Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Internet Kiosk

From: Nick Besant <lists () hwf cc>
Date: Thu, 30 Nov 2006 09:30:02 +0000
If you're intent on using Windows for the kiosk (for commercial or support reasons), then using a customised boot environment (as below) is the best solution. There are several open-source / shareware style apps (e.g. [1] ) around that provide library- or uni-style access control if you want to be able to configure who can log on, what times, what they can access etc.
It's well worth also considering what access (both physical and logical) you want the users to have; preventing people from downloading software or using the command line etc won't be very useful if some clever git plugs a USB stick in with a suite of handy havoc-wreaking tools on it ("but I really needed to be able to do that !"), or uses a bootable CD or USB stick.
Depending on your budget and reason for doing this, another option may simply to be to have a completely separate (from your corporate network) DSL connection based on a read-only boot media - Knoppix CD etc., with the PC box in a lockable unit, and just allow people access to a browser only by customising the CD (as below). 

Regards,

Nick


[1] http://www.emailarms.com/products/internet_kiosk.html


--
Nick Besant

Petter Bruland wrote:

Boot from a knoppix CD... or make one with BartPE, then once you have
the setup you want, burn it to a CD and set the kiosk to reboot upon
logout, that way it will stay clean. 
:-)

-P

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Chris Boczko
Sent: Tuesday, November 28, 2006 3:14 AM
To: security-basics () securityfocus com
Subject: Windows Internet Kiosk

Hello Everyone...

Not really sure if this is the right place, but we are looking into
setting up a internet kiosk for our staff to use, but we will need to be
able to login  by username, but most of the users don't normally have
internet access, does anyone have any experience setting up windows /
Linux to do this? I really need it locking down to just a browser...

I'm thinking GP with a mandatory profile, but im not to sure how to lock
down the browser, I cant really use IE in kiosk Mode, as I need them to
have an address bar, but I don't want them installing anything or
changing any settings on the machine.

Thanks in Advance

Christopher Boczko

Chemdry UK Ltd
Previous By Date Next
Previous By Thread Next

Current thread: