Kiosk - Whitelist Only?
-
I need to setup a Kiosk with access to only approved sites. Any ideas?
-
@aaronstuder said:
I need to setup a Kiosk with access to only curtain sites. Any ideas?
You work for an interior decorator? Specializing in window treatments?
-
I'm laughing hard at that typo. It's a total legit word, too. LIke, no reason that you wouldn't want a kiosk only for looking at curtains, but... I don't think that that's the goal.
I mean... you'd want blinds and stuff too, right?
-
So there are probably lots of ways to handle this. One is using the /etc/hosts file and turning off DNS. That's weird but mostly works and is easy.
Another is running Squid locally and pointing to it. Or Squid remotely, of course.
-
IE Content Advisor. I've done this before.
Another way is to use your AV software - they often provide options for blocking all websites apart from whitelisted ones. I think I've done this before with Trend.
I've also used Squid to do it.
-
I have several kiosks installed across the network. I just make IE run in kiosk mode with the website I want them to visit. Your average user isn't going to know how to enter an address in kiosk mode nor will they even want to do so. Kiosks are in public locations, generally. It's not like anyone is going to use them to check their email.
My setup is an autologin that automatically launches IE in kiosk mode. If there are any issues I can just reboot the PC and 9/10 it solves all the headaches.
IMO it isn't always worth the energy to lock something down if it's not going to be exploited in the first place, and even if it is exploited once or twice it will only be briefly since it's a public kiosk.
-
I would probably just use IE's Kiosk mode, whitelist the sites and password protect it. Then setup a startup shortcut launch IE in Kiosk mode on startup.
-
Maybe something like this?
https://steelmon.wordpress.com/2009/11/22/setting-up-a-strict-whitelist-proxy-server-using-squid/
-
@aaronstuder said:
Maybe something like this?
https://steelmon.wordpress.com/2009/11/22/setting-up-a-strict-whitelist-proxy-server-using-squid/
Yup. I've done that for schools before. Works quite well.
-
I am with @IRJ on this one. What is the actual risk? Is it worth the time to over engineer a solution when a basic setting will work?
