Encryption and TLS Protocols

As of version 7.3, LAW supports TLS 1.2 encryption protocols for Windows 10 systems.

•For information on enabling TLS on your environment systems, we recommend you work with your Administrator.  

•LAW is compatible with systems running TLS 1.2 encryption; TLS 1.0 may be disabled on these systems.

•For instructions on enabling/disabling TLS 1.2 and 1.0, please reference https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings.

 

LAW FIPS Compliance and Configuration

Effective starting with version 7.5.X, CloudNine LAW is certified for FIPS encrypted Windows 10 operating systems.

Administrators can enable FIPS via either local system registry, or via Group Policy.   

When enabled, the operating system will ensure that only FIPS validated hashing and encryption modules are used by the operating system (including .NET libraries).

 

For more information on the FIPS encryption and usage with Windows 10, the STIG guidelines are listed here for reference: https://www.stigviewer.com/stig/windows_10/.

Users can also reference the STIG guidelines for enabling FiPS encryption: https://www.stigviewer.com/stig/windows_10/2019-01-04/finding/V-63811.

 

Antivirus Best Practices and Recommendations

With any eDiscovery processing tool, an anti-virus scanning utility can alter files and interrupt chain of custody and hashing values.

Best Practices for insulating against unwanted AV impacts in processing include:

•Separate the Processing Network other Review and Business Networks (e.g., separate LAN or vLAN).

•Only run virus scanning after processing is completed (e.g., when moving processing volumes to new locations for Production or Review Loading).

•If on-demand virus scanning is a compliance requirement, then scan only the file shares with extracted ESI.

•These paths should be excluded so as to avoid impacts to processing speed and reliability:

oInstallation directory

oLocal User Log Directory

oLocal User Data store Directory

oLocal Computer Data store Directory

oLAW Case Directory

oLAW Worker Temp Directory

oSource data location

Additionally, Users may reference the EDRM recommended practices regarding virus protection here: https://www.edrm.net/resources/frameworks-and-standards/edrm-model/edrm-stages-standards/edrm-processing-standards-guide-version-2/.

 

 

Required LAW and Explore Ports

The required port exceptions for LAW and Explore are listed below.

LAW

Outgoing:

•ms-sql-s -> 1433 (TCP/UDP)

•www, http -> 80 (TCP)

•https -> 443 (TCP/UDP)

•microsoft-ds -> 445 (TCP/UDP)

•smtp -> 25 (TCP) * Configurable via Tools->Options->Notifications

•Sentinel Protection Server (3rd party) -> 7002 (TCP)

•Sentinel RMS Server (3rd party) -> 5093 (UDP)

LAWtsi

Outgoing:

•ms-sql-s -> 1433 (TCP/UDP)

•www, http -> 80 (TCP)

•microsoft-ds -> 445 (TCP/UDP)

•Sentinel Protection Server (3rd party) -> 7002 (TCP)

•Note: LAW TSI interfaces with 3rd party TWAIN drivers which may use various network communication methods to access devices. Ports would have to be determined by your Scanner manufacturer/vendor.

LAW Management Console

Outgoing:

•ms-sql-s -> 1433 (TCP/UDP)

•microsoft-ds -> 445 (TCP/UDP)

•UDP -> 8401 (UDP) * Configurable via Tools->Options

Incoming:

•UDP -> 8401 (UDP) * Configurable via Tools->Options

Explore

Outgoing:

•ms-sql-s -> 1433 (TCP/UDP)

•www, http -> 80 (TCP)

•microsoft-ds -> 445 (TCP/UDP)

•https -> 443 (TCP/UDP)

•Sentinel Protection Server (3rd party) -> 7002 (TCP)

•Sentinel RMS Server (3rd party) -> 5093 (UDP)

Incoming (web only, end user configurable):

•www, http -> 80 (TCP)

•https -> 443 (TCP/UDP)