Stuff to think about when you’re going to a conference.
I go to conferences and meetings a lot and many of them are security related. Most security conferences provide tips and tricks how to make the experience as safe as possible. On non-security related conferences however this is not custom so I was asked to provide some generic guidelines what to think about when you are attending a conference or other event.
Nowadays every event provides for a wireless network, some of them are completely open, some of them need a password. However, none of these networks should be trusted. Without getting into too much ‘tech-talk’, you should know it is very easy for an attacker on the same network to attack any device. Telltale signs that indicate your device is being attacked are error messages warning about certificate problems or mobile apps like facebook or twitter complaining about network errors. When this happens it is advised to disconnect from the network immediately. If you are on a laptop, and have some experience with configuring network settings, changing the dynamic gateway route to a static one is also a good countermeasure against many attacks.
Even when your device is not being attacked all traffic from your device can be sniffed. If you are using unencrypted communication like http, ftp, pop3, telnet, etc. an attacker can see your usernames, passwords and all information being transmitted so be aware of what information you are requesting and sending. When you really need to use an unencrypted protocol you should first set up a VPN tunnel to a trusted network as this will encrypt all traffic, making sniffing impossible. If you have the luxury of an unlimited (or big) 3G/4G data plan it is also a viable option as these protocols have built-in mechanisms for authentication and encryption and are hard (or at least expensive) to sniff or eavesdrop.
Never leave your computer unattended
Most of us are already used to locking a laptop when you leave for a cup of coffee or something (if you’re not; do it!) but at conferences you should never leave your laptop unattended. Even when it’s locked an attacker can place malware on it with special USB devices. So although you might only be leaving your place for a second, take your laptop with you or give it to someone you know you can trust.
Talking about USB devices; always be suspicious about placing unknown USB devices in your laptop as it one of the most popular ways to infect devices with or spread malware. Even things like USB hubs, keyboards and mice can contain malicious code and plant backdoors in your laptop. Often virus scanners will not detect this so don’t rely on that. Always treat USB as if it stands for Unidentified Security Breach.
Besides the technical threats there is a more obvious one; people. If you are looking at sensitive information or entering passwords always be aware that other people can look at your screen and laptop. For screens you can use screen protectors to make this more difficult, but these don’t prevent people directly behind you from looking at your screen. With respect to eavesdropping what you type; there is little you can do to prevent this so be aware of your surroundings.
Use a conference laptop
If you have become really paranoid after reading this it might be a good idea to start using a conference laptop that you freshly install before and after attending a conference.