From BruCON 2015
Jump to: navigation, search
Line 43: Line 43:
 
** Be prepared to the worst case, shit appens!
 
** Be prepared to the worst case, shit appens!
  
* Platform Specific rules
+
=== Microsoft OS ===
 +
 
 +
* Be sure to have an anti-virus running (with up-to-date signatures) and a firewall.
 +
* Disable all unwanted services (Go to 'Start', 'System Settings', 'Services', 'Properties of service' then 'Stop').
 +
 
 +
=== MacOS ===
 +
 
 +
* Disable all unwanted  services (Go to 'System Preferences', 'Sharing', 'Services' and uncheck all the things you don't need).
 +
* Protect your [http://en.wikipedia.org/wiki/Keychain_(Mac_OS) Keychain] access (where all your password are stored). Start the Keychain utility (Go to 'Applications', 'Utilities' then 'Keychain Access'). Select the 'login' keychain from the sidebar and go to the menu 'Edit', 'Change Settings' for Keychain "login"'. 
  
=== Microsoft OS ===
+
=== Linux ===
*** Be sure to have an anti-virus running (with up-to-date signatures) and a firewall.
+
* Disable unwanted service (Via a root shell, issue the command '/etc/init.d/$service' stop or '/usr/sbin/$service' stop )
*** Disable all unwanted services (Go to 'Start', 'System Settings', 'Services', 'Properties of service' then 'Stop').
+
* Protect your GRUB or LILO boot loader with a password
** MacOS
+
* Limit access to the console using /etc/securetty.
*** Disable all unwanted  services (Go to 'System Preferences', 'Sharing', 'Services' and uncheck all the things you don't need).
+
 
*** Protect your [http://en.wikipedia.org/wiki/Keychain_(Mac_OS) Keychain] access (where all your password are stored). Start the Keychain utility (Go to 'Applications', 'Utilities' then 'Keychain Access'). Select the 'login' keychain from the sidebar and go to the menu 'Edit', 'Change Settings' for Keychain "login"'. 
+
=== PDA/iPhone ===
** Linux
+
* Lock your iPhone automatically after an inactivity period.
*** Disable unwanted service (Via a root shell, issue the command '/etc/init.d/$service' stop or '/usr/sbin/$service' stop )
+
* Disable Bluetooth discovery and services.
*** Protect your GRUB or LILO boot loader with a password
+
* Disable preview of SMS on your iPhone(which will be displayed even if locked).
*** Limit access to the console using /etc/securetty.
 
** PDA/iPhone
 
*** Lock your iPhone automatically after an inactivity period.
 
*** Disable Bluetooth discovery and services.
 
*** Disable preview of SMS on your iPhone(which will be displayed even if locked).
 
  
* Do '''not''' ...
+
== Do '''not''' ... ==
** deploy rogue Wi-Fi access point nor  rogue servers (DHCP).
+
* deploy rogue Wi-Fi access point nor  rogue servers (DHCP).
** use unencrypted protocols (once again I now...)
+
* use unencrypted protocols (once again I now...)
** perform suspicious activity like ARP spoofing, DoS or bruteforce attacks (non-exhaustive list!)
+
* perform suspicious activity like ARP spoofing, DoS or bruteforce attacks (non-exhaustive list!)
  
* Privacy
+
== Privacy ==
** Please respect visitors '''privacy'''. Do not take picture without proper authorization of visitors faces, screen-shots nor papers
+
* Please respect visitors '''privacy'''. Do not take picture without proper authorization of visitors faces, screen-shots nor papers
  
* Emergencies
+
== Emergencies ==
** In case of network outage or suspicious activity, please contact our CERT via e-mail or phone (details will come later)
+
* In case of network outage or suspicious activity, please contact our CERT via e-mail or phone (details will come later)
** We do NOT provide support for personal problems. We're not your mother! ;-)
+
* We do NOT provide support for personal problems. We're not your mother! ;-)
  
 
== Network Status / Updates ==
 
== Network Status / Updates ==
  
 
Todo
 
Todo

Revision as of 14:48, 15 September 2009

General Rules

A free Internet access will be available during the conference via Wi-Fi. Visitors will be able to use they own devices (laptops, PDAs, mobile phones, ...) to surf the web.

