UNIT 4 Security Protocols
Seminar Topics Assignments this week Metadata – what is it? Security Protocols Next week—no seminar, no discussion—MIDTERM!!!
Assignments This Week 1 seminar Discussion (1 question) (graded) Test
Why is Information Security Important? Legal professionals and clients depend on computers and technology to communicate about their cases Because of this, law offices, courts, and clients depend upon computers to keep cases moving along It’s vital that the information that is disseminated via the computer remains as secure as possible so that client confidences and not revealed
Metadata Metadata is data about data Metadata is typically hidden from average user Can disclose work product or client confidences Metadata tracks info. about documents attached to electronic file
Different kinds of Metadata System Metadata -data such as file names, size, and location Content Metadata -Information about the contents of a document.
System Metadata
Content Metadata Word Document Example
Content Metadata Word Document Example
Content Metadata Word Document Example
Metadata of IRS 1040 Form
Metadata & Social Networking Facebook: photos uploaded are “tagged” Websites in search engines use “tags” (keywords) Susceptible to malicious software Not very secure Compromises security of your address book and contact lists People aren’t always cautious about what they post # judges & attorney suspensions reported
Metadata in Photos More cameras collect large amount of potentially powerful metadata that can be viewed in Photoshop, Acrobat or Windows Much harder to remove Can be VERY useful info.
Content Metadata – how to “Scrub” Inspect for Metadata
Content Metadata Inspect for Metadata
Content Metadata Inspect for Metadata
Producing Metadata in eDiscovery Forensic data gathers all data initially, and exactly as it was on the media imaged Forensic data gathering through vendor is more expensive than in-house copying of files by client List of specialists located at: rensics.html rensics.html
Metadata in Courts Issue: whether metadata is part of public record and must be preserved by federal government when responding to requests for information filed under Freedom of Information Act (FOIA)? Government: FOIA requests to discovery in civil litigation Answer: N.Y., W.A., & A.Z. say “yes” Reason: “[C]ertain metadata is an integral or intrinsic part of an electronic part of an electronic record.” –N.Y. District Court (2/7/11)
Ethical Issues – Removing Metadata What ethical considerations do you think are involved with removing metadata in a law firm? Are there any ethical considerations for not removing it?
Security Protocols The term “security protocols” refers to securing communications between points within a computer network and across the Internet. There are software programs that can limit the ability to access a file server, workstations, printers, etc. that are on the network.
Network Rights and Privileges How can the right to access the server and other devices be limited to maximize security? First, who has access can be indicated. Network administrators have the most rights. Second, it can be designated just what type of information can be stored on the server. Third, how the information is disseminated can also be restricted.
Passwords Restricting network access by requiring passwords can add security Writing down your passwords can increase risk of unauthorized use VPN – Virtual Private Network, a secure connection to a secure network, such as the office network. This acts as a tunnel to the secure network. What about “thumbprint devices” and “retinal scans?”
Permissions A set of attributes that specifies what kind of access a user has to data or objects in a database
Firewalls Firewalls serve to limit access to a computer or a system by those outside the computer or system with unauthorized access But sometimes firewalls can prevent you from accessing some information that you need or working from an offsite location
Antivirus Plus Firewall Example (FREE)
Viruses Programs that destroy or compromise the running of computer programs and operating systems are known as computer viruses Antivirus programs work to prevent viruses from attacking a computer beforehand Some viruses can cause a computer to be completely ruined or can slow a computer’s speed
Antivirus Example
Prevention from Downloading Viruses Be careful when opening attachments on . If the source is unknown, you may not want to open or download that. Update your antivirus software frequently. Most are set to expire or have automatic updates to remind you.
I received Recently!
Windows Updates
Backing Up Data One of the most important things to remember to do is to back up your work while you are working and when you are done. USB sticks are great for storing data, but many computers also have an internal recovery system that works well too.
Data Breaches Mean More Than Bad Publicity Hannaford Brothers Co. On March 17, 2008, Hannaford announced that cyberbandits had breached its system, obtaining access to personal-financial information of nearly 4.2 million customers. Just three days after the announcement, plaintiffs' lawyers filed four class actions against Hannaford. Since then, lawyers have filed an additional 12 complaints, requiring Hannaford to defend litigation from Florida to Maine.
TJX TJX, a retailer that operates T.J. Maxx and Marshall's stores, faced a federal investigation and an onslaught of follow-on civil litigation after announcing a breach widely reported as the largest data-security breach in U.S. history where computer "hackers" stole at least 45.7 million credit and debit records.
State Laws State laws also help to guide how to proceed once a security breach has occurred. For a listing of every state’s laws on this subject, go to s_May05.pdf s_May05.pdf
Practice Questions
Practice Question # 1 ABC Law Firm has 20 associates and 5 legal assistants. Every associate and secretary has a computer that is part of a network. To make things easy, they give everyone the same password, and the password never lapses or expires. What is wrong with this?
Answer to Practice Question # 1 An outsider can readily obtain access to internal systems because password policies are weak. User accounts could be compromised and full access to network controllers can be had by some not authorized to use the network.
Practice Question # 2 Suppose the ABC law firm gave everyone in the office administrator access. What is the problem with this?
Answer to Practice Question # 2 Once on the network, any staff member could then defeat security settings and could potentially access all information on the network. Merely assigning administrator access inside the firm would not enable outside hackers unless staff gave out the information.
Practice Question # 3 As a regular part of doing business, the ABC law firm sends and receives attachments via without routinely running an antivirus program. What is wrong with this?
Answer to Practice Question # 3 Attachments sent via may carry viruses. Viruses and worms can spread quickly to large numbers of computers. An intruder finding a hole somewhere in the network could easily jump straight to the core of the system.
Do you have any questions?