Hardware

Put security reminders where shared workstation users will see them

You've probably taken all necessary precautions to lock down access to certain paths or applications on your shared workstations. Use this tip to remind users to do their part in securing the machine.


Recently, I was asked to document a client's shared workstation prototype. I worked on the technical specifications with the team that configured the workstation. Then I was asked for an end-user document that would help secure the system and reduce calls to the help desk. This week, I'll share the simple poster design trick that was a hit with the help desk staff and the project managers.

The thin PC as a shared workstation
A shared workstation, or thin PC, saves money in an environment like a hospital nursing station or a pharmacy where a small group of people needs occasional access to a computer to conduct company business. The help desk only has to support and secure one computer for those part-time users.

In this case, the Windows 2000 group policy had the machine so locked down that the Start menu had only two options: Shut Down and Settings | Add Printer. Users could launch only the applications for which desktop shortcuts were provided, and those applications required credentials, such as IDs and passwords, for additional access.

A small percentage of the users had privileges to launch a gateway application that connects to the company e-mail and Web servers. Unfortunately, many people in that small minority of users had the bad habit of leaving the machine still logged in to a key business application, e-mail, or Internet session. They'd forget to exit the application or log off the special session. The system was vulnerable during the time between when the user left the workstation unattended and when a password-protected screen saver would kick in.

Getting in users' faces
My job was to create a document that would help users remember to log out of applications before leaving the shared workstation unattended. By educating these end users, we hoped to limit the number of help desk calls like these:
  • "The person who used this computer before me didn’t log out. What should I do?"
  • "Somebody left the computer on and it looks like somebody's medical records are still on the screen!"
  • "I think somebody has been using the Internet to do something they're not supposed to do."

If users leave their e-mail accounts wide open on the screen, a snoop can read them and send correspondence under their names. If they leave an Internet session open on a shared workstation, any inappropriate activity will be traced to the last login—theirs. Those are the kinds of issues we wanted to communicate to the shared workstation users.

These users, I reckoned, probably wouldn't read an official-looking, text-heavy security policy that outlined the perils of leaving applications open. So I decided to go for the big-type-with-pictures approach. I created a simple poster with a drawing from Word's ClipArt Gallery. We printed the poster in a few sizes and displayed them in conspicuous places on, near, or around the shared workstations.

Figure A shows how my poster was outlined. Since nearly all of this client's employees drive to work, I thought the red sports car would catch the eye of the people who use the shared workstations. We used the phrase "steal your ID" because we thought users would understand the significance better than if we had used a phrase like "borrow your login."

Figure A
Put your security policy for secured workstations on a poster to remind users to log out.


Because so many users tend to forget how to log out of or close an application, we decided to spell out their options: Click the close box, use the File menu, or press [Alt][F4]. The final copy had the company logo and was printed in color. We printed two different sizes and displayed the posters in conspicuous places everywhere we installed shared workstations.

Share your tips for supporting shared workstations
How do you keep shared workstations secure in your shop? To comment on this tip, please post a comment or write to Jeff.

 

Editor's Picks