I’m a big fan of Planar Systems. They are a very personal company in an impersonal business whose product lines target the exhibition market. US based with great personal support and their products are world class.
http://www.planar.com/products/large-format-displays/ I wrote this a few weeks ago in response to a similar question. It does not directly address securing a browser running HTML, but I hope it’s helpful. > There is no one-size-fits-all answer because the needs and circumstances of > each installation are different. It requires a multi-layered approach. First, > define the threats. Prioritize them, then look for the mitigations of those > threats. There are so many potential failure points and they can’t all be > addressed with one approach. > > Here are some strategies to consider off the top of me head. I am currently > securing two Windows 7 exhibits. > > I think of exhibit application security in three layers. > > 1) The App. First, make your foreground app stable as you can. If your > foreground app never crashes or gives up focus, the user can only do what it > allows. Make sure you’ve disabled all possible options for closing or > crashing the app. Let it run for long periods of time and see what happens. > For instance, the Windows 10 update blindsided me on this install. A totally > new problem! > > 2) Peripherals and Connections. Isolate the system and strip all unnecessary > “tools” away from the user especially those that might allow them to crash > the foreground application! > - Take away the keyboard and mouse and disable unnecessary touch functions > and don’t forget the Windows 7 virtual keyboard. Attach a keyboard for admin > as needed but don’t leave it accessible to users. > - Disable all "network" connections and functions that are not absolutely > necessary: ethernet, wi-fi, bluetooth, DNS, DHCP, etc… Most interactives > don’t NEED a full time network connection. Even if you do, say for remote > admin or a backend system, you will only need narrowly defined functionality. > Disable everything and then open only what you need. Firewall all > communications not explicitly required. > > 3) The System. Make the system as lean and stable as you can. > - run your app on a “limited” user and strip all needed functions from that > user. You can use parental controls on many systems to disable a lot of > functionality. And make sure all admin user is password protected! > - Disable everything that runs in the background, especially any kind of > updating. Turn off all automatic updates and all “alerts.” Remove every > background app and function. > - I like to automate a periodic restart. This helps with long term stability. > Windows simply can’t run for long periods without eventually crashing. It > just can’t. Macs too. > > Those are just highlights. Many threats can be eliminated en masse using > security apps and application design, but you still need to think about all > the possible undesirable consequences and make sure you are guarding against > them. If you keep a close eye on your existing installations, failures will > reveal threats that you never anticipated. > > Some other things to consider: > > If the app crashes, what does the user see. I like to clean off the desktop > and put a “restart” icon right in the middle. Most users don’t want to hack > your system and will happily restart your app for you if it’s obvious how > this is done. > > You can also purchase app monitors that will check the run state and restart > the app if it crashes. If you have good monitoring though, this is probably > more trouble than help though. It’s a background app. ;) > > Can your user get to physical buttons on your monitors or systems? You can > often disable them via menu controls. > > Can users access the power? This allows them to reboot. What happens when the > system reboots? Does it automatically load the correct user and application? > > What happens when power fails? Does the system automatically reboot when > power comes back? > > Etc… > > I’m considering writing a longer more formal “how to" so I’d love to hear > anyone’s horror stories or specific configuration tips. Cheers, tod Technical Director Hillmann & Carr Inc 202-342-0001 > On Nov 18, 2015, at 2:28 PM, Tamsen Young <[email protected]> wrote: > > Hello all, > > We are looking into purchasing a touchscreen monitor for a web-based > interactive component to our exhibition. We are looking for one > approximately 50". We'd also need to lock-down the "website". For iPads I > do this with a combination of KioskPro and Guided Access. But these are > Apple apps. Is there equivalent software for large touch monitors? > > Does this list have any brand suggestions and/or specification suggestions > such as: LED/LCD, output/input must-haves, what to avoid, what must be > included? > > From scanning the MCN archives I only really saw mention of Elo monitors. > Any other current recommendations? > > Many thanks! > > -- > Tamsen Young > Museum Digital Media and Strategic Initiatives Manager > The Museum at FIT > New York City > 212.217.4547 > www.fitnyc.edu/museum > > Visit our collections online <http://fashionmuseum.fitnyc.edu/> | Find us on > Facebook <https://www.facebook.com/TheMuseumAtFIT> | Twitter > <https://twitter.com/museumatFIT> | Instagram > <https://instagram.com/museumatfit/> <https://twitter.com/museumatFIT> > _______________________________________________ > You are currently subscribed to mcn-l, the listserv of the Museum Computer > Network (http://www.mcn.edu) > > To post to this list, send messages to: [email protected] > > To unsubscribe or change mcn-l delivery options visit: > http://mcn.edu/mailman/listinfo/mcn-l > > The MCN-L archives can be found at: > http://www.mail-archive.com/[email protected]/
_______________________________________________ You are currently subscribed to mcn-l, the listserv of the Museum Computer Network (http://www.mcn.edu) To post to this list, send messages to: [email protected] To unsubscribe or change mcn-l delivery options visit: http://mcn.edu/mailman/listinfo/mcn-l The MCN-L archives can be found at: http://www.mail-archive.com/[email protected]/
