security Test 3, question 2: Answer Run Access at the Medium macro security level, but not add the file's signer as a trusted publisher. Although the High macro security level is the most secure, the Medium level does allow you more flexibility about which files to open.

77 Introduction to security Test 3, question 3 One reason why you might want to work only with digitally signed files is: (Pick one answer.) 1.You can choose to run Access safely at the Low macro security level. 2.You can choose to run Access at the High macro security level, where a digital signature is required to open any file. 3.You can have complete confidence that all digitally signed files are safe.

78 Introduction to security Test 3, question 3: Answer You can choose to run Access at the High macro security level, where a digital signature is required to open any file. Working in Access at the High macro security level and requiring digital signatures help make your computer and your database files more secure.

79 Introduction to security Test 3, question 4 When code in a digitally signed file is changed by a user without the private key: (Pick one answer.) 1.Access warns the next user who opens the file that it has been changed by an unauthorized user. 2.Access won’t open the file until it is re-signed. 3.Access removes the signature from the file, and you can't open it at the High macro security level.

80 Introduction to security Test 3, question 4: Answer Access removes the signature from the file, and you can’t open it at the High macro security level. In addition, at any macro security level, Access treats the file as if it was never signed.

81 Introduction to security Quick Reference Card For a summary of the tasks covered in this course, view the Quick Reference Card. Quick Reference Card

82 USING THIS TEMPLATE See the notes pane or view the full notes page (View menu) for detailed help on this template.

Download ppt "Microsoft ® Office Access ® 2003 Training Introduction to security Your STS, Tom Redd, presents:"

Similar presentations

Microsoft ® Office Outlook ® 2003 Training Outlook can help protect you from junk e-mail Upstate Technology Services presents:

Microsoft ® Office Outlook ® 2003 Training Outlook can help protect you from junk Upstate Technology Services presents:
®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Microsoft ® Office Word 2007 Training Header and footer basics Sweetwater ISD presents:

Microsoft ® Office Word 2007 Training Header and footer basics Sweetwater ISD presents:
Microsoft ® Office Outlook ® 2007 Training Retrieve, back up, or share messages Sweetwater ISD presents:

Microsoft ® Office Outlook ® 2007 Training Retrieve, back up, or share messages Sweetwater ISD presents:
Microsoft® Access® 2010 Training

Microsoft® Access® 2010 Training
Microsoft ® Office Access ® 2007 Training Build a database II: Create tables for a new Access database GPC presents:

Microsoft ® Office Access ® 2007 Training Build a database II: Create tables for a new Access database GPC presents:
Microsoft ® Office Outlook ® 2007 Training Manage your mailbox IV: Archive old messages P J Human Resources Pte Ltd presents:

Microsoft ® Office Outlook ® 2007 Training Manage your mailbox IV: Archive old messages P J Human Resources Pte Ltd presents:
Microsoft ® Office 2003 Training Security in Office CGI presents:

Microsoft ® Office 2003 Training Security in Office CGI presents:
Microsoft ® Office Training Get up to speed with the 2007 system presents:

Microsoft ® Office Training Get up to speed with the 2007 system presents:
Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:
Microsoft ® Office Access ® 2007 Training Easy Access with templates I: Create a database susanguggenheim-is.com presents:

Microsoft ® Office Access ® 2007 Training Easy Access with templates I: Create a database susanguggenheim-is.com presents:
Benchmark Series Microsoft Excel 2013 Level 2

Benchmark Series Microsoft Excel 2013 Level 2
Tutorial 7: Developing an Excel Application

Tutorial 7: Developing an Excel Application
Tutorial 8: Developing an Excel Application

Tutorial 8: Developing an Excel Application
Microsoft ® Office PowerPoint ® 2003 Training Package to a CD Your STS, Tom Redd, presents:

Microsoft ® Office PowerPoint ® 2003 Training Package to a CD Your STS, Tom Redd, presents:
Microsoft ® Office Word 2007 Training Headers and footers for document sections [Your company name] presents:

Microsoft ® Office Word 2007 Training Headers and footers for document sections [Your company name] presents:
Microsoft ® Office Word 2007 Training Table of Contents II: Customize your TOC [Your company name] presents:

Microsoft ® Office Word 2007 Training Table of Contents II: Customize your TOC [Your company name] presents:
Lesson 13 PROTECTING AND SHARING DOCUMENTS

Lesson 13 PROTECTING AND SHARING DOCUMENTS
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Similar presentations

Ads by Google