Re: Web Kiosks

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

By the way, related to the following message I sent -- Nanonation, the
company who makes these kiosks, works through resellers, like
Campuslink.  If you didn't recognize Nanonation, perhaps you recognize
Campuslink.  Their name is actually on the kiosks.  
M.

-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Interim Director, Research and Educational Networking Information
Sharing and Analysis Center (ren-isac () iu edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu



>  -----Original Message-----
> From:         Bruhn, Mark S.  
> Sent: Thursday, August 07, 2003 5:33 PM
> To:   Security Working Group; SECURITY () LISTSERV EDUCAUSE EDU
> Subject:      Web Kiosks
>
> Specifically, kiosks accessible to anyone, placed on campus, by a
> company called Nanonation.
>
> I just met with our Student Union folks, and they have contracted with
> this company to place 5 or 6 of these in our Union.  They allow web
> access to anything, anywhere.  It's a given that we would isolate
> these from the rest of our network.  But, there are issues about what
> people can do from these, using/against external sites.  When I
> described to the Union staff what this could mean, in order to make
> sure they know what they're getting into, they also became very
> concerned.  Especially when I described that other areas have chosen
> to install some level of authentication (such as the Library), and
> that these devices will most likely become the new haven for
> nefarious-deed-doers (those that have migrated to the county library
> as we installed authentication on campus may migrate back!)
>
> This company says they have 27 colleges and universities as customers.
> They listed a few, and will send me the rest -- I start with the Big
> Ten campuses they mentioned:  Michigan State, Northwestern, Ohio
> State, Purdue is apparently negotiating.  Others were Penn and Kansas.
>
> I wondered if I could get a sense of  1) how many security officers
> know about these types of kiosks on their campuses, and 2)  if so, do
> you know what the thinking was related to security and abuse?  How
> were those concerns handled or were they explicitly recognized and
> accepted?
>
> If you want to reply to me, I can sanitize and summarize for the
> lists.
>
> Thanks,
> M.
>
>
> -- 
> Mark S. Bruhn, CISSP, CISM
>
> Chief IT Security and Policy Officer
> Interim Director, Research and Educational Networking Information
> Sharing and Analysis Center (ren-isac () iu edu)
>
> Office of the Vice President for Information Technology and CIO
> Indiana University
> 812-855-0326
>
> Incidents involving IU IT resources: it-incident () iu edu
> Complaints/kudos about OVPIT/UITS services: itombuds () iu edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.