Help Your Laptop to Survive a Security Conference

BlackHat Europe is at our doors! I’ll flight to Barcelona on Sunday evening. Just enough time (amongst other things) to prepare my laptop against the “Jungle”.

Today, you can’t attend a security conference without a laptop and some Internet connectivity. To take notes, to visit websites reported during talks, to tweet and blog! But using a laptop in wild environment is always risky. As I’m moving all the year long across several locations, my laptop is already quite well secured (well, I hope). But it’s never too late to review and apply some basic rules:

  • If possible, use a dedicated system. Do not use your corporate laptop containing confidential data.
  • Be sure to run the latest release of your operating system and applications. Patches are released to be applied!
  • Remove all the unwanted stuff (files, configuration)
  • BACKUP your laptop before the conference
  • If possible, start from a fresh installation and, once back to home, reinstall everything (I admit, it’s boring to reconfigure your environment to feel like at home).
  • Enable strong authentication (Yubikeys are great devices to implement this).
  • Enable local firewalls, anti-(virus|spyware) and why not an HIDS (Host based Intrusion Detection System) to detect any suspicious changes in your system.
  • Filter also all the outgoing connections and log them.
  • A few words about the physical security: always keep an eye on your bag/laptop and lock your screen when not in front of your keyboard (or if you put your laptop in stand-by mode)

Once on site, using a clean computer is not enough. Be sure to respect other rules:

  • Don’t trust anybody!
  • Don’t log in and work with as a super-user.
  • If you can use 3G network, do it! It’s much harder to break.
  • But, regardless of the connection you found, encrypt all your traffic!
  • Monitor your VPN connection. Too often, the VPN is broken and the traffic is send via your regular default gateway!
  • Encrypt your files using appropriate tools (common operating systems have not builtin encryption features).
  • Today, the browser is a main component of your system. Protect it too! Run it in a sandbox, add security add-ons like NoScript. If you don’t have a full VPN, use a SSH connection as a SOCKS proxy and configure Firefox to use it.
  • Even better: don’t rely on the information received from the DHCP server. Try to configure your laptop with a fixed IP address (try to find a free one at the end of the received subnet)
  • Take care of default gateway ARP spoofing.

This year, I replaced my netbook by a Macbook Air, I fell in love with it! And yes, it has been upgraded to MacOS 1.6.3 to fix the long list of vulnerabilities reported by Apple.

Follow those simple tips and enjoy the conference!

Some references:

3 comments

  1. OR, instead, we could:

    Get a laptop, remove the Hard Drive, leave the HD at home.

    Then grab a USB stick, load your favorite Linux Distro on it, make persistent changes on it, and fire up your laptop with it.

    Once done, after the conference(s), just write over the partition(s) of the USB key and start over. I have this setup, and it takes me about 30 minutes from start to finish since I have everything backup as imagines and files/folders.

    If you are REALLY paranoid, just use a 1GB or 2GB USB key and throw it away afterwards. I would never put in any Passwords to any online sites while there 🙂

  2. Hi Xavier, very interesting post with useful links. I hope I can follow BH Europe with yours posts and tweets.
    Have a good conf.

  3. Hi all,

    Thanks first to post this and for all informations !
    I’m searching actually for this kind of doc from a website where they explain how to use iptables too to only
    allow connection to my sshd on my serbver on the Internet, and to drop all incoming traffic.
    I probably can find myself the syntax/little script, but can’t find again this article.. If someone know where this article stay… url ?

    Thanks 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *