Educause Security Discussion mailing list archives
Re: Recent experience traveling China
From: "Don M. Blumenthal" <dmb () DONBLUMENTHAL COM>
Date: Thu, 3 Mar 2016 15:36:36 -0500
Sorry. I clicked Send when moving my cursor to edit what I had written. ================
From what I understand, security and access issues will vary by where someone is in China. I had no problem with VPN in Beijing, but that was a couple of years ago.
As long as Shawn mentioned them, based on experience, direct or from others in a organization that I work with, the State Department warnings are legitimate. Some of the physical surveillance was comically obvious (guy with a telephoto lens behind a potted something or other plant), so I assume that other more subtle activities were going on. A colleague caught two men in his hotel apparently checking his computer for files. My company told employees to leave Macs at home and issued 7" notebooks that we were to keep with us at all times. That was a failure (and the colleague above ignored "keep it with you.") I scrubbed an ancient (10+ years} laptop and put Linux on it. All security savvy people that I spotted had Chromebooks or PCs with Linux. All data was on portable storage, with any auto backups directed to the those drives or disabled. Branching into personal safety of kind, travelers should have at least surgical or gardening masks to give some protection from air pollution in the major cities. It was brutal in Beijing. I know that this point is way beyond the scope of the question, but the thread skated past VPNs awhile back. :) Don From: Shawn Merdinger Received: 3/3/2016 1:14:03 PM -05:00 To: SECURITY () listserv educause edu Clearly a challenging environment. A few US Gov't resources...not that anything official will provide clear answers or solutions. http://travel.state.gov/content/passports/en/country/china.html [http://travel.state.gov/content/passports/en/country/china.html] "Surveillance and Monitoring: Security personnel carefully watch foreign visitors and may place you under surveillance. Hotel rooms (including meeting rooms), offices, cars, taxis, telephones, Internet usage, and fax machines may be monitored onsite or remotely, and personal possessions in hotel rooms, including computers, may be searched without your consent or knowledge. Security personnel have been known to detain and deport U.S. citizens sending private electronic messages critical of the Chinese government." https://www.fbi.gov/about-us/investigate/counterintelligence/student-brochure [https://www.fbi.gov/about-us/investigate/counterintelligence/student-brochure] Several tips, but imho the most important: "n most countries, you have no expectation of privacy in Internet cafes, hotels, airplanes, offices, or public spaces. All information you send electronically (fax, computer, telephone) can be intercepted, especially wireless communications. If information might be valuable to another government, company or group, you should assume that it will be intercepted and retained. Security services and criminals can track your movements using your mobile phone and can turn on the microphone in your device even when you think it is turned off." Cheers, --scm On 3/3/16, Nasir Hakeem wrote:
Our group has 2 options, one is the open DNS client that is tied to umbrella (uses our approved DNS ips anywhere reachable) and second we have our standard Cisco vpn service. Have not had any reported issues with users outside the US. This includes China and Middle East. Nasir Hakeem | Sr. Systems and Network Administrator Sent via a mobile device On Mar 3, 2016, at 8:56 AM, Hudson, Edward <>> wrote: Tread carefully. We have had experiences with university personnel traveling to China and using "purchased" VPN clients which are malware laden. We tend to encourage taking a loaner device, stripped down to bare essentials and no sensitive data. Also there are potential ITAR issues with encryption. Ed Hudson, CISM Director, Information Security California State University Office of the Chancellor 401 Golden Shore Long Beach, CA 90802 Tel 562-951-8431 ehudson () calstate edu On 3/3/16, 8:40 AM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Emily Harris" <> on behalf of emharris () VASSAR EDU> wrote: All: Vassar has about 40 people taking a trip to China and we are attempting to advise them on a number of issues, including maintaining a safe and secure computing posture while abroad. We are a Google school, and as you know, China blocks access to Google applications. I am wondering if anyone on the list has recent experience traveling to China and using their own institutional VPN. An article I read recently indicated that China is cracking down on corporate VPNs and many of them do not work. Can anyone speak to experience in this realm? We are weighing our options for recommendations to these 40+ people. Thank you! -- Emily Harris Interim Information Security Officer, CIS Vassar College 845-437-7221
Current thread:
- Recent experience traveling China Emily Harris (Mar 03)
- Re: Recent experience traveling China Eric Weakland (Mar 03)
- Re: Recent experience traveling China Hudson, Edward (Mar 03)
- Re: Recent experience traveling China Nasir Hakeem (Mar 03)
- Re: Recent experience traveling China Shawn Merdinger (Mar 03)
- Re: Recent experience traveling China Nasir Hakeem (Mar 03)
- Re: Recent experience traveling China Steve Terry (Mar 03)
- <Possible follow-ups>
- Re: Recent experience traveling China Don M. Blumenthal (Mar 03)
- Re: Recent experience traveling China Emily Harris (Mar 03)
- Re: Recent experience traveling China Valerie Vogel (Mar 08)
- Re: Recent experience traveling China Emily Harris (Mar 03)
- Re: Recent experience traveling China Don M. Blumenthal (Mar 03)
- Re: Recent experience traveling China Rajewski, Jonathan (Mar 04)
- Re: Recent experience traveling China Frank Barton (Mar 04)
- Re: Recent experience traveling China Rajewski, Jonathan (Mar 04)