Versions Compared

Version Old Version 8 New Version Current
Changes made by

Former user

Gemma Heidemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Finally, there is the tried and true approach of break-and-enter. A Wise Owl Legal Appliance is small, easily transportable, and could easily be stolen by a malicious attacker if they thought it brought enough benefit.

 


Wise Owl Legal has taken steps in all the above areas to prevent data being stolen.

...

Offline appliances simply reject any login attempts from outside your network (technically, they reject any network connection at all). However, this is not particularly convenient when you are at client's premises or in a courtroom. Online access allows full access to Wise Owl Legal from anywhere on the Internet. To reduce the possibility of a malicious hacker gaining access, the following procedures are implemented:

  • Only trusted computers and web browsers are allowed to login. When you first login from an untrusted computer or browser, you will be required to enter a code.

  • Codes are generated either on your mobile phone or sent via email. If a hacker attempts to access your account, even if they know your password, they need access to your email or phone as well. This is called two factor authentication, because you need two things to login (your password and access to your email / phone).

SSL Certificates and HTTPS

...

Depending on how your Appliance is configured, you may have an SSL certificate issued by a 3rd party such as VeriSign or one issued by Wise Owl Legal. There is no difference in security between the two, however 3rd party certificates have an annual cost, while Wise Owl certificates require an additional step to configure web browsers (TODO: doco for trusting the Wise Owl root cert, similar to Installing Wise Owl SSL Certificate /wiki/spaces/IN/pages/228264241).

Whole Appliance Encryption

...

Appliances in our data centres are also encrypted using the same technology, but to ease administration, may use a network based key rather than the physical USB key. 

Passwords

Secret passwords are the main defence any website or appliance has to ensure only authorised users get access to it. Unfortunately, a bad password is only slightly better than no password (and provides a false sense of security).

...

Finally, in the event an attempted or actual security breach does occur, Wise Owl Legal appliances keep multiple logs of resource access. In particular, we are very careful to log information about login attempts (successful or otherwise) including the web browser used, and IP address.

Logs include:

  • Low level web server logs (only accessible by Wise Owl Legal Helpdesk staff)

  • Appliance level system logs (accessible from the Tools page)

  • Audit logs (accessible from the Tools page)

  • Profiling and metrics (access level TODO)