Embed Size (px)
Citation preview
Vermont Bar Association
Seminar Materials
2013 Solo and Small Firm Conference
3c) Security in a Brave New (Digital) World
May 16 -17, 2013
Basin Harbor Club
Vergennes, VT
Faculty:
David R. Fenster, Esq.
Kevin F. Ryan, Esq.
Practicing Law in a Brave New (Digital) World
Basic Security
Security● Physical Security
● Encryption
● Passwords
● SSL
● VPN
● 2-Step Authentication/Verification
Physical Security● Locking the office/car● Computer/Device disposal● Don't leave your device unattended and
unlocked○ Wake to password○ Win + L
● Passcodes for smart phones/tablets
Passcode on Your Phone● Set one!
● Be smart!
● Prefer longer to shorter passcode
● How to do it on an iPhone . . .
Encryption● Is the computer encrypted?
○ Trucrypt○ BitLocker○ PGP
● Is the device encrypted?○ Android○ iPhone○ iPad○ USB Drives
Passwords● Is it a common word?
● How long will it take to crack?○ Complexity○ Opportunity
Passwords● Complexity
○ Obscurity - uncommon words○ Letters○ Numbers○ Symbols○ Length○ Passphrases
Passwords Not to Use1. password2. 1234563. 123456784. 12345. qwerty6. 123457. dragon8. pu**y9. baseball
10. football11. letmein12. monkey13. 696969
14. abc12315. mustang16. michael17. shadow18. master19. jennifer20. 11111121. 200022. jordan23. superman24. harley25. 123456726. f@#kme
OpportunityHow long does the hacker have?
● Will the account lock?
● Will the device add a waiting period after a number of wrong attempts?
● Will the device wipe?
How to Hack a Password
● Asking
● Guessing
● Brute Force
Passphrases are Better● jim● james● James● James#● James#1● James is #1
Security QuestionsYour password is only as strong as your security questions
Password Don'ts
● Don't use the same password for everything
● Don't use the same password more than once
Password Keepers● LassPass
● Roboform
● Keepass
Two Factor Authentication
● Sensitive or vulnerable information may call for an additional layer of security (beyond a password)
● Facebook○ Login Approvals
Security in Data Transfer● SSL = Secure Sockets Layer
● TLS = Transport Layer Security
● https://○ Internet Explorer○ Firefox○ Chrome
● VPN = Virtual Private Network
● Antivirus
● Phishing scams○ Nigerian prince○ collection & contract enforcement scams
Miscellaneous
Practicing Law in a Brave New (Digital) World: Basic Security Some Helpful Discussions and Resources
1. How to Set a Stronger iPhone Passcode -- http://howto.cnet.com/8301-11310_39-20072009-285/how-to-set-a-stronger-iphone-passcode
2. Law Firms, “the Soft Underbelly of American Cyber Security” -- http://lawyerist.com/law-firms-
the-soft-underbelly-of-american-cyber-security
3. When Luddites Handle Cyber Security, You End Up With American Law Firms -- http://abovethelaw.com/2013/02/when-luddites-handle-cyber-security-you-end-up-with-american-law-firms
4. Hackers in China Attacked The Times for Last 4 Months -- http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html
5. Strong Passwords Aren’t Enough: How to to Ensure the Apple and Amazon Exploit Never Happens to You -- http://lifehacker.com/5932501/strong-passwords-arent-enough-how-to-to-ensure-the-apple-and-amazon-exploit-never-happens-to-you
6. Your Clever Password Tricks Aren’t Protecting You from Today’s Hackers -- http://lifehacker.com/5937303/your-clever-password-tricks-arent-protecting-you-from-todays-hackers
7. From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet -- http://lifehacker.com/5910408/from-saucy-pics-to-passwords-how-to-share-sensitive-information-over-the-internet
8. How to Pick a REALLY Good Security Question -- http://geekswithblogs.net/james/archive/2009/09/23/how-to-pick-a-really-good-security-question.aspx
9. Choose Good Security Questions and Better Answers -- http://lifehacker.com/5366816/choose-good-security-questions-and-better-answers
10. 10,000 Top Passwords -- http://xato.net/passwords/more-top-worst-passwords
11. Pafwert: Smarter Passwords -- http://xato.net/windows-security/pafwert-smarter-passwords
