Securing An Internet Kiosk

Published Date
01 - Feb - 2006
| Last Updated
01 - Feb - 2006
 
Securing An Internet Kiosk
It is difficult to maintain a PC that is used many different users-for example, a PC at an Internet café. People can easily mess with important system files, download too many files, install unneeded software, and so on. You could choose to add a Limited access user account for general users, but that may not be sufficient.

If you want to tighten the screws a bit, you'll need to depend on third-party software such as Public PC Desktop by Ixis Research Inc. Let's check out how to configure a machine for limited access at an Internet café or cyber café using this software.

STEP 1. Download And Install Public PC Desktop
Download the software from www.softheap.com/pubpcd.html. This is shareware, which means you can try it for free, for a limited period. Double-click on the setup.exe file to install the software. The Wizard will guide you through the installation.

STEP 2. Choosing The Right Options
The first screen displays the main set of options: Access Control, Password, Users, and Time Codes. In our example here, we'll use these to set up a public Internet access terminal.

The other options can be viewed by clicking the 'More options' button. Here, you can set certain shortcuts for a user to use, block certain sites, and also change certain Internet Explorer properties for security reasons. The most important option here is the proxy settings. However, the proxy settings only gives the option of ports for HTTP and HTTPS traffic, which is somewhat restrictive, but just about enough for regular connections.

Let's use the first set of options to lock a workstation.

STEP 3. Access Control
Under 'Access Control', you have three options to choose from. These are essentially the modes by which you control access:
(a) Username and password
(b) Time-limited lock
(c) Let the user choose


Access Control gives an administrator three ways to unlock a workstation as shown above

The first choice is ideal when there is a stable flow of users, that is, when there are almost never any new users. In this case, the administrator has to maintain a database of users that can be used in all the workstations.

'Time-limited lock' allows the administrator to generate a time key code for a certain number of minutes. This key is given to the user so he can log on to a workstation. The user is allowed to use the workstation only for that time interval; the workstation gets locked as soon as the time limit expires.

The third option allows the user to choose to unlock the workstation using the username and password, or by giving a time code. For a cyber café, where it is difficult to set up a database of users with passwords, it is ideal to choose time codes.

STEP 4. Setting Up A Limited-Access Workstation
In this step, you'll be actually setting up the workstation for limited access. Click on 'More options' and create a list of shortcuts of all the applications you want a user to have access to. An ideal list of applications would contain Internet Explorer, MS Office, Notepad, and a few more. The next step is to set the proxy. Only you, as administrator, knows the port numbers; add them to the settings. Now, get back to Access Control.


Apply a master password and a time encoding keyword along with a password for shutdown and reboot options

Set a master password and a time-encoding keyword. The master password is for the administrator, and the keyword is used to generate time codes, which can be done by clicking on 'Passwords'.

Jump to 'Time codes' and specify the time for which you want the user to use the workstation, and then click on 'Generate'.


Give a user the generated time lock keyword to unlock the session for use

This will give an encrypted code. A user can use this code to unlock the workstation and use it for the specified time limit. He or she may choose to log off before the time limit, but the workstation will get locked anyway when the limit is reached. A locked workstation looks something like the screenshot below.


A time locked session is as shown above


Reminding a user of an access restricted area of a locked workstation

When accessing the hard disk of a computer from a restricted workstation, an error message pops up, reminding the user of the applied restrictions.



Team DigitTeam Digit

All of us are better than one of us.