Last Updated: 2010-10-14 13:33:50 UTC
by Johannes Ullrich (Version: 1)
Today, we will talk about the challenges in securing a publicly accessible computer, or "Kiosk". I will organize this in checklist form in part because I expect to add to this list based on user feedback. If you do have something to add, please contact us or leave a comment below.
First of all, a lot of this depends on the scope of access required. In most cases, the kiosk will access some form of network resource. Worst case: Generic internet browser (e.g. a shared break room computer). This is very hard to control and secure. It is a bit simpler if you are able to establish a list of specific resources (think about an airline check in kiosk).
I am only talking here about protecting the system, not about how to protect yourself while using a public system.
So lets start with the checklist:
- Location: The system should be located in an easy to view location. This will make it easier to supervise what people are doing.
- Policy: In particular if you allow access from the public, prominently post the usage policy. Maybe add it to the wallpaper, make the user click on it. Keep it simple so it can be understood in the 5-10 seconds a user will spend looking at it.
- Physical Security: Of course, there is always a change that the computer will "walk away". Keeping it in an open location will help with monitoring users and preventing them from removing parts. Lock down cables and alarms that sound when covers are removed may help (similar system like you find in retail stores). But be careful about enclosing desktops in desks. Provide sufficient ventilation to avoid fire hazards.
- In most cases, individual users and passwords are not practical. But whatever "default" user you use, should have minimal privileges.This will also make it easier to "reset" the computer between sessions
- The web browser will likely be the most important tool on a system like this. Make sure it is hardened. Disable any "persistent" features (cookies, safe passwords, cache...)
- Look into "Kiosk Software". There are various systems around for Windows, Linux and OS X to help you manage a kiosk
- Re-image daily. For a system like this, it should be possible to re-image the drive once a day. This will make sure no remnants are left over from prior uses. Parts of the system, like the users home directory, can be cleared on each log in. Automatic re-imaging can work from a DVD that is locked in the DVD drive or a second hard disk that is configured as read only. There are also hardware devices (usually used in computer forensics) that will allow you to connect drives and physically block write access.
- Enable an auto-logout on inactivity. This will help with cleaning up the system if a user just walks away and doesn't log out or close the browser
- Separate the system from the rest of your network. This kiosk should only be used as a kiosk and nothing else. It should not have access to your corporate network (unless this is why you need it) and no confidential data should be stored on the system.
- Limit what a user can do with the system. This can be tricky as you have to balance security with the need of the user actually use the system. For example, if this is a "break room" computer or a public computer in a hotel lobby, you probably want people to use a wide variety of web sites (Facebook? ). The usual parental guidance software can help establish limits. This software can also be used to establish time limits if needed.
- Keep logs. At the very least, you want to know what your users did with the system. Keep good audit logs as far as your local laws and company policy allows. Many desktop monitors now include cameras. It may be a bit too intrusive, but what about taking a picture of the person in front of the screen every 5 minutes?
- Limit physical access to ports. This can be tricky, as people for example may want to e-mail photos they have on a USB stick. At least apply standard precautions about disabling auto-run. But for example access to a firewire port is usually not required.
I am sure I missed something, so this will be updated throughout the day.