The Windows operating system provides various settings and configuration options in order to lock-down and protect a public facing kiosk PC or to make a PC ready for unattended, continuous 24/7 use like for digital signage applications. Unfortunately, these settings are hidden all over the operating system which makes it difficult to manage them from a single point of configuration. Special tools for this purpose like the Windows SteadyState tool from Microsoft have been discontinued or do not work with current Windows versions any more.
Self-service kiosks are often in unsupervised locations and therefore need to be configured in a way that unauthorized access to the kiosk software and operating system is prevented in order to eliminate security risks (e.g. malware, viruses, etc.). So, for a public-facing PC it is crucial that you protect your public PCs and prevent user access to the operating system. The FrontFace Lockdown Tool allows you to limit access to the operating system and to lockdown the OS by disabling key combinations such as CTRL+ALT+DEL, etc. Furthermore you can limit the usage to a single kiosk application on that PC (e.g. FrontFace).
Porteus Kiosk makes securing your public access computer easier than you think. You no longer have to be a technical guru to customize, lock down and install your own kiosk. No need to worry about viruses, malware or users installing unwanted software.
Porteus Kiosk is a free to use, lightweight Linux operating system which has been restricted to allow only use of the web browser. Furthermore, the browser has been locked down to prevent users from tampering with settings or downloading and installing software. When the kiosk boots it automatically opens Firefox or Google Chrome browser to your chosen homepage. The history is not kept, no passwords are saved, and many menu items have been disabled for total security. When the browser is restarted, all caches are cleared and it reopens automatically with a clean session to ensure no trace of history is left.
Our system can be used as internet kiosk or other publicly available web terminal in schools, libraries, cafes, hotels, offices, tourist centers and the like. Another possibility is to use Porteus Kiosk for displaying information, advertisements, pictures or streaming videos to digital signage deployments. It can also act as a diskless (if booted over a network) workstation in companies that use browsers as their main working tool, such as customer support centers.
If you are looking for inexpensive mini PC which is powerfull enough to handle kiosk or thin client type system then please check following sites: GeekBuying, NewEgg, Amazon. Mind you need to buy a PC with Intel or AMD CPU.
Porteus Kiosk is ready to be exposed on a public network without the fear of being modified or manipulated by inside users or outside intruders. The only authorities capable of making changes are: the kiosk owner (administrator) or the Porteus Team in case when kiosks are signed to the automatic updates service. Our role is to make this feature a top priority and fix security vulnerabilities, bugs and other reported issues as soon as possible. You do not have to be involved in this task at all - when the 'automatic updates' service is active we maintain the kiosk system and let you focus on evolving your own business.
Every additional piece of software adds size, affects system resources and may bring a security risk to the system. Porteus Kiosk allows you to choose only the necessary components needed for your project. The default set of modules provide common basic functionality required for normal internet activity and kiosk management. The modules include but are not limited to:
A background watchdog process should be put in place to monitor dialog windows and automatically shut them down if they're not contained in an approved whitelist. This requires intimate knowledge of the messaging used by your operating system so by far the easiest way to accomplish this is by utilizing a good kiosk lockdown software.
In order to control the content displayed on your kiosk the web browser surfing should be restricted to a whitelist. Typically a whitelist will allow you to write regular expressions to create complex rules to control exactly what URLs are reachable on your kiosk. Website filtering can be accomplished through the use of a proxy, if one is available, or by using a kiosk lockdown software. Your kiosk application should also avoid displaying detailed error messages but instead display a generic error message about contacting customer support and an error code.
In many cases kiosk lockdown software will employ a "watchdog" service that will ensure that the kiosk application is always running and restart the kiosk application if it crashes. This is not always the case though so if you can find a way to crash the kiosk application you may find yourself sitting at the Windows desktop.
I hope that our ideas on hacking kiosk applications will help you improve the security of your kiosks and provide a safer experience for your customers. If you need help securing your kiosk application please consider our KioskSimple kiosk lockdown software. Our kiosk consultants are also happy to work with your developers to harden your kiosk application.
