Infrasec/Compute SecConf

From MozillaWiki
Jump to: navigation, search

Summary

Security Conferences in general can be a hostile place for using your computer and it is important to know what is going on around you. So to set the scene, I am talking about the networks within the conference halls and even in your hotel room. Every conferences has varies levels of scary, so use caution with everything you do on your computer (or other computing device).

Note: If any of the terms in the "recommendation" section mean nothing or you have no idea what I am talking about, you probably shouldn't use your computer or wireless device at these conferences. You should also make sure you turn off Bluetooth and Wifi on all your devices and just use your cell phone's data network. (Have not seen anybody spoof these yet but it is very possible) (note that BlackHat 2009 featured a session on exploiting the SMS network -- be afraid).

Recommendations

These recommendations are all here if you MUST use your computer during a security conference. In an ideal environment, you are either using a MiFi directly connected to your system or you are not using your computer at all. You might also want to consider what you are going to do and if it is worth the risk. So if you MUST compute, here are some recommendations.

  1. Don't use your regular system.
    1. At least for me, I have a lot on my system and I wouldn't want anything to happen to it. So instead, I have a security conference system.
  2. Have some password diversity
    1. Don't use the same password for everything. Break them up into different levels such as company, personal, social network and banking.
  3. Rogue Access Points
    1. This one is a tough one, at Blackhat typically there are people spoofing the conference access points, so beware of what you are using. If you can verify the MAC address of the access point, that is best, if not use a MiFi or your phone's data connection. The BlackHat conference material will contain instructions on ensuring you're talking to the real BH access point, at least, but that definitely doesn't guarantee no snooping or tampering of content.
  4. Tunnel and proxy out of the conference
    1. Depending upon your host OS, it is best to use a secure connection such as IPSec, SSH or an SSL VPN to an outside host and proxy all of your traffic to that host. This would also require you to configure your host OS to proxy everything out. (Keep in mind, this isn't 100% depending upon what you are doing.)
    2. This does two things, you can ensure that if you do have passwords flying around in plain text they won't be seen and if you have established this connection prior to the conference, you can ensure there isn't any tampering with your traffic.
  5. Accepting untrusted SSL/HTTPS certificates or even SSH keys
    1. If you are making a connection to a site and it asks you to accept a key or certificate, you better know what you are doing. If this is something you have used in the past, don't accept it.
Retrieved from "https://wiki.mozilla.org/index.php?title=Infrasec/Compute_SecConf&oldid=240607"