Educause Security Discussion mailing list archives
Re: Recent experience traveling China
From: "Rajewski, Jonathan" <rajewski () CHAMPLAIN EDU>
Date: Fri, 4 Mar 2016 09:02:36 -0500
It's all about your comfort level of risk. What can you try to stop/detect - hardware implants vs malicious software etc. The former is far more difficult to detect without physical inspection pre/post trip. Encrypt anything that is going over there using proven security technologies. Laptops/phones/removable media. Use UEFI secure boot. Patch everything etc. The harder you make it to compromise the better. I agree with those that said to bring new technology with them that can be disposed of when they return. While the people traveling abroad may or not be high value targets, those back at your college may be - so a motivated attacker would compromise the low hanging fruit systems abroad only to use them as a mechanism to then attack your home network when they plug back in state side. The fear is you may or may not have the tools to detect this when they get back. The concept of issuing 40 new devices may not be practical, so the next best thing could be to tell those going abroad that you will be wiping / reinstalling the machine when they return (if it's a college asset). If you choose that route, I would ensure you have a plan in place to really do this. logistics etc. Another option (depending on your comfort level) is install agents on the machines you are sending to China that would detect system changes - so I'm thinking carbon black/bit 9 and or cylance etc. I would also advise grabbing a forensic image before they leave, and another when then when they return. A good analyst should be able to detect changes that would indicate malware was/is on the machine. Using a prepositioned trusted vpn with proper user training is also a must. The issue is if they leave an unencrypted laptop at the hotel, vpn creds can be taken and a keystroke logger could easily be installed. Also when they vpn back to the college, ensure you are logging netflow and anything else that you can use to detect a compromise from abroad (see the presentation from NSA's TAO at USENIX conference on why this is important https://www.youtube.com/watch?v=bDJb8WOJYdA)– ensure you have that traffic segmented and not on a flat connection into the enterprise. That all said, it really comes down to your comfort level of risk. Please let me know if you have any questions. On Thu, Mar 3, 2016 at 3:36 PM, Don M. Blumenthal <dmb () donblumenthal com> wrote:
Sorry. I clicked Send when moving my cursor to edit what I had written. ================ From what I understand, security and access issues will vary by where someone is in China. I had no problem with VPN in Beijing, but that was a couple of years ago. As long as Shawn mentioned them, based on experience, direct or from others in a organization that I work with, the State Department warnings are legitimate. Some of the physical surveillance was comically obvious (guy with a telephoto lens behind a potted something or other plant), so I assume that other more subtle activities were going on. A colleague caught two men in his hotel apparently checking his computer for files. My company told employees to leave Macs at home and issued 7" notebooks that we were to keep with us at all times. That was a failure (and the colleague above ignored "keep it with you.") I scrubbed an ancient (10+ years} laptop and put Linux on it. All security savvy people that I spotted had Chromebooks or PCs with Linux. All data was on portable storage, with any auto backups directed to the those drives or disabled. Branching into personal safety of kind, travelers should have at least surgical or gardening masks to give some protection from air pollution in the major cities. It was brutal in Beijing. I know that this point is way beyond the scope of the question, but the thread skated past VPNs awhile back. :) Don *From:* Shawn Merdinger *Received:* 3/3/2016 1:14:03 PM -05:00 *To:* SECURITY () listserv educause edu Clearly a challenging environment. A few US Gov't resources...not that anything official will provide clear answers or solutions. http://travel.state.gov/content/passports/en/country/china.html "Surveillance and Monitoring: Security personnel carefully watch foreign visitors and may place you under surveillance. Hotel rooms (including meeting rooms), offices, cars, taxis, telephones, Internet usage, and fax machines may be monitored onsite or remotely, and personal possessions in hotel rooms, including computers, may be searched without your consent or knowledge. Security personnel have been known to detain and deport U.S. citizens sending private electronic messages critical of the Chinese government." https://www.fbi.gov/about-us/investigate/counterintelligence/student-brochure Several tips, but imho the most important: "n most countries, you have no expectation of privacy in Internet cafes, hotels, airplanes, offices, or public spaces. All information you send electronically (fax, computer, telephone) can be intercepted, especially wireless communications. If information might be valuable to another government, company or group, you should assume that it will be intercepted and retained. Security services and criminals can track your movements using your mobile phone and can turn on the microphone in your device even when you think it is turned off." Cheers, --scm On 3/3/16, Nasir Hakeem wrote:Our group has 2 options, one is the open DNS client that is tied toumbrella(uses our approved DNS ips anywhere reachable) and second we have our standard Cisco vpn service. Have not had any reported issues with users outside the US. This includes China and Middle East. Nasir Hakeem | Sr. Systems and Network Administrator Sent via a mobile device On Mar 3, 2016, at 8:56 AM, Hudson, Edward <>> wrote: Tread carefully. We have had experiences with university personneltravelingto China and using "purchased" VPN clients which are malware laden. We tend to encourage taking a loaner device, stripped down to bare essentials and no sensitive data. Also there are potential ITAR issueswithencryption. Ed Hudson, CISM Director, Information Security California State University Office of the Chancellor 401 Golden Shore Long Beach, CA 90802 Tel 562-951-8431 ehudson () calstate edu On 3/3/16, 8:40 AM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Emily Harris" <> on behalf of emharris () VASSAR EDU> wrote: All: Vassar has about 40 people taking a trip to China and we are attemptingtoadvise them on a number of issues, including maintaining a safe andsecurecomputing posture while abroad. We are a Google school, and as you know, China blocks access to Google applications. I am wondering if anyone on the list has recent experience traveling to China and using their own institutional VPN. An article Ireadrecently indicated that China is cracking down on corporate VPNs andmany ofthem do not work. Can anyone speak to experience in this realm? We are weighing our options for recommendations to these 40+ people. Thank you! -- Emily Harris Interim Information Security Officer, CIS Vassar College 845-437-7221
-- Jonathan T. Rajewski, MS, CCE, EnCe, CISSP, CFE Assistant Professor, Digital Forensics, Champlain College Director/Principal Investigator, Senator Patrick Leahy Center for Digital Investigation (LCDI) Digital Forensic Examiner, Vermont Internet Crimes Task Force Champlain College 163 South Willard Street Burlington, VT 05401 Office: +1 802-865-5460 Google Voice - +1 802-318-4804 @jtrajewski Rajewski () champlain edu Jonathan.rajewski () leo gov PGP Public Key: Located on keyserver.pgp.com
Current thread:
- Recent experience traveling China Emily Harris (Mar 03)
- Re: Recent experience traveling China Eric Weakland (Mar 03)
- Re: Recent experience traveling China Hudson, Edward (Mar 03)
- Re: Recent experience traveling China Nasir Hakeem (Mar 03)
- Re: Recent experience traveling China Shawn Merdinger (Mar 03)
- Re: Recent experience traveling China Nasir Hakeem (Mar 03)
- Re: Recent experience traveling China Steve Terry (Mar 03)
- <Possible follow-ups>
- Re: Recent experience traveling China Don M. Blumenthal (Mar 03)
- Re: Recent experience traveling China Emily Harris (Mar 03)
- Re: Recent experience traveling China Valerie Vogel (Mar 08)
- Re: Recent experience traveling China Emily Harris (Mar 03)
- Re: Recent experience traveling China Don M. Blumenthal (Mar 03)
- Re: Recent experience traveling China Rajewski, Jonathan (Mar 04)
- Re: Recent experience traveling China Frank Barton (Mar 04)
- Re: Recent experience traveling China Rajewski, Jonathan (Mar 04)