Criminal Law Library Blog

While reviewing responses to readers of this blawg, I noticed that many seem interested in postings related to information security. Therefore, as an experiment beginning with this posting I plan to include an occasional newsletter covering topics and issues related to information security.

As an added activity I serve on an Information Security Committee at my orgaization. This experience has certainly increased my awareness of the importance of information security issues to all of us, including law librarians. Let's see how this works. Comments are welcome.

David Badertscher

February 2008

Volume 1, Issue 1

Securing a Wireless Network

From the Desk of David Badertscher

Is a Wireless Network Secure?

Wireless networks are not as secure as the traditional “wired” networks, but you can minimize the risk on your wireless network (at home or at work) by following the tips below.

How Does it Work?

The standard set up for a wireless network requires two components: a Wireless Access Point (WAP) and a computer with a wireless network adaptor. Properly configuring a wireless device can be challenging and the steps will vary depending on the manufacturer. If you do not feel comfortable doing it yourself, be sure that whomever is configuring the wireless network follows these best practices.

Wireless Access Point (WAP)

The WAP connects to your high speed Internet connection or your internal network. This is the foundation for building a wireless network. It provides the ability to use a computer without being constrained by the distance of a wire. Keep in mind that metal filing cabinets as well as certain building materials, such as bricks and blocks, can interfere or limit the range. The distance between your wireless computer and the wireless access point. Generally, the indoor range for a WAP is approximately 125 feet.

Wireless Network Adaptor

A wireless network adaptor, used for transmitting and receiving information, is required for each computer you intend to connect to a WAP. When purchasing wireless networking hardware from separate vendors, be sure to obtain guarantees that the hardware will conform to defined standards and interoperate properly. The wireless network adaptor is usually built into laptop computers while it is an add-on component inserted into a USB port on desktop computers.

Enable Encryption

Every wireless network should enable encryption. Encryption scrambles the data in a way that if your signal is intercepted there is reduced risk of someone being able to eavesdrop or monitor your communications. There are several standards of encryption common to most WAPs. Wired Equivalency Privacy (WEP) is the older standard. WEP has a number of known security flaws and should only be used if no other method of encryption is available. Be sure to set the WEP authentication method to ”shared key” instead of “open system.” Under “open system” the initial sign-on is encrypted but the data is not. Newer wireless access points include Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2). WPA2 is the stronger and the preferred method of encryption.

Change the Default Password

Change the default password that comes with your WAP. The default passwords used by manufacturers are well known to the hacking community. Be sure to use a strong password, at least eight characters including numbers and special characters.

Change SSID Name

The Service Set Identifier (SSID) is the name of your wireless network. Default SSIDs are well known, often the name of the manufacturer and easy to guess. Change the SSID name to something unique and be careful not to use a name that freely discloses information. For example, avoid using your family name. Avoid descriptive or functional names as well, such as “Payroll” or “Accounting” since this would advertise an attractive target for an attacker.

Turn Off SSID Broadcasting

By turning off SSID Broadcasting, your wireless access point does not advertise its presence. It is similar to having an unlisted telephone number. This is a way to reduce the visibility of your network to others in your neighborhood. The only way to connect to a WAP with SSID Broadcasting turned off is to know the SSID name and password.

Use MAC Filtering on Your WAP

The MAC (Media Access Control) address is the unique ID assigned to your computer’s network interface card. It is referred to as the computer’s “physical address.” Enabling MAC filtering on your WAP allows you to designate and restrict which computers can connect to your WAP. If the computer’s address is not listed, a wireless connection cannot be made to the WAP. To look up a MAC address on a Windows computer, go to “Start” then “Run” and type “cmd”. A new window will open and you will need to type ipconfig /all and press the enter key. A number of attributes will be displayed. The MAC address is identified as the “Physical Address.”

RF Interference Assuming your WAP point functions in the 2.4 GHz range, you may experience Radio Frequency (RF) interference from other 2.4 GHz devices, such as cordless phones, microwaves and baby monitoring devices. These devices can limit wireless performance. To manage the problem, limit sources of RF interference in proximity to the WAP.

