[vox-tech] Legal Ethics Tech Question

[Alex Mandel]

Tony Cratz wrote:
> Bob Scofield wrote:
>> I've got a dual boot laptop, but I have to use Windows for my legal work.  
>> Supposedly Windows XP has a firewall, though I've never used it.  But note 
>> that the opinion talks about having to use both a firewall and an encryption 
>> device.  So what is an "encryption device" that I can use to comply with the 
>> ethics opinion when I am using Windows Internet Explorer to connect to the 
>> web?  
> 
> 
> 	Windows firewalls are not secure. You can use other software to
> 	help be a more secure firewall. This will help to reduce the
> 	number of people who can break into your laptop as you are
> 	connected to the Internet.
> 
> 	Next I have a question, what are you using the Internet for when
> 	you are using a public WiFi connection? Or you using it to for
> 	surfing public records? Or are you using it to connect to non
> 	public web servers?
> 
> 	Second question is are you accessing your work desktop via
> 	the Internet?
> 
> 	If you are doing either of these you could be putting your
> 	clients case in question.
> 
> 	If you are connecting to your desktop (which you really should
> 	not) you must use a VPN system which supports high security
> 	by encrypting the data as it is being transfered.
> 
> 	Even if you are not accessing your desktop but are just surfing
> 	public web sites, you should be using something like TrueCrypt
> 	to encrypt your clients data on your laptop. Thus keeping it
> 	more secure when your firewall is breached.
> 
> 	In fact, why aren't you using something like TrueCrypt to store
> 	your work data on your laptop. Anyone who can gain physical
> 	access to your laptop can break into it by bypassing the
> 	password. The information on how to do so is on the web with
> 	a simple Google search.
> 
> 	If you are not currently using some form of encryption for
> 	your client records are you are at risk of
> <quote>
> violating his duties of confidentiality and competence ....
> </quote>
> 
> 							Tony
>
Ah yes, local encryption of important files would be good too. For this
there are software and hardware solutions. Note this also applies to
data stored on usb or external harddrives. You may remember some recent
Federal scandals where agency employees took home unencrypted hard
drives that were then stolen...

Make sure to use good passwords when setting up stuff like this and in
the case of things like VPN you can also use public/private keys so you
don't have to type the password, but rather an encrypted file handles
the authentication for you.

http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords

Alex