About privacy, security and hacks

 

Contact: Tech Lab
Global Appliances, LLC.
techlab@globalappliances.com

What should be considered when you provide Public Internet Access

  • Does the Kiosk protect my Customers' privacy?
  • Does it protect my Customers' identity?
  • Does the Kiosk ensure my Customers' satisfaction?
  • Does the Kiosk have protection against Network infiltration?
  • Is the Kiosk protected against "ways around the Paying System"?

Foreword
A Public Internet Access Terminal or (Internet) Kiosk provides internet (e-mail, WWW, chat, etc) and sometimes on the more sophisticated systems, fully functional PC services. At the heart of all these systems is a PC, driven by an Operating System ( in most cases Windows XP).

Windows XP is not yet the safest and most secure environment to work or surf in. Just look at the weekly reports of ID theft, Credit Card Fraud, Stolen Exams, hacked web sites and computers and viruses.

Here at the Tech Labs of SurferQuest we recognized that we cannot built a Public Internet Service that allows:

  • users to be venerably exposed to the outside world
  • bad willing persons to hack/mess up the PC or infiltrate into your network
  • viruses to plant themselves into the system
Having said all this, I would like to list out some threats that come with using a PC. This list is not complete, we secured a lot more issues. The intention however is to make you aware of some issues you have to take into account when you decide to set up your own Kiosk or when you decide to buy a Kiosk (other than SurferQuest). There is no specific order. You can decide for yourself what you find most important or not.


Security Alert

The PC (OS & applications) leaves traces of performed actions. Even when it is not instructed to save it remembers data. Traces of visited web sites, contents of filled-in forms, cookies, passwords, usernames, etc. Cleaning programs are not yet that sophisticated that they can find and delete all this data. Further more, the data that can be found and deleted, is easy to recover.
This issue compromises the privacy of the user and can grow into a disaster when this personal information is used for fraud.
The PC also collects (along the way) a lot of non-personal garbage that causes the system to slow down, freeze and crash (read: high maintenance cost).

The content filter of a Browser (also IE) is not very sophisticated. Further more, by default it is turned off. While a lot of government and private institutions do not want to restrict what the user wants to see or not, unfiltered content tricky when the KIOSK is placed into an area where a lot of children hang out.

Kiosks most likely will not have a firewall. A firewall protects against intruders. Combined with the above mentioned threat, personal left-over's can be gathered on distance by hackers.

When the Kiosk IS within your Network and there is not extra security configured/installed, then your Network is relatively easy to infiltrate from that Kiosk by hackers and/ or viruses.
[read more about the current Virus activities]

The Operating System leaves a lot of room to-work-around the special installed security/(rental) management software. Bad willing people can fairly easy bypass the application routine on the PC and implant key-stroke-logging programs or viruses. Special applications, developed by third parties, to prevent the leaks, are not sufficient.
[read: "we know what you are typing"]

Setting up and maintaining a KIOSK in-house has another threat. No matter how good the security and preventive measures are, you have to involve your IT. Not only the costs are high, but if there is one bad willing person in your IT staff, you still could be the public victim of fraud, ID-theft etc. [read KINKOS' story]

Advice

We do not advise you to set up and maintain the KIOSK yourself. The responsibility and costs are too high. The advantage of a company like SurferQuest is that we studied on all these issues for years. If you decide to look at another KIOSK company, please make sure the company has taken sufficient security measures.

Feel free to contact me with questions or comments. I am very interested in your feedback.

 

 
Copyright 2004 Global Appliances, LLC.  All rights reserved. Please read our Terms of Use for this Website.