Posted Oct 29, 2005 11:09 am CDT
At the time, Simek, a computer security expert and vice president of Sensei Enterprises in Fairfax, Va., said he had not seen such code used to disable a computer in his work. But he got a surprise six months later when he found that a client’s firewall had been disabled by a hacker in a similar manner. “I just hope I didn’t give anyone the idea,” he says.
Law firms have become increasingly aware that they need digital security. According to the 2005 ABA Legal Technology Survey, 71 percent of firms reported using a computer–called a hardware firewall–that monitors and blocks suspicious Web traffic. That figure was up from 49 percent in 2002. A full 92 percent of firms reported having anti-virus software in use, and the use of firewall software–less expensive but also less effective than a hardware firewall–rose from 43 percent to 66 percent since the last annual survey.
Lawyers who use firewalls usually assume that their software is quietly chugging away in the background, and that they are safe. However, some hackers have found ways to turn off firewalls and other security software. And then there’s adware–software that is automatically downloaded onto a computer and may display pop-up ads or send messages back about the computer’s use (also known as spyware). Some adware companies are petitioning and threatening legal action to get their products removed from the databases of spyware and adware detection software packages. That could mean your anti-virus software might not be as robust as advertised.
The biggest danger is that if a firewall is compromised, someone could get into a computer system and get a copy of everything stored there. It is even possible to surreptitiously steal information as it is being typed. Earlier this year, Israeli police arrested the leaders of an industrial spy ring that allegedly used such software, known as a Trojan horse, to snoop into some of the country’s leading companies.
“If it’s done really well, it’s hard to find,” says David Ries, a partner with Thorp Reed & Armstrong in Pittsburgh and chairman of the firm’s technology committee. “I hate to say it, but there’s almost no defense once it’s on your system.”
The threat is very real, even though many firms seem not to recognize it. According to the Legal Technology Survey, 11 percent of law firms were aware that they had been attacked by hackers, but another 33 percent weren’t able to tell whether they had been hacked. And it should always be kept in mind that a well-planned security system is very difficult for hackers to break into. “A firewall tends to be rock-solid once it’s configured properly,” Simek says.
To properly configure firewalls and Internet security equipment, it is important to change the default settings. Using a product as it comes from the manufacturer makes it easier for hackers to gain entry. If a firm doesn’t have an in-house information technology staff, it is worthwhile to bring in a consultant who can change things like default password settings or which server ports are used to get online.
A firewall for a large office, installed and maintained by an outside vendor, can cost as much as $100,000. One can also be built with free software available on the Internet. Companies like Cisco make hardware firewalls that start under $1,000. Software packages from companies like Symantec or McAfee cost less than $70 for firewall and anti-virus protection, and can be used to detect infections, remove them and protect against new infections for one or more PCs.
Anti-virus software that guards against e-mail computer viruses is available for around $70, or less if a large office buys the software in bulk for the computers it owns. Internet service providers such as AOL, MSN and SBC Yahoo offer free anti virus protection, but while better than nothing, it offers only very basic protection.
More and more law firms are using remote access methods like virtual private networks to let workers log in from home. However, VPNs open gateways through a company’s firewall to let employees in and can be exploited by outsiders. If a firm uses a VPN, it should again make sure to change the default settings.
Small firms that want remote access but can’t afford expensive firewalls can use their Windows server’s native encrypted channel, which scrambles the message so only the intended recipient can read it. Simek says it also helps to get a fixed Internet address. Most PCs use a different Internet address every time they go online. By using a fixed address, a VPN will be more secure because it can screen all Internet addresses except ones known to belong to the firm.
Experts say it is important to have at least one piece of anti-spyware software like PestPatrol, or even free software like Ad-Aware, but it is better to use at least two, since not all programs catch everything. And even while using anti-spyware software regularly, it is useful to look for clues that a malicious program has infected a computer. Look for things like an unusually slow-working machine or unidentifiable icons in the system tray. (For Windows, that’s in the bottom right corner of the screen).
However, security experts also warn that hackers and computer viruses can get around security software and hardware, especially if it’s not kept up to date. If a law firm doesn’t check for updates from a manufacturer, a system is as good as useless.
“[Recently,] Cisco put up a notice of a vulnerability in the software in all of its routers,” Simek says. “If you were not a subscriber, or you neglect that notice, your whole network is wide open to attack.”