Key consideration #5: Touch Screen Kiosk Security

Sep 21 2012

Anyone with a computer is barraged with scare tactics regarding the security of your computer data.  The most threatening security issues are viruses and hacker attacks.  All of your computer systems in your exhibits (and anywhere in your facility) should be secured with adequate firewall (hardware preferred) and virus protection.  Keep your virus software up to date and you should have no problems.
  

But what about touch screen kiosks??  Most kiosks do not download email and may not even be “connected” to the internet.  Do you need to consider security on these types of systems.  YES!!

If your kiosk IS connected to the internet, make sure that you are secured with a hardware firewall (the one that is connected to your modem or router is fine, you don’t need one for each machine) and current virus protection software.  If either of these suggestions is ignored, you run the risk of a serious problem.  If you allowing access to web sites on your touch screen kiosk, you should consider using a web browser specifically designed for kiosk web browsing.

If your kiosk is NOT connected to the internet, you still need to consider the security.  As a matter of fact, the following security considerations should be applied to ALL kiosks (internet connected or not).

First, realize that your touch screen kiosk is for use by the general public and the general public includes people that like to “explore” computer systems.  Kids and adults with computer knowledge sometimes view a kiosk as a challenge to see if they can “hack” it.  There are also other people who don’t intend to cause damage, but may if the system doesn’t protect itself.  The best protection against this is to make sure that all kiosk programs contain no exit button.  That includes the little X in the upper right hand corner.  There should be no way for a user to close the kiosk program and see the desktop or equally important, the start button.  This is the most important aspect of kiosk security.  If there is a way for someone to exit, they will.

That covers the on-screen exit buttons, but you may not know that in Windows you can exit the program you are in by hitting the ALT and the F4 keyboard keys together.  So if you are using only a touch screen (which we always recommend), this is not an issue, but if you need a keyboard because you are collecting data or allowing keyboard input it is imperative that you disable or secure the ALT, CTRL, Function and the Windows (or Command) keys.  This is where purchasing a kiosk keyboard becomes worth the expense.

If you stop reading here you would be covered for most security issues, but read on, there’s more.

Another vulnerability is in the start up of your machine.  The above protects you while the machine is up and running, but what if the user unplugs and re-plugs the machine.  The machine will run through its start up routine and possibly land on a “choose user” screen or on the desktop.  If that’s the case, you could have problems.  You should set up Windows (or other OS) so that there are not user accounts to choose from.  You also should set up the machine so that the kiosk software program starts up automatically when the machine starts up.  This will add another layer of security.

There are all sorts of additional things you can do, but these items should give you a high comfort level in securing your kiosk systems.  Beware, software peddlers are preying on the security fears of the unknowledgeable.  Most people who have security software, probably have “over bought” due to the fear tactics of the software companies. 

As always, if you are using a vendor for your kiosk project, choose one with kiosk experience so that these security issues will be covered with their expertise.

If you have any recommendations or additions, please comment by clicking the “Comments” link below.  We’d love to hear from you!!

Chris Meyer

President

CD Meyer, Inc./point2explore

point2explore is product line of customizable touch screen kiosk programs including interactive games and informational programs.  point2explore products are currently running in over 100 museums and have been used in corporate events across the country. Visit our web site at http://www.point2explore.com.

  

Visit Our Web Site

Click Here to visit point2explore.com for touch screen kiosk software and products.

Exhibit Multimedia Blog

Minimize

Error: Object reference not set to an instance of an object.

In: at DotNetNuke.Modules.Blog.Entities.Terms.TermInfo.PermaLink(TabInfo tab) at DotNetNuke.Modules.Blog.Entities.Terms.TermInfo.PermaLink(Int32 strParentTabID) at DotNetNuke.Modules.Blog.Entities.Terms.TermInfo.GetProperty(String strPropertyName, String strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, Boolean& PropertyNotFound) at DotNetNuke.Modules.Blog.Templating.BaseCustomTokenReplace.replacedTokenValue(String strObjectName, String strPropertyName, String strFormat) at DotNetNuke.Modules.Blog.Templating.BaseTokenReplace.ReplaceTokenMatch(Match m) at System.Text.RegularExpressions.RegexReplacement.Replace(MatchEvaluator evaluator, Regex regex, String input, Int32 count, Int32 startat) at System.Text.RegularExpressions.Regex.Replace(String input, MatchEvaluator evaluator, Int32 count, Int32 startat) at System.Text.RegularExpressions.Regex.Replace(String input, MatchEvaluator evaluator) at DotNetNuke.Modules.Blog.Templating.BaseTokenReplace.ReplaceTokens(String strSourceText) at DotNetNuke.Modules.Blog.Templating.GenericTokenReplace.ReplaceTokens(String strSourceText) at DotNetNuke.Modules.Blog.Templating.Template.ReplaceContents()

Error: Object reference not set to an instance of an object.

In: at DotNetNuke.Modules.Blog.Entities.Terms.TermInfo.PermaLink(TabInfo tab) at DotNetNuke.Modules.Blog.Entities.Terms.TermInfo.PermaLink(Int32 strParentTabID) at DotNetNuke.Modules.Blog.Entities.Terms.TermInfo.GetProperty(String strPropertyName, String strFormat, CultureInfo formatProvider, UserInfo AccessingUser, Scope AccessLevel, Boolean& PropertyNotFound) at DotNetNuke.Modules.Blog.Templating.BaseCustomTokenReplace.replacedTokenValue(String strObjectName, String strPropertyName, String strFormat) at DotNetNuke.Modules.Blog.Templating.BaseTokenReplace.ReplaceTokenMatch(Match m) at System.Text.RegularExpressions.RegexReplacement.Replace(MatchEvaluator evaluator, Regex regex, String input, Int32 count, Int32 startat) at System.Text.RegularExpressions.Regex.Replace(String input, MatchEvaluator evaluator, Int32 count, Int32 startat) at System.Text.RegularExpressions.Regex.Replace(String input, MatchEvaluator evaluator) at DotNetNuke.Modules.Blog.Templating.BaseTokenReplace.ReplaceTokens(String strSourceText) at DotNetNuke.Modules.Blog.Templating.GenericTokenReplace.ReplaceTokens(String strSourceText) at DotNetNuke.Modules.Blog.Templating.Template.ReplaceContents()

  
point2explore - Exhibit Multimedia Blog
Privacy Statement    |   Terms Of Use

Copyright C.D. Meyer, Inc. All Rights Reserved