[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Jan 2004 ]

[edlug] RE: CD Kiosk Security

I really like the idea of a CD which acts as a key. Not only can the key be duplicated so that the librarian has a back up of the key but it can also be changed if nessesary. It will also mean one less option given to the public i.e. no maintenance mode available unless the key has been inserted.

Non standard items such as a keypad or Bar Scanner do seem to add cost but with a CD key being used then the likely hood of hacking into the machine is reduced but gaining the nessesary functionality of the keyboard.

Just more pennyworths



From: Joe Barnett <joe-barnett@xxx.xxx.xxx>
To: Bob Kerr <robertnkerr@xxx.xxx.xxx>
Subject: CD Kiosk Security
Date: 10 Jan 2004 16:46:01 +0000

Following our chat on thursday, here are some thoughts on protecting the
CD kiosk.

First, if the only input device were a numeric keypad with an on-screen
numeric menu for image selection, then an unlisted number could cause
the CD drive to read a key file from a key CD. Only with this file being
correctly read, perhaps including a certain combination of creation and
modification dates, would an administration menu be displayed.  A
further security measure could be to change the file and secret number
with every major update to the iso images presented.

Second,  Numeric keypads are expensive!  Dabs, £42.30 per each *OUCH*.
As the selection device being the only real expense in the project, the
other bits (CPU, monitor, CD burner, somewhere to put it) being
scrounged, What about a custom slope-front case with large friendly
buttons?  Such a device could plug into the printer or joystick ports
and would not require fancy electronics inside, being a passive switch.

Just my pennyworth.

Joe Barnett <joe-barnett@xxx.xxx.xxx>

Rethink your business approach for the new year with the helpful tips here. http://special.msn.com/bcentral/prep04.armx

You can find the EdLUG mailing list FAQ list at:

This archive is kept by wibble@morpheux.org.DONTSPAMME