pmow Posted March 8, 2016 Report Posted March 8, 2016 We use Intella Connect on our corporate network with access to file shares. We're primarily a forensic accounting practice so a big feature is the ability to add clients (attorneys) into Connect for remote review alongside us. Often, they'll have a unique outlook on a case and this is much better than going back and forth. Our plan is to isolate Intella Connect as a published Citrix app. The main concern here is that because it has access to all production data, a public-facing web server is probably not a good idea. Citrix is a decent compromise between compatibility (many firms use and/or trust it) and security. Something like a VPN is probably a no-go, since it's pretty intrusive software to be installing. What steps have you all taken to secure access to Connect?
AdamS Posted March 9, 2016 Report Posted March 9, 2016 My IT guys have set my Connect server (and entire forensic network) up on it's own subnet in the first instance so I'm completely separate from the corporate network, that's the first instance. I would say this would be the most important factor as if my network becomes compromised it doesn't leave an open door to the rest of the firm. Any production data is produced within my network anyway and if they needed access to data housed on the corporate network I just copy it across via a USB drive. My Connect server is using the HTTPS ability inbuilt which meant we had to register a domain and get security certificates issued, beyond that I have antivirus and firewall software running on the machine. The machine only has the ports it needs for Connect and web browsing open, all other ports are closed. The Intella people would be able to comment on other security features, but my understanding is that Connect only allows access to the data that you are actively sharing from the case data and there is no other way to clients to accidentally or on purpose suddenly have access to network shares or any data outside the intella case folder that is actively shared with them. I've been running a Connect server in this fashion for a few years now and have had no issues.
ŁukaszBachman Posted March 11, 2016 Report Posted March 11, 2016 The Intella people would be able to comment on other security features, but my understanding is that Connect only allows access to the data that you are actively sharing from the case data and there is no other way to clients to accidentally or on purpose suddenly have access to network shares or any data outside the intella case folder that is actively shared with them. Adam, I think that your understanding is correct. Each case shares only the data that it contains. If security is of a concern then I advice to run external audit on your infrastructure (including Connect) so that you identify (and hopefully eliminate) security flaws that could compromise your critical data.
pmow Posted March 11, 2016 Author Report Posted March 11, 2016 Definitely creating a copy of the data on the forensics network would be a viable alternative, as is doing a pentest and audit. I will definitely keep these strategies in mind, thanks!
jcoyne Posted March 17, 2016 Report Posted March 17, 2016 We have Intella connect on it's own vlan which can only communicate via HTTPS to a watchguard firebox appliance. Users can only gain access to the watchguard appliance through two factors of authentication (one provided by the watchguard username/password the other provided by a vasco secure ID app on the user's phone.) It makes for a very robust system - with lots of auditing
Recommended Posts