practicehacker

We're the ABA Damnit! We own you!

This was my 10th year at ABA Technology Show in Chicago. This year was particularly cool.  Here’s why:

Meeting The Heavies: To me, seeing people like Dennis Kennedy, Tom Mighelle, Bob Ambrogi, Jim Calloway, Kevin O’Keefe, Brett Burney, Andy Atkins, Jay Foonberg (!) and the rest of my pretend blog friends … I mean pretend LinkedIn friends … is like reconnecting with long lost relatives. Exciting and a little intimidating. But all of them were really great and down to earth. Except that Kennedy. Such a prima donna. I kid, I kid.

Meeting Canadians: Who can forget meeting the Great Librarian of Upper Canada! Beat that. Then there was Phil of the Future (my name for him), Steve Matthews (nice guy), Brett Burney (I think he’s Canadian), Dominic Jaar (vive la Quebec libre!), the boys from Clio (or as I called them, the Booth Babes), and a host of other talent from the Great White North. It was great to meet you all: now go back where the ice doesn’t melt until July.

Technology Becoming Accepted: This year for the first time in memory I noticed a preponderance of grey hairs and the careful gait of partners scoping out potential buys for their offices.  This was not the brash, flash-in-the-pan TechShow of the late-90′s in which the Internet was decried as a fad.

SaaS, Saas, and more Saas: Software as a service was all over the place, and by next year it will be pervasive. This year I was knocked out by the number and variety of kick-ass SaaS providers at the show including Clio, RocketMatter, and VLO Tech. Clio was my hands-down favorite for a number of reasons – I intend to use it in my own practice. Whatever your cup of tea, the idea of throwing away the IT department in favor of the Cloud is gaining traction fast.

Less is … Less: One lamentable fact about this  year’s show – there was less of it than I’ve seen in a long time. Another casualty of the economy I’d say, but we shouldn’t overlook the fact that many legal technology vendors have been slaves to profit instead of boosters for innovation and the slow economy is making it painfully apparent what a royal screw job they’ve been giving lawyers all these years. Many players couldn’t make it ? Good riddance to bad company.

Other than that however, it was a great experience as always and one that I heartily recommend to one and all. If you haven’t been to TechShow, go there. If you have, come back. A splendid time is guaranteed for all.

For more coverage see my SmallLaw Column in TechnoLawyer.

Check out Twitter coverage of TechShow.

As always, I’d love your thoughts. E-mail me at mhedayat[at]mha-law.com or tweet me @practichacker.

ttyl

In Illinois, as well as a growing number of other states, you can no longer just leave used electronics on the curb or in a dumpster. The issue is liability for environmental contamination. Then there is data disposal, and as we all know by now computer hard drives must be permanently and intentionally relieved of their data lest it fall into the wrong hands – a malpractice nightmare.

In case you did not receive an email notice or just didn’t hear, November 15^th was America Recycles Day – a prime opportunity for individuals, firms, and businesses to go green and find out how to dispose of electronic equipment, computers, monitors, printers, routers, phones, PDA’s, etc. Of course the question of the hour is always ‘what is all this going to cost me/my firm/my client?’ As a matter of fact recycling unwanted electronics often costs nothing – on the contrary, it can yield a tax break or even some money in your pocket. 

Well this is your lucky day because the pm blog is bringing the action to you; send us a list of your configured units, printers, monitors, routers, etc. or call 630-388-7057 to find out more about how the pm blog can help you stop procrastinating and put your assets in motion.

Robert Toro, Optimus Solutions offers some VoIP-specific security practices when implementing IP telephony for the first time.

1. Test, test, test. Test IP telephony systems and applications as one would firewalls, VPNs, and other security services—by conducting self-hacks. Simulate code-embedded message attempts, DoS attacks, and override exploit attacks. This should help security administrators gain a greater understanding of the system’s strengths and weaknesses.
   • Use security as a key selection criterion when buying any IP telephony solution.
2. Implement password security for end users and system administrators. Passwords and the services they protect should be managed like any other network resource. Enforce these procedures:
   • Implement automated password reset for every 30 days.
   • Restrict unsuccessful login attempts to three.
   • Replace all temporary passwords with complex passwords.
   • Delete inactive voice mailboxes to avoid abuse or misuse.
   • Delete all testing codes used by the installation team.
3. Secure all hardware. Users of IP telephony must secure phones, IP servers, switches, and other types of voice equipment. Eavesdropping may only be achieved if the hacker gains direct access to the LAN. Since most LANs are secured by established technologies, VoIP sessions are also protected by default. Simply enable and configure each device’s security features, and then manage them just as you would any other corporate device.
   • The VPN must be configured and tested to support VoIP if remote users will be accessing telephony functions via the Internet.
   • Mobile workers who are accessing the Internet via hotel or airport Ethernet connections must also run personal firewalls.
4. Investigate VoIP-specific security products only as a last resort. Security vendors claim that they are not trying to overhype IP telephony vulnerabilities, yet new VoIP security products are coming to market in a steady stream. Expect this trend to continue as the number of VoIP installations grows. Solutions range from security hardware and software, to hosted services, to consultation for secure VoIP architecture. Companies include:
   • INS VoIP Security.
   • Juniper Networks Dynamic Threat Mitigation.
   • PeerSec Networks MatrixSSL.
5. Follow developments from the VoIP Security Alliance (VOIPSA). Recently founded VOIPSA is composed of VoIP hardware and software vendors, security firms, and researchers. VOIPSA helps enterprises navigate the VoIP security landscape through discussion lists, white papers, research projects, free tools, and methodologies. VOIPSA’s VoIP Security and Privacy Threat Taxonomy defines many of the potential threats to IP telephony deployments. Increase IT’s awareness of VoIP security issues by reading this publication.

Bottom Line

VoIP-specific risks may be overblown at the present time, but enterprises should nevertheless take the same precautions for IP telephony as they would for any other network service. Don’t allow fearmongering to stall deployment.

Optimus Solutions / Canvas Systems