To ensure that the company's servers and networks are secure, the IT department has installed an array of technology, including Check Point Firewall-1 firewalls and Tumbleweed WorldSecure software to filter inbound and outbound Exchange e-mail, which runs on a Dell PowerEdge 1300 server. In addition, the system includes a series of Internet Security Systems Inc. tools for security monitoring, including Internet Scanner for vulnerability scans; RealSecure Server Sensor for host intrusion detection; RealSecure Network Sensor for network intrusion detection; and System Scanner, which scans the host system for known vulnerabilities and recommends security configurations based on the information. The tools run on a variety of hardware, including a Dell Optiplex Gx110 (the management console for server-based software), a Nokia IP330 firewall, and Dell PowerEdge 1550 servers.
Installing security tools is only the first step, however. The firm has a full-time security manager who monitors systems and ensures that security policies are not being compromised. The company encourages attorneys to change passwords every 90 days, and keeps security policy updates and advice on its portal.
But no matter what security precautions the firm takes, it simply can't ensure that all attorneys are following its best security practices. "We just have to keep them educated and provide training," Odson says.
