Secure your public PCs against unauthorized access to court data

Securing PCs and networks is a complex and continually-evolving field. There are specialists who focus solely on such issues. The following advice is not guaranteed to be complete, current or accurate at all times. Instead, it is intended as a checklist you can use to ensure that local IT staff have addressed the major issues as they secure your systems.

Unless the court provides only green screen programs run on a dumb terminal, access to the court’s data will be via a PC. This runs the risk of unauthorized access to the court’s data via malware such as a virus or a “keystroke sniffer”. Therefore, such PCs should be “locked down” to make sure that nobody installs such malware. This is the same problem faced by public libraries.

Securing Public Access Computers In a Library Setting, by Andrew Sipper (available here) is a good whitepaper detailing some of the necessary steps:

    1. Restrict the right to install programs, using Group Policy Objects (GPOs).

      1. Note: Don’t use a “Home” version of Windows, since it won’t support GPOs.

    2. Make sure nobody can boot the PC from another device (thumb drive, etc.). This is done by configuring and locking down the BIOS.

    3. In case someone still manages to install malware, it would be best if the AS400 user ID and password were not given out.

      1. If you have given this out in the past, at least change the passwords

    1. Maintain good physical security- keep the PC where you can see it if possible, and lock the cover of the PC.

Read the above-referenced whitepaper for details on these issues.

Ideally, the PC would be set up with nothing more than a browser that can only access judici.com. This will prevent people from tying up the PC with tasks like getting their e-mail (which might very well contain viruses). This can be done in the PC’s operating system and/or its browser, as well as in your network. Contact local IT staff for guidance on doing this with your specific systems and network.

If you must use PC JIMS or a green screen for access, make sure to limit the capabilities of the associated iSeries400 user ID by configuring it to the public access, State’s Attorney or sheriff's menu. Contact GAL if you have questions on how to do this.