Educause Security Discussion mailing list archives
Re: Web Kiosks
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Mon, 11 Aug 2003 08:30:10 -0500
By the way, related to the following message I sent -- Nanonation, the company who makes these kiosks, works through resellers, like Campuslink. If you didn't recognize Nanonation, perhaps you recognize Campuslink. Their name is actually on the kiosks. M. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu
-----Original Message----- From: Bruhn, Mark S. Sent: Thursday, August 07, 2003 5:33 PM To: Security Working Group; SECURITY () LISTSERV EDUCAUSE EDU Subject: Web Kiosks Specifically, kiosks accessible to anyone, placed on campus, by a company called Nanonation. I just met with our Student Union folks, and they have contracted with this company to place 5 or 6 of these in our Union. They allow web access to anything, anywhere. It's a given that we would isolate these from the rest of our network. But, there are issues about what people can do from these, using/against external sites. When I described to the Union staff what this could mean, in order to make sure they know what they're getting into, they also became very concerned. Especially when I described that other areas have chosen to install some level of authentication (such as the Library), and that these devices will most likely become the new haven for nefarious-deed-doers (those that have migrated to the county library as we installed authentication on campus may migrate back!) This company says they have 27 colleges and universities as customers. They listed a few, and will send me the rest -- I start with the Big Ten campuses they mentioned: Michigan State, Northwestern, Ohio State, Purdue is apparently negotiating. Others were Penn and Kansas. I wondered if I could get a sense of 1) how many security officers know about these types of kiosks on their campuses, and 2) if so, do you know what the thinking was related to security and abuse? How were those concerns handled or were they explicitly recognized and accepted? If you want to reply to me, I can sanitize and summarize for the lists. Thanks, M. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Web Kiosks, (continued)
- Re: Web Kiosks Dan Updegrove (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Steve Worona (Aug 08)
- Re: Web Kiosks Jere Retzer (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks art (Aug 08)
- Re: Web Kiosks Dick Jacobson (Aug 08)
- Re: Web Kiosks Marty Hoag (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 08)
- Re: Web Kiosks Bruhn, Mark S. (Aug 11)
- Re: Web Kiosks David L. Wasley (Aug 11)
- Re: Web Kiosks Schmidt, Eric W (Aug 11)