Secure public PCs against unauthorized access to court data

KB article ID: 5010 (permalink)


Securing PCs and networks is a complex and continually evolving field. There are specialists who focus solely on such issues. The following advice is not guaranteed to be complete, current or accurate at all times. Instead, it is intended as a checklist you can use to ensure that local IT staff have addressed the major issues as they secure your systems.  

With regard to public access PC security

Windows 8.1 and 10 make it easy. They offer a “Kiosk Mode” feature. 
For how-to instructions, see https://www.howtogeek.com/173562/how-to-easily-put-a-windows-pc-into-kiosk-mode-with-assigned-access/

Windows 7 also offers this, but its version has known vulnerabilities. We recommend Window 7 PCs be setup using LGPOs, Local Group Policy Objects, instead. 

While we know of no comprehensive guide detailing ALL of the modifications that should be made to properly secure a Windows 7 Public Access terminal, some semi-complete guides can be found on Microsoft's site. These require a fair amount of reading and clicking to find everything. Check with your IT. For Microsoft's main page on this, see https://technet.microsoft.com/library/gg176676.aspx

 

There are multiple links out from their main page, and all should be checked for pertinent info:

 

(Using LGPOs is fairly time-consuming; there are many things that will need to be set/changed. Any semi-competent IT admin should be quite capable of doing this. That said, a wrong setting could lock you out of the system completely.)


Physical security

Regardless of the OS used, there are issues beyond securing/restricting a PC’s software --physical security is just as important, if not moreso. See https://www.giac.org/paper/gsec/4304/securing-public-access-computers-library-setting/107011

While written to help secure public access terminals in libraries, the section on "Physical Security" provides some really good tips, including:

  • Restrict the right to install programs, using Group Policy Objects (GPOs).--Don’t use a “Home” version of Windows, since it won’t support GPOs.
  • Make sure nobody can boot the PC from another device (thumb drive, etc.). This is done by configuring and locking down the BIOS.
  • In case someone still manages to install malware, it would be best if the iSeries/AS400 user ID and password were not given out.--If you have given this out in the past, at least change the password.
  • Maintain good physical security --keep the PC where you can see it if possible, and lock the cover of the PC.

With regard to the software & services offered on a public PC

The programs and web-access you allow will depend on the services you want to offer:

For public access to case data, consider offering PC JIMS Courts logged in using your View-Only public user ID. 
For public access to case documents, consider offering PC JIMS Imaging logged in using your View-Only public access user ID.
For public access to online case information, consider offering a browser with Internet access restricted to Judici. This could also enable them to make online payments if you offer Judici E-Plea & Pay.
For public access to at-court e-filing (especially for pro-se filers), consider offering a browser with Internet access restricted to include a link to the E-Filing Service Provider (EFSP) that your court selected. Certified EFSPs are listed on eFileIL's website. 
For filers, consider a short-term desktop folder for filer's scanned documents. Folder should be set to clear at end of each filer's session.

With regard to PC JIMS public user IDs

Your iSeries system should already be setup with a security-settings-appropriate PC JIMS Courts public access user ID. Given access to PC JIMS Courts on a public access PC, users can securely look up authorized case information. It is recommended that you DO NOT provide public users the PC JIMS public access user ID password. Instead, sign in that user ID for them.


Given an established PC JIMS Courts public access user ID, it's easy to setup a PC JIMS Imaging View-Only public access user ID:

  1. Log into Imaging as an administrator. 
  2. Look to Technical/Users. 
  3. If your PC JIMS Courts public access user ID isn't listed, go to File/Import JIMS User IDs. 
    1. Check mark the public access user ID, and click Import. 
    2. By default, this user ID will be pulled into Imaging as a View-Only user. Confirm by clicking on the imported ID. 
Once your PC JIMS Imaging public access user ID is created, use it to sign in public users. It is recommended that you DO NOT provide public users the PC JIMS public access user ID password.


Comments