Kiosk software is the system and user interface software designed for an interactive kiosk or Internet kiosk enclosing the system in a way that prevents user interaction and activities on the device outside the scope of execution of the software. This way, the system replaces the look and feel of the system it runs over, allowing for customization and limited offering of ad-hoc services. Kiosk software locks down the application in order to protect the kiosk from users which is specially relevant under, but not only limited to, scenarios where the device is publicly accessed such libraries, vending machines or public transport. Kiosk software may offer remote monitoring to manage multiple kiosks from another location. An Email or text alert may be automatically sent from the kiosk for daily activity reports or generated in response to problems detected by the software. Other features allow for remote updates of the kiosk's content and the ability to upload data such as kiosk usage statistics. Kiosk software is used to manage a touchscreen, allowing users to touch the monitor screen to make selections. A virtual keyboard eliminates the need for a computer keyboard.
Kiosk system software addresses security by deterring users from maliciously attacking or hacking into the kiosk. Kiosk software must be able to prevent misuse of the provided features. Of equal importance is the ability of the software to limit non malicious users to specific, predetermined activities so the device can be used for a specific task, communication, action or function. Kiosk software is a critical component to protecting public facing devices from hackers, inadvertent misuse, and unauthorized access. Kiosk software has the facility for an administrator to configure the software to suit the users and limit user behavior.Administrators can enable or disable parts of the kiosk software via secure log in.
It is critical that the kiosk software prevent the user from ever reaching the desktop or file system. This type of security can be difficult because standard print dialog allows the content to be printed to a file and enable the user access to the file system. The same is true for many email links that load the default email tool and allows the email to be saved to a file.
For Windows, this may not be appropriate for all uses, since running in kiosk mode may not give deployers the amount of control they need for their final end product configuration. Kiosk system software can be used to secure the kiosk or PC instead. For those running a Windows OS, an alternative to kiosk software is Group Policy, which serves to restrict user access to certain areas of the operating system, though not without its own drawbacks and security issues.
With Deep Freeze by Faronics, complete protection for IT computers in public libraries can be ensured. It guarantees 100% recovery upon reboot making your workstation configurations indestructible. Along with protecting partitions or hard drives, it also prevents any accidental system misconfigurations or workstation drifts. This library computer management software enables easy license compliance across all machines. It automatically removes any installed software, open source applications or harmful executables upon reboot. It comes with password protection and offers absolute security across workstations from any unauthorized changes with just a click of a button.
If a digital library software has centralized console functionality, it can help save a lot of time. Therefore, Deep Freeze comes with a simple web-based console which can be used to centrally manage systems in Public Labs, Schools, and Campuses across the globe. One comprehensive dashboard is all it needs to monitor all your IT assets and to manage all your computers. Using this powerful console you can perform Windows updates, update popular/critical products, ensure license compliance, deploy custom packages of software, manage incident reports, receive alerts, and even create a public kiosk machine within minutes. All the features you need to protect your computers are available within a single web-based interface which has resulted in reducing IT Support Tickets by 63% for many public community libraries.
Unlike a public computer library, at Schools, training sessions are almost routine. Customized configuration options are a life-saver when you set up Deep Freeze as a part of library management system for your organization. Using Configuration Admin, you can enable multiple passwords specification, have frozen drives to reverse data changes, ThawSpace creation for retaining user data, and workstation task for automatic maintenance scheduling. Other central management features include scheduling automatic wake-on-lan, shutdown or restart, and also automating Windows update installation. You can create multiple installers which can be customized with different configurations. With an option to schedule multiple Thawed periods to disable Deep Freeze on a periodic basis, IT teams maintaining library management system can perform Windows updates using third-party software or through the Microsoft website, or use an inhouse Windows Server Update Services if available. Alternately, they can also update other software by running custom batch files. Helping IT teams to perform all of this from a central location and schedule during non production hours avoids any disruption during regular hours. 2b1af7f3a8