Using untrusted Network Environments
We mentioned on Twitter that DeepSec 2012 will again feature an open wireless network. This means that there will be no barriers when connecting to the Internet – no passwords, no login, no authentication and no encryption. Some of us are used to operate in untrusted environments, most others aren’t. So the tricky part is giving proper advice for all those who are not familiar with protecting their computing devices and network connections. We don’t know what your skills are, but we try to give some (hopefully) sensible hints.
- If you are well-versed with IT security and its tools, then you probably already know what you are doing. Nevertheless it’s a good habit to double-check. We caught one of our own sessions chairs with his crypto pants down and found a password – just because he forgot to tick the SSL/TLS option. These things happen.
- If you just use computing equipment such as your laptop, tablet or smartphone, then you can ask someone who knows and who you trust for advice. Maybe your IT department has already provided and configured tools you can use. When in doubt, do not use your computing equipment, or do not connect to services dealing with sensitive information. It’s not all about tools, it’s about habits, too.
- Don’t forget the problem of shoulder surfing! If you can see what’s on your screen, so can others. Either turn down the brightness of your display or get a screen protector that hides the content on your screen from certain angles.
- If you are interested in changing your habits and ask questions, then you are at the right place. While we can only speak for our staff and ourselves, please ask how others protect themselves. You might even drop by your local #CryptoParty and have a chat with crypto enthusiasts before connecting to untrusted networks.
Bear in mind that tools and gadgets alone cannot work wonders. If you are connected to an untrusted environment, then it’s best not to feel at home and not to do everything you would do in your living-room (figuratively speaking of course).