PaulDotCom mailing list archives

How not to get pwned at Defcon

From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Tue, 14 Jul 2009 21:04:38 -0400

I am as paranoid as the next guy, but some of these suggestions seem quite
extreme and a tad bit overboard. :)  If you follow security best practices
and use some common sense that will go a long way towards keeping you safe.
Here is a short list (certainly not exhaustive) that security minded people
should be following anyways that would go a long way: (this is a Windows
centric list)

1. Make sure that the system is fully patched (As Adrian mentioned, Secunia
PSI is a great free tool to check if all your major programs have the latest
patches)

2. Turn on Windows Firewall and allow no exceptions for originating outside
connections.  (as a corporate side note, I recommend that you enforce this
setting through GP for your machine connections outside of your Domain)

3. Disable file and print sharing. 

4. Do not run as a local administrator. Unfortunately, Windows users seem to
have a tough time wrapping their head around this one. Certainly not a
panacea for all Windows security woes, it would go a long way towards
blunting many attacks and will stop many of today's common attacks dead in
their tracks (i.e. anything that attempts to write to areas of the file
system and registry that requires admin or system rights).  Though not
perfect, Vista and 7 has made it a lot easier to run as a standard user (I
know everyone hates Vista -- I personally think it got somewhat of a bum
wrap - though it certainly is a resource hog).

5. If accessing sensitive information over the Internet, do it over a secure
link such as TLS/SSL or SSH and verify the certificate/key (e.g. do not
simply click through those Firefox and IE certificate or SSH key error
warnings!).

6. Disable auto-run and don't be sticking strange USB/disks/drives/etc into
machine.

Though following these simple 6 steps will not ensure absolute security
(hey, what will?), it will certainly go a long ways towards it.

Well those are my points for what they are worth! (probably not much!)

Jody 



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robert
Portvliet
Sent: Tuesday, July 14, 2009 5:08 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] How not to get pwned at Defcon

I guess there's two ways of looking at this...

1.) Play it safe, disable your wireless & use an evdo card, stay off
the hotel & wireless networks, which means you're safe accessing your
email & whatnot this way, but not much fun (imho).

2.) Wipe machine & re-image (to remove anything personally
identifiable) before you go to defcon, patch thoroughly.. then go have
fun, make sure you don't access anything personally identifiable from
that machine while you are there & wipe it again when you get home.

 #2 supposes you use phone instead to check email, etc. or have a
second notebook configured as in #1..

 How does that sound, good yes/no?




On Tue, Jul 14, 2009 at 4:31 PM, Robin Wood<dninja at gmail.com> wrote:

2009/7/14 Nicholas B. <nberthaume at gmail.com>:

I an entirely read-only approach when on-site heres how I plan on
approaching it:

On my laptop if:
Disable hard drives in bios, change bootorder to optical media first
and only, set bios password, use my choice of live cd, disable
wireless and tether to my evdo adaptor via usb.

When accessing anything external from the laptop:
SSH out via public key with key from a thumb-drive that's set to read
only and has a pass-phrase protected key and tunnel to a trusted box
only with a pre-accepted and verified host key from the thumb drive.


So after going to all this trouble, what are you going to actually use
your laptop for? If you are disabling any mass storage then you can't
download stuff so you are limited to browsing and reading mail, both
of which I'd guess you can do on your evdo phone.

I'd like to know how many people start with these good intentions then
realise there is something they need from the hdd so mount it up then
just leave it on.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.14/2238 - Release Date: 07/14/09
18:03:00

Current thread:

How not to get pwned at Defcon Colin Vallance (Jul 14)
- How not to get pwned at Defcon Robin Wood (Jul 14)
- How not to get pwned at Defcon Adrian Crenshaw (Jul 14)
  - How not to get pwned at Defcon Dmitry Nedospasov (Jul 14)
    - How not to get pwned at Defcon Nicholas B. (Jul 14)
    - How not to get pwned at Defcon Robin Wood (Jul 14)
    - How not to get pwned at Defcon Robert Portvliet (Jul 14)
    - How not to get pwned at Defcon Brian H (Jul 14)
    - How not to get pwned at Defcon Jody & Jennifer McCluggage (Jul 14)
  - How not to get pwned at Defcon Colin Vallance (Jul 14)
    - How not to get pwned at Defcon Adrian Crenshaw (Jul 14)
    - How not to get pwned at Defcon Bradley McMahon (Jul 14)
- How not to get pwned at Defcon Tom Brennan (Jul 14)
  - How not to get pwned at Defcon Tom Brennan (Jul 14)
    - How not to get pwned at Defcon Josh Olson (Jul 15)