Open Dental Forum

I love Open Dental (OD) and the "open" philosophy that goes with it. In that spirit I want to understand how to make the Kiosk/Terminal feature more secure. Even though I have posted feature requests I was told that the my concerns will get greatest visibility on this forum so here goes:

1. Kiosk computers run the full blown OD executable and thus need access to Shared folders like OpenDentalImages. While the patient is locked out of the OD interface in Kiosk mode, it is possible to use a number of Alt-key and Windows-key combinations to get to the Windows desktop. Once on the Desktop it is easy to browse any Network Shares at will. Since Kiosks, by definition, are private it is impossible to monitor if someone accesses such folders and this concern is holding us back. Maybe we need a stripped down version of the OD executable that does not need access to anything but the MySql database on the server. This database would then need password protection as well. Alternatively we could run the Kiosk in some kind of locked down mode so that no one can get past the Kiosk Screen without a password or by restarting. Maybe these features already exist or maybe they have to be added. Either way, a tutorial will help.

2. On a similar note the OD interface itself might be exploited in Kiosk mode. Consider the following-unlikely-scenario. a>>Receptionist logs in to OD with every intention of starting Kiosk mode. b>>Receptionist gets phone call from jealous boyfriend/dying grandmother or something else that cannot wait. c>>Receptionist walks away from Kiosk leaving OD logged in and Kiosk feature NOT yet enabled. d>>Teenage hacker patient walks in, exports database to Excel and emails/ftps/copies to pen drive. Obviously anyone running Kiosks should disable USB Pen Drive using Windows Registry as well as disallow all executables, command prompts etc. But we need some guidelines for this and above all the OD executable should not display the usual modules on a Kiosk. We achieved the latter by creating a Kiosk User that cannot use any module but such an user can still access the "Select Patient" drop down list. I think these insecurities should be locked down. We cannot depend on receptionists to always do the right thing since they are only human.

3. It would nice if we could attach a webcam to the Kiosk and take a patient pic with a button from within the Patient Response form without needing to invoke the Images module on the Kiosk.

1. You can override the path to the AtoZ folder for a specific computer. You could put a dummy AtoZ folder on the kiosk computer. It would have to contain the backgrounds of any forms that patients would be filling out. Then, use Windows security to keep them out of shared folders. One way we plan to address the security problem of the shared AtoZ folder in the future is to use ftp instead. But you might still have other shared folders in your office.

2. In addition to the precautions you have suggested, an automatic logout feature would help here.

3. Good idea.

A few more ideas. Why is it that the receptionist shouldn't directly see the screen? If your office layout does not allow that, then how about a security camera to deter such activity? Another option is to split the monitor cable and run it to a duplicate screen at the receptionist desk. Or use software to do the same thing.

jordansparks wrote:1. You can override the path to the AtoZ folder for a specific computer. You could put a dummy AtoZ folder on the kiosk computer. It would have to contain the backgrounds of any forms that patients would be filling out. Then, use Windows security to keep them out of shared folders. One way we plan to address the security problem of the shared AtoZ folder in the future is to use ftp instead. But you might still have other shared folders in your office.

This probably will work but it suggests to me that the office network should be a Domain rather than a Workgroup but this is probably a good practice anyway. Group policies can also be very useful in securing individual workstations both in Workgroups and Domains. What is ruled out is the Home Edition of Windows which has no Group Policy feature and also cannot join Domains.

jordansparks wrote: 2. In addition to the precautions you have suggested, an automatic logout feature would help here.

True since we probably cannot use a Windows screensaver with password since it might lock out the user while in legitimate Kiosk mode.

jordansparks wrote:A few more ideas. Why is it that the receptionist shouldn't directly see the screen? If your office layout does not allow that, then how about a security camera to deter such activity? Another option is to split the monitor cable and run it to a duplicate screen at the receptionist desk. Or use software to do the same thing.

I have a few objections to this. 1. People don't like being watched even when they are completing a form they are ultimately going to hand over to you. 2. This would create more work for the receptionist and the whole point of the kiosk is to reduce his or her work load. 3. Lastly if we are exposed because of a distracted receptionist we should not expect the same person to be the solution to the security breach.