Help Your Laptop to Survive a Security Conference

BlackHat Europe is at our doors! I’ll flight to Barcelona on Sunday evening. Just enough time (amongst other things) to prepare my laptop against the “Jungle”.

Today, you can’t attend a security conference without a laptop and some Internet connectivity. To take notes, to visit websites reported during talks, to tweet and blog! But using a laptop in wild environment is always risky. As I’m moving all the year long across several locations, my laptop is already quite well secured (well, I hope). But it’s never too late to review and apply some basic rules:

  • If possible, use a dedicated system. Do not use your corporate laptop containing confidential data.
  • Be sure to run the latest release of your operating system and applications. Patches are released to be applied!
  • Remove all the unwanted stuff (files, configuration)
  • BACKUP your laptop before the conference
  • If possible, start from a fresh installation and, once back to home, reinstall everything (I admit, it’s boring to reconfigure your environment to feel like at home).
  • Enable strong authentication (Yubikeys are great devices to implement this).
  • Enable local firewalls, anti-(virus|spyware) and why not an HIDS (Host based Intrusion Detection System) to detect any suspicious changes in your system.
  • Filter also all the outgoing connections and log them.
  • A few words about the physical security: always keep an eye on your bag/laptop and lock your screen when not in front of your keyboard (or if you put your laptop in stand-by mode)

Once on site, using a clean computer is not enough. Be sure to respect other rules:

  • Don’t trust anybody!
  • Don’t log in and work with as a super-user.
  • If you can use 3G network, do it! It’s much harder to break.
  • But, regardless of the connection you found, encrypt all your traffic!
  • Monitor your VPN connection. Too often, the VPN is broken and the traffic is send via your regular default gateway!
  • Encrypt your files using appropriate tools (common operating systems have not builtin encryption features).
  • Today, the browser is a main component of your system. Protect it too! Run it in a sandbox, add security add-ons like NoScript. If you don’t have a full VPN, use a SSH connection as a SOCKS proxy and configure Firefox to use it.
  • Even better: don’t rely on the information received from the DHCP server. Try to configure your laptop with a fixed IP address (try to find a free one at the end of the received subnet)
  • Take care of default gateway ARP spoofing.

This year, I replaced my netbook by a Macbook Air, I fell in love with it! And yes, it has been upgraded to MacOS 1.6.3 to fix the long list of vulnerabilities reported by Apple.

Follow those simple tips and enjoy the conference!

Some references: