CONTINUE TO SITE »
or wait 15 seconds

News

How safe is your kiosk solution?

December 28, 2005

While the theft of actual ATM machines has been reported in the news periodically, we seldom hear of someone running off with a gift registry or public access kiosk. But that doesn't mean these devices are secure in every sense of the word.

As kiosks continue to move into the mainstream, more private information is exposed in public places. The good news is that many kiosk software solutions have built-in security features, such as virus protection.

"Since a kiosk is an unattended device, it is important that it be secure from a physical standpoint, as well as a software viewpoint," said Sylvia J. Berens, vice president of Apunix Computer Services.

Berens tells clients that security is very important. "The application should be able to deal with all aspects to make it secure." While the system needs to be secure from viruses, it must also be robust so that "even if there is a keyboard, the kiosk user cannot get access to the computer operating system, even during a reboot."

Thanks to secure socket layer - virtual private network, people can access a Web browser from anywhere, including a kiosk, explained Joseph Steinberg, director of technical services for Whale Communications, an enterprise-class SSL VPN vendor. This access from anywhere gives SSL VPN an edge over the previously popular remote access.

Time out

What happens to information left on a kiosk after a user walks away? Steinberg noted that cached information, temporary files, attachments and cookies could be hanging around after a user session. Sensitive data could be left behind; the data could be potentially embarrassing or highly confidential. In either case, it should not be revealed to the next kiosk user.

Kiosks used to collect customer information such as Social Security or credit card numbers are commonly cleared of information through a time-out function. "The time-out can be triggered by people walking away, or a time-out mechanism," explained Berens, adding that both software and hardware security considerations can also include proximity sensors and mats. "From a software perspective, it is critical that the application clears out the information."

It's more complicated to use no-activity time-outs with online Internet activity requiring a great deal of user input. If it takes 12 minutes to complete an online form, and the system times out after 10 minutes, the user has wasted time and lost the work, explained Steinberg.

Automatic refresh causes similar headaches. Financial Web pages, such as those with stock quotes, constantly refresh, which registers as user activity. Steinberg said, "The no-activity time outs are more essential in the Web space, but harder to do."

Secure transactions

Berens points to security considerations regarding loyalty programs on kiosks and the deduction of points, as in gaming. "It is very important that the application knows when a transaction has been completed."

For example, did the user walk away in the middle of the transaction or did the printer jam? "The application needs to be concerned with the security of the transaction."

While an entire kiosk may not be stolen, the CPU containing Social Security and credit card numbers could be. Berens advises a diskless application solution to avoid problems associated with CPU theft.

Know what's running

Keeping tabs on what's actually running on the kiosk may be the most complicated problem to solve, according to Steinberg. Many software products can mitigate or detect spyware and viruses running on the kiosk. A logical tiered-access product, noted Steinberg, will prevent access and limit uploads or downloads when spyware or viruses are suspected.

No one system is fail-proof, however. You can't control or check for some things, such as cameras watching keystrokes or keystroke counters. Said Steinberg, "a lot of kiosks are not running Web browsers, (but are) running a limited environment instead, (which) controls attempts to run spyware and viruses."

Yousif Hassan is technical director of TouchPoint Solutions, Inc. His company's Catapult platform is used to remotely manage and monitor kiosk networks. Hassan recommends remotely distributing and installing anti-virus software to networked kiosks. With networked devices, it is easy to deliver software to hundreds or even thousands of kiosks simultaneously for up-to-date protection.

"Remote monitoring is important because it provides insight as to the activity and performance of each kiosk," said Hassan. "Such insight can be gained by using collected data to generate reports in order to better manage each kiosk for greater ROI. In addition to performance, remote monitoring can be used to determine real-time kiosk status, such as connection state and CPU performance, and as a diagnostic tool to determine - and even avoid - potential problem situations.

Hassan also recommends a role-based administration software feature to restrict access to remote monitoring/management functions based on security clearance privileges. This prevents users from tampering with restricted areas.

A spokesperson for Microsoft recommended the use of firewalls and anti-virus software to ensure kiosk security. According to the spokesperson, while no single solution or set of solutions can ensure PC security, a few simple measures performed regularly are proactive means of staying ahead of contemporary security threats.

Beware human error

Sometimes the biggest obstacle to kiosk security is simply the kiosk users themselves. "Extremely sensitive data should not be accessed by a kiosk or a laptop in a Wi-Fi place," Steinberg said. "Private things should be accessed in private locations."

The ability to remotely access e-mail and other information is a boon to today's mobile workers. Unfortunately, it's also a security risk. "In 99 percent of cases, a productivity boost is worth far more than the risk, especially if security is in place for logging out and erasing cache," noted Steinberg. "People need to exercise caution."

Steinberg admits that the ability to access information safely and remotely, as from a kiosk, is a business need that must be met. For him, the question becomes "How do we do that in the most secure fashion?"

Related Media

Blog
How Self-Service Kiosks Drive Customer Behavior and Increase Sales
Blog
Is Your Kiosk Network Missing Something? The Case for Kiosk Management
Blog
Measuring Kiosk Performance: Are Your Kiosks Meeting Customer Expectations?
White Paper
Simplifying Digital Signage Content Management
Presented by PROVISIO LLC
Recent Posts
USConnect granted US patent for Theft Detective technology
GameChanger Systems secures 2nd round of series A funding
IDEMIA launches enhanced kiosks for background checks
EcoATM names Matt Furlong as CEO
Convious Kiosks cut queues, boost sales at Zoo Osnabrück


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'