Skip to main content

Antivirus, Software Updates & Network Security

Sooraj Nair

Endpoint Protection & Antivirus

Q: Are endpoint protection controls in place (e.g., Antivirus) on your kiosks?

A: A specific antivirus solution is not integrated as part of our base operating system. However, antivirus software can be added on demand if required by your organization's security policies.

In most cases, additional antivirus protection isn't necessary because our kiosk and background applications operate within a highly restrictive sandbox environment. This sandboxed architecture provides inherent protection against malicious activities and significantly reduces the attack surface.

Software Updates & Maintenance

Q: Is there a patching/maintenance schedule in place for the kiosks?

A: Yes, we maintain a comprehensive update strategy for our HBOS-based kiosks:

  • Automatic Updates: Patches and updates are pushed out regularly as soon as they become available from our development team
  • OS Updates: The operating system is configured for automatic updates wherever possible to ensure security patches are applied promptly
  • Minimal Manual Intervention: Most updates are deployed automatically, though manual intervention may be required in some cases
  • Regular Schedule: Updates follow a consistent release cycle to maintain security and functionality

Network Security & Segmentation

Q: Should the kiosks be placed on a segmented VLAN or isolated guest/DMZ network?

A: We strongly recommend deploying kiosks on a secure and standalone network. Best practices include:

  • Segmented VLAN: Deploy on a dedicated VLAN separate from your main corporate network
  • Isolated Network: Consider placing kiosks on an isolated guest network or DMZ
  • IT Department Responsibility: The actual network configuration and segmentation is typically handled by your organization's IT department
  • Guidance Available: We can provide network requirements and guidance to assist with proper setup

This network isolation helps contain potential security risks and prevents unauthorized access to your internal systems.

Firewall Configuration & Access Control

Q: Are ACLs or firewall rules configured to restrict communication only to required endpoints?

A: Yes, we provide comprehensive guidance for network security configuration:

  • Endpoint Whitelist: We supply a basic list of required HootBoard cloud endpoints that should be whitelisted
  • Port Restrictions: Access should be limited to specific ports required for kiosk functionality, this is handled as part of HBOS.
  • ACL Configuration: Access Control Lists (ACLs) or firewall rules should be configured to restrict communication only to necessary endpoints, this is handled as part of HBOS, but can also be configured at your Network Layer.
  • Documentation Available: We can provide the current list of required endpoints and ports for your firewall configuration

This restrictive approach ensures kiosks can only communicate with authorized services while blocking unnecessary network traffic.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk