A Defcon survival guide

Defensive measures

My first DEFCON, I didn't even turn on