Disclaimer

Visitors are responsible of the electronic devices they bring to the conference premises. BruCON will not be responsible of any damage, theft or alteration of any kind (software or hardware). The network facilities are provided "as is" without any warranty of availability and performance.

Please follow some golden rules: don't leave your devices or bags alone. Lock your devices when away. For more details how to secure your devices before attending the conference, see below.

Network Facilities

  • Internet Access
    • Wi-Fi - A wireless network will be available for free.
    • Wired - Wired connectivity will be provided only for the press, speakers (presentations, lightning talks, workshops, ...) and the crew.
    • Provided Services - IP addresses will be allocated via DHCP for visitors. Speakers who need a fixed IP address can contect the network crew.
  • Connectivity Details
    • SSID : n/a
    • IP range : n/a
    • Default GW : n/a
    • GW MAC Address : n/a
    • DNS : n/a

How to Survive?

Attending a conference with a public network is not without security risks. You are often directly connected to the Internet. Consider it the Wild Wild West. Before coming to the event, please be sure to follow the following best practices:

  • General rules
    • If possible bring a dedicated device to the conference with a fresh & limited set of softwares and data. Don't take a brand new one, it can be hit by flying objects, fall or flooded by beer.
    • Don't bring confidential data with you.
    • Do not carry business documents and keep your USB sticks away from other participants.
    • If you bring your regular device, perform a full backup of your data and restore them after the conference
    • Be sure to use fully-patched softwares
    • Take care of physical security: put BIOS passwords, don't leave your devices unattended.
    • Put labels on your hardware (if you'd like to remain anonymous, don't put your name but a unique detail like a sticker under the battery to make the device easily identifiable)
    • Encrypt everything, always
      • Encrypt your disks (TruCrypt)
      • If you need to communicate over the wild Internet, use VPN or any other kind of tunneling like SSH tunnels.
      • Avoid any unsecured protocols like POP3, IMAP, HTTP-auth, Instant Messenger, Twitter (cookies)
    • Do not trust anybody! Even not secured web-sites.
    • Don't log with administrative rights (Administrator, root, ...)
    • Lock your sessions if you stand-by your device
    • Be prepared to the worst case, shit appens!

Microsoft OS

  • Be sure to have an anti-virus running (with up-to-date signatures) and a firewall.
  • Disable all unwanted services (Go to 'Start', 'System Settings', 'Services', 'Properties of service' then 'Stop').

MacOS

  • Disable all unwanted services (Go to 'System Preferences', 'Sharing', 'Services' and uncheck all the things you don't need).
  • Protect your Keychain access (where all your password are stored). Start the Keychain utility (Go to 'Applications', 'Utilities' then 'Keychain Access'). Select the 'login' keychain from the sidebar and go to the menu 'Edit', 'Change Settings' for Keychain "login"'.

Linux

  • Disable unwanted service (Via a root shell, issue the command '/etc/init.d/$service' stop or '/usr/sbin/$service' stop )
  • Protect your GRUB or LILO boot loader with a password
  • Limit access to the console using /etc/securetty.

PDA/iPhone

  • Lock your iPhone automatically after an inactivity period.
  • Disable Bluetooth discovery and services.
  • Disable preview of SMS on your iPhone(which will be displayed even if locked).

Do not ...

  • deploy rogue Wi-Fi access point nor rogue servers (DHCP).
  • use unencrypted protocols (once again I now...)
  • perform suspicious activity like ARP spoofing, DoS or bruteforce attacks (non-exhaustive list!)

Privacy

  • Please respect visitors privacy. Do not take picture without proper authorization of visitors faces, screen-shots nor papers

Emergencies

  • In case of network outage or suspicious activity, please contact our CERT via e-mail or phone (details will come later)
  • We do NOT provide support for personal problems. We're not your mother! ;-)

Network Status / Updates

Todo