I've heard rumblings and full-on details of the lengths people are going to secure their data and laptops whilst at DefCon.
Some describe DefCon's network as "The most hostile network in the world" - be that as it may, with a bit of common sense, it's not likely to be a good reason to trade your laptop for an abacus or pen and paper. I haven't been to DefCon in about six years. They had wireless, and it was as uncontrolled as it comes. Ostensibly, the hostility level could have been worse.
One thing that was missing the last time I went was the infamous "Wall Of Sheep" - A projector that exposes the login details for anyone who dares to use unencrypted services.
If you have to "lock it down" for a hostile environment, then you're probably taking the wrong security stance. Here are a few things to consider ALWAYS. Not just for DefCon:
- Back. Up. Your. Data. You never know when your laptop will get lost, stolen, infected, or permanently damaged. Your best bet is to make sure you have current backups and that those backups are usable.
- Don't store private data in the clear. Encrypt proprietary business information, your personal identification information, bank records, and other private data that you'd rather not make its way into the hands of everyone in the world. I recommend TrueCrypt for Mac, Linux and Windows. Part of what makes encryption work is PROTOCOL. Just using the software isn't good enough. Guard your data and use encryption sensibly.
- Use Strong Passwords. And use them properly. Make sure your screen saver makes you authenticate, make sure the system isn't set to log on automatically, and choose a password that's hard to guess and resistant to dictionary attacks.
- Keep your software and anti-virus up-to-date, and beware of Evilgrade.
- Shut down services and features you don't need. This includes bluetooth, etc.
I really don't believe there's such a thing as paranoia -- just various levels of cautious behavior. Operating in "condition red" (Living in fear, all freaked out, the world is ending!) isn't healthy. That said, an extra layer of caution probably isn't too bad when you're sharing a network with a few thousand hackers. If you really want to take it to the next level, here are a few ideas:
- Use out-of-band communication. Find another hotel or use a CDMA wireless card (wireless EDGE/EV-DO broadband). While this is no guarantee of security, it does pull you off of the hacker-trodden DefCon network.
- Tunnel everything. Set your system-wide proxy to a localhost port (for your IM and other services as well) and then tunnel port 3128 to a remote squid server on another network (such as at your home). This will likely slow stuff down a bit, but it'll all go over SSH.
- Set up firewall rules to block anything that won't go through the proxy. On Mac OS X, I installed the following rules. I love BSD's IPFW:
Chimera:~ axon$ sudo ipfw list01000 allow tcp from any to any established
02000 allow ip from any to any via lo*
03000 allow icmp from any to any icmptypes 8
04000 allow icmp from any to any icmptypes 0
05000 allow log tcp from any to any dst-port 22 out06000 reject log ip from any to any
Posts
