Conference Network Survival Guide for DeepSec 2011
For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site).
- Secure your operating system (vendor and type doesn’t matter).
- Backup your data.
- Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology).
- Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN tunnel. Secure Shell (SSH), OpenVPN™, IPsec and other tools provide such a tunnel.
- Use protocols secured by encryption (all things SSL/TLS for example). Tell your browser to do so by installing HTTPS Everywhere prior to connecting to the event network. If you have trouble enforcing secure protocols, use an encrypted tunnel to a trusted site for transport.
- When using HTTPS and other SSL/TLS protocols, don’t ignore security warnings! Fake certificates are all the fashion these days.
The conference wireless network at DeepSec 2011 will be an open network without any encryption. This means that we won’t configure WEP, WPA or WPA2 on our access points (only for maximum interoperability, of course). Passive attacks are always possible in such an environment. If you are not sure whether your data transmissions are secured, we will provide an online tool for helping you securing your network traffic. Some of our staff might be of assistance, otherwise talk to the people around you. That’s why you are at a security conference. ☺
So we do not condone any abusive or intrusive behaviour, but we do not have the means to enforce a policy. The Internet access at the conference is for everyone. Use it wisely and encrypt everything. Don’t be a sheep! We will announce known infrastructure devices with their MAC address on our Twitter feed for reference and for helping to detect „person/device in the middle“ attacks.