Printer Friendly Version

4. Access to Kiosk Hardware
If a regular desktop is used, you'll need to decide how much, if any, access to the physical CPU will be permitted. They can be stripped of all peripheral storage devices such as diskette and CD-ROM drives, and the USB ports can be disabled to prevent use of flash drives. Another option is to secure the CPU inside a locked cabinet or desk drawer (depending on the layout of the kiosks). However, if you decide to provide users with the ability to download and save files onto a diskette, CD-ROM, or USB flash drive, you need to ensure that they won't be able to upload or execute anything from their storage devices to the kiosk station or the network by protecting the underlying kiosk station's O/S.

5. Protecting the Underlying Operating System
In a dedicated kiosk environment, users must never be allowed to access the underlying O/S. A Web browser should be the only interface kiosk users have. If they ever gain access to the O/S, they can easily tamper with the underlying files and applications (which, seeing as the computer's only purpose is to serve as a kiosk, should always be kept to a bare minimum), change the configuration and behavior of the station, or possibly install their own software.

6. Implement a Timeout
It's far too easy for a user to leave a kiosk unattended without logging off their account. The next person to use that station will have the ability to access the Internet and any internal resources the prior user has access to without logging on themselves. This creates not only a security concern but also a liability concern. The original user can be held responsible for any misuse by subsequent users. To prevent this, all kiosks must be configured to automatically log users off after a pre-determined period of inactivity.

7. Number of Kiosks
It's up to you to determine the ratio between the number of kiosks and the number of potential users. While greater numbers of stations will eliminate wait times, it's not necessary to deploy a huge fleet of kiosks because factory workers probably won't be using them during the majority of the workday. Most will be used before the beginning of their shifts, during breaks, and after work hours.

8. Location of the Kiosks
Kiosks can be placed in several locations throughout the company to maximize exposure and convenience or they can be grouped together in a central area like an "Internet cafe." In any case, the kiosks should never be placed in high traffic areas, near heavy machinery, or in overly noisy areas. Users should be afforded some privacy and peace-and-quiet when using the kiosks.

Network Access and Accountability

Many cities around the world have begun providing the public with Internet kiosks in certain government offices such as employment centers, post offices, and tourism bureaus. Unless payment is required, these kiosks allow people to access the Internet anonymously. But in a corporate setting this should never be an option — users must never be allowed to access any resource available from the kiosk anonymously.

New network and e-mail accounts will have to be generated for every employee who doesn't currently have one. And they will be required to log onto the network for the same reasons as their office worker counterparts:

• To identify themselves to the system as a valid user. This is essential for companies that have a lot of external visitors such as consultants and clients.

• To allow system administrators to maintain granular access to sensitive and secured internal resources such as intranet content.

• To log individual user activity.

The purpose of identifying and logging user access isn't to fulfill an Orwellian prophecy, nor is it an issue of mistrust. Rather, it's a necessary security measure to protect the company from legal or criminal liability, and to prevent users from abusing or misusing corporate resources. Inappropriate or illegal activities within the company can include:

• Launching a spam campaign with the use of company SMTP servers or through external third-party relays.

• Accessing, downloading, or uploading illegal content such as child pornography.

• Sending or receiving copyrighted material such as music files or movies.

• Sending internal information to competitors.

• Releasing a virus or launching a denial of service attack.

• Identity theft and/or fraud.

• Misrepresenting the company.

If anonymous access were allowed, you would only be able to identify the station that was used to carry out the misdeeds but not who was responsible for it. Having kiosk users log-in holds them accountable for their activity when using corporate resources.

Closing Thoughts

Implementing Internet kiosks doesn't have to be a long and drawn-out process; we're not talking about a one kiosk to one employee ratio. Even a handful of openly available kiosks will make your PC-less employees feel less marginalized when it comes to equal access to information and Internet resources. But if kiosks are to be implemented, it must be done with much consideration to overall security — in terms of hardware, software, internal content, and legality. You want users to be able to access the Internet, e-mail, and intranet without being overly restrictive but you must also balance the security implications of installing open, multi-user kiosks. It's your responsibility to determine the level of access users will have to, and from, these kiosk stations.

While most PC-less employees might not rely as heavily on the Internet as their office worker counterparts, it doesn't mean they shouldn't have access to the Internet or intranet at all. Executives like to refer to all employees of their company as one big family when they give presentations. It makes the company sound less cold and creates a more inviting atmosphere in the eyes of shareholders and the public. Nowadays Internet access, and access to basic corporate information, is so common that denying employees without PCs this basic right would be to deny Uncle Jeb or Aunt Sue use of the washroom. And if this were to happen, things could get rather ugly.