PC Security for Kiosks is a big deal for sure.
Hacks into PCs bring to mind words like “Payload”. We manage this website and just the security threats to your basic WordPress website is unprecedented.
A few days ago a new “Attack Platform” showed up for WordPress.
The first inclination is to shrug it off a bit and point out we speak of a website, yet many kiosks are running content and are connected to that very infrastructure. Thus they are at risk.
There are a couple of “goes without saying” precautions that should be considered:
- Use a lockdown. There are several from KioWare, PROVISIO, KioskSimple, TIPS and KIOSK Core. These all “lock down” the common entry points like when the OS boots up, where the browser goes, and at what privilege level a user has available (and it won’t be root or admin).
- Use a secure OS. Powering off a machine and back up is a critical juncture. Are there USB ports exposed, and which are enabled? Windows Embedded, POSReady and other windows iterations are designed for this industrial type use (also known as unattended).
- Physical access to the machine and PC needs to be controlled.
- “Tweaking” windows with assigned access and policies is fine but it usually takes multiple tries to finally lock down some of what the lockdowns lock down.
- Windows Patch management (or Linux) — how are you going to implement that remotely and unattended?
- How do you manage all those terminals.
- What about the backoffice? Many “breaches” are into the datastores that the kiosks are building/using back in the office. Security begins at home…
- Do you have contractors logging into your network? Take some advice from Target. Eliminate it or force them to log in only on secured terminals, not cheap PCs running freeware Malware protection (which doesn’t always update).
That’s some quick advice.
Here are some interesting and useful whitepapers out there.
- Practical-Security-for-Rural-Internet
- Craig_Hacking Kiosks
- DEFCON-19-Craig-Internet-Kiosk-Terminals
- Symantec-DC-14-Uhley
- Windows 10 security overview (Windows)
- VMware-Epic Intel security-technologies-4th-gen-core-retail-paper
- Provisio_WP_Kiosk-Security-Software-to-Lock-Down-Android-Devices-and-PC-Kiosks_To-Launch
- PCI_V4
- whitepaper_kioware_security_features
- kioware_specialreport_software-security_to-launch
- esp-pci-compliance-2015
- kiosk-intel_mcafee_white_paper wp-hacking-kiosk
More articles
- Digital Kiosk – TCO and Digital Transformation Enabled
- Windows 10 Kiosk Mode & JAWS Software
- Video – Self-Ordering Kiosk for Countertop Serving Restaurants and More
- PCI Compliance Kiosks – CAT or Cardholder Activated Terminals FAQ
- Kiosk Card Printers – Evolis Announces News Complete Range of Card Printers for Kiosks
- Digital Directory Kiosks Deployed at Hartsfield-Jackson
- Restaurant Kiosks – CREATE Trade Show October Nations Restaurant News
- Marriott Check-In Kiosks – Accessibility Functions Included by Storm
- Add Samsung to the Kiosk Supplier Field — Calls it an All-In-One Kiosk for Contactless Ordering
- Self-Service Avatar Kiosks for Government Facilities
- Food Kiosk – Chicken Shack Deploys Order Kiosks
- Krypto Bitcoin ATM Kiosk by Kiosk Information Systems at ATMIA this week
- New Sponsor – Dolphin Computer Access SuperNova Kiosk Accessibility
- Press Release – Kiosk Association Exhibiting at Major Retail and Restaurant Events: NRF Retail Converge and NRN CREATE
- Kiosk Tradeshow Update – NRF Retail Converge and NRN CREATE
