|Intro|
|News|
|Threats|
|Alerts|
|Papers|
|Events|
|Reading|
|Links|
|About Me|
|Powered-by...|
Who needs a key when you have a kiosk?
[Back to Main]
So I've beat it into the ground by now (if you've been reading these threats sequentially): Remote users pose serious danger.
Internet kiosks are just one more way in which remote users make your life a nightmare. Not surprisingly, this again has to do
primarily with webmail (HTML just isn't our friend, is it?).
You're probably familiar with the now popular Internet kiosks that are setup in such places as airports, and Internet cafes.
Usually these terminals provide access to a restricted web browser, for a fee. Although some degree of care (often not much, read
2600 to see what I mean) has
been taken to secure the stations themselves, virtually no consideration has been given to the safety of the users. What I'm
talking to is the ability for subsequent users to view the data of previous users. Often shoddy applications can allow this
directly (such as Outlook Web Access), and many other tricks are available by viewing browser cache
and history.
Clearly, what you need is some way to force webmail sessions to actually be terminated (I'm talking to you,
Microsoft) when the
user logs out, and also some way to close the session if it's been idle too long, or even make the user reauthenticate every several
minutes to make sure it's still them. This also goes hand-in-hand with the strong authentications (two-factor authentication) that
I discussed in the Shoulder Surfing threat. I'm aware of very few commercial solutions that will do this (shameless plug, my
employer hawks a product that will) and I've seen absolutely zero Open Source projects that would enforce these types of
controls.
In addition to the above, if at all possible, select some type of webmail security product that will prevent remote users from being able
to cache data to disk, or one that has some type of mechanism to force the cache to flush when the session is terminated. I've seen
some products that claim to do this, but I would evaluate that functionality fully to make sure it actually works as expected.
Other things to look for would be some type of attachment control that would allow you to prevent remote users from viewing/downloading
attachments, and virus scanning of all messages sent through webmail would also be a very wise thing.
I'm sure you've been lobbied to deploy webmail access for remote users, and some strong business cases can be made for such access, but
make sure to fully contemplate all the security risks before going ahead full steam. There are a lot of thorny problems that cannot
be solved easily, or cheaply, which just don't exist if you don't deploy webmail.
This site © copyright 2003-2011 Brian Keefer. Unauthorized republication is forbidden.