Additional resources for wireless networks can be found at:
Wireless Network Tutorial including manufacturer step by step procedures.
http://spotlight.getnetwise.org/wireless/wifitips/
Microsoft: www.microsoft.com/technet/network/wifi/wifisoho.mspx

For more monthly tips go to: www.msisac.org/awareness/news

FROM IT SECURITY NEWS:

Bush wants a security clearance reform plan by April 30
The memo's language reflects concerns that longstanding security
clearance practices are preventing employees and contractors from
beginning work. (fcw)
http://www.1105newsletters.com/t.do?id=866100:3309489

For more monthly tips go to: www.msisac.org/awareness/news/

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Authors of Articles , David Badertscher , Information Security Newsletter

Bookmark:

BY DAVID BADERTSCHER

Since October 11, 2007 the New York Supreme Court Criminal Term Library, New York County has been uploading slip opinions of the New York Supreme Court Appellate Division, First Department to the Criminal Law Library Blog. See http://www.criminallawlibraryblog.com/court_decisions/new_york_supreme_court_app_div/

As could be expected, users of that blawg who consult the slip opinions posted have started asking questions about how these slip opinions should be cited where found by consulting this blawg. Here is a recent question received by the Library:

"...I got a phone call from an attorney reading the [Criminal Law Library Blog] where the slip opinions from the Appellate Division [First Department] are posted. She was preparing a brief and needed a cite, not Westlaw whatever. Can the cite be determined from the blog or do we have to go to Westlaw or Lexis?"

After receiving this question I consulted the web version of the New York Official Reports: Official Reports Style Manual which is an official, authorative source for offering guidance for citing New York cases, including slip opinions, see http://courts.state.ny.us/reporter/NYStyleMan2007.pdf, to determine if the question posed has been addressed; my concern was that whenever possible citations should conform to established the established conventions of the jurisdiction involved, in this instance the State of New York.

While the Official Reports Style Manual does not address directly the accepted format for citing slip opinions found on a blaw posting, it does offer guidance through a combination of its sections that together can be used to construct a format for citing New York Slip opinions on a blawg. Specifically, Section 2.2(a)(8) "Citations to Slip Opinions" and Section 7.1(c)(3) " Citation to a Document or Page on a Web Site". Section 7.1(c)(4) "Weblog Citation" does not address directly the citing of cases found on a weblog but it does offer the following guidance: "For citations to weblogs (blogs), follow the general citatation style above [Section 7.1(c)(3)] including the name of the weblog, the title or entry, the URL, and the date of posting."

For your convenience I have prepared two sample citations to slip opinions posted on the Criminal Law Library Blog that should meet the above standards if you find it necessary to include a blogsite in your citation:

(Tighe v. Henneghan Construction Co. Inc., _AD3d_, 2008 NY Slip Op 2287 [1st Dept. 2008], Criminal Law Library Blog, http://www.criminallawlibraryblog.com/ny_AppDiv1_SlipOp_02-05-2007.pdf [February 5, 2008])

(In Matter of Zelda E. Stewart, _AD3d_, 2008 NY Slip Op M-6222 [1st Dept. 2008], Criminal Law Library Blog, http://www.criminallawlibraryblog.com/Ny_AppDiv1_Stewart_02-05-2008.pdf [February 5, 2008])

In this posting I have only considered slip opinions in the State of New York. Acceptable. Due to the need to post this information in a timely manner, I have only briefly reviewed citation formats for cases on blawgs in other jurisdictions. From that review I suspect requirements in many other locations will be similar to those outlined above.

This points out again the urgent need generally to address issues related to the appropriate and functional citation of legal materials stored in a digital format. It is good to see that the American Association of Law Libraries working with others is continuing to carry on this effort
_______________________________

*The opinions expressed above are entirely my own and do not reflect any opinions or commentary, official or unofficial, of the State of New York Unified Court System.

Posted by David Badertscher | Permalink | Email This Post | Comments (1)

Posted In: Authors of Articles , Commentary and Opinion , David Badertscher , Library News and Views , Library Organization and Planning , New York Supreme Court App. Div Slip Opinions , Questions and Answers

Bookmark: