To provide controlled access to external research datasets while maintaining maximum data security, I developed a secure kiosk based access system using Intel NUC hardware. The solution was designed for a dedicated room where researchers could work with sensitive data from partner institutions—without risking any data leakage or policy violations.
Each kiosk unit was installed in a locked, shielded rack, which also housed a managed switch to isolate the network segment from the rest of the organization’s infrastructure. Workstations in the room were standard office PCs for everyday use. However, long cables (video, keyboard, mouse) ran through cable ducts from each desk to the kiosk rack. At each desk, a KVM switch was installed, allowing researchers to seamlessly toggle between their office environment and the kiosk system—each with dual 4K monitor support.
To prevent unauthorized access or data extraction, I implemented several hardware and software hardening measures, including:
- USB ports secured with physical locks.
- Docking stations enhanced with additional USB protection.
- Automated reset scripts to ensure a clean environment for each session.
- A PowerShell script to send notifications and system status reports when kiosk systems were activated.
- System startup restricted: Kiosk PCs could only be booted by authorized staff upon request from a registered researcher.
- CCTV surveillance of the room for full traceability.
Each kiosk system used a hardened Windows setup with minimal attack surface. The systems were completely network isolated via firewall rules and VLAN segmentation, with configurations developed in coordination with partner institutions to comply with shared security policies.
The main goal of the project was to grant access to external research data sources under strict supervision, ensuring that no data could leave the secure environment. This balance between accessibility and security was achieved through thoughtful integration of network design, hardware control, and operational workflows.