InfoconDB

Presented at DEF CON 14 (2006), Aug. 5, 2006, 4 p.m. (50 minutes).

Kiosks are being deployed in an increasing number of locations including supermarkets, banks and airports. Providing public computer access from machines connected to your internal network is one of the most challenging IT problems. Traditionally, an anonymous user with local access to a machine that can talk to the Internet and the internal network is an administrator's nightmare. Therefore the techniques to secure these machines must go far beyond the procedures for a normal desktop environment. Often times these devices are deployed on the same network as the store's cash registers introducing PCI compliance issues. Relying on store employees to monitor for kiosk abuse is not an option. This discussion will focus on the security issues surrounding the deployment of Windows-based kiosks. Deployment strategies, application security design, PCI compliance issues, known attack methods and common security tools will be covered.

Presenters:

Peleus Uhley - Principal Security Consultant
Peleus Uhley is a Principal Security Consultant with the Symantec Professional Services team where he performs wireless, network and application penetration testing for clients. Several of his recent engagements have covered assessing kiosk security for retailers. As part of the Advisory Services team, Peleus also serves an Attack and Penetration Center of Excellence lead helping to develop penetration testing services and coordinate knowledge development and tools for Symantec consultants. Peleus joined Symantec through their acquisition of @stake. Prior to being a security consultant, he was the lead developer for the online privacy company, Anonymizer. Peleus has also given talks and authored a white paper on web browser security.

Kiosk Security

Presenters:

Links:

Similar Presentations: