Re: Web Kiosks

[Dan Updegrove <updegrove () MAIL UTEXAS EDU>]

Mark & colleagues,

Not clear to me why any campus would desire -- or permit -- such wide-open,
unauthenticated (right?) access. Aside from some sort of advertising
revenue sharing (right?), this looks like a total loser from a security and
network management perspective.

Dan


At 05:33 PM 8/7/2003, Bruhn, Mark S. wrote:

> Specifically, kiosks accessible to anyone, placed on campus, by a company
> called Nanonation.
>
> I just met with our Student Union folks, and they have contracted with
> this company to place 5 or 6 of these in our Union.  They allow web access
> to anything, anywhere.  It's a given that we would isolate these from the
> rest of our network.  But, there are issues about what people can do from
> these, using/against external sites.  When I described to the Union staff
> what this could mean, in order to make sure they know what they're getting
> into, they also became very concerned.  Especially when I described that
> other areas have chosen to install some level of authentication (such as
> the Library), and that these devices will most likely become the new haven
> for nefarious-deed-doers (those that have migrated to the county library
> as we installed authentication on campus may migrate back!)
>
> This company says they have 27 colleges and universities as
> customers.  They listed a few, and will send me the rest -- I start with
> the Big Ten campuses they mentioned:  Michigan State, Northwestern, Ohio
> State, Purdue is apparently negotiating.  Others were Penn and Kansas.
>
> I wondered if I could get a sense of  1) how many security officers know
> about these types of kiosks on their campuses, and 2)  if so, do you know
> what the thinking was related to security and abuse?  How were those
> concerns handled or were they explicitly recognized and accepted?
>
> If you want to reply to me, I can sanitize and summarize for the lists.
>
> Thanks,
> M.
>
> --
> Mark S. Bruhn, CISSP, CISM
>
> Chief IT Security and Policy Officer
> Interim Director, Research and Educational Networking Information Sharing
> and Analysis Center (ren-isac () iu edu)
>
> Office of the Vice President for Information Technology and CIO
> Indiana University
> 812-855-0326
>
> Incidents involving IU IT resources: it-incident () iu edu
> Complaints/kudos about OVPIT/UITS services: itombuds () iu edu
>
>
> ********** Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at http://www.educause.edu/cg/.


VP  for Information Technology          Phone (512) 232-9610
The University of Texas at Austin       Fax (512) 232-9607
FAC 248 (Mail code: G9800)              d.updegrove () its utexas edu
P.O. Box 7407                                   http://wnt.utexas.edu/~danu/
Austin, TX 78713-7407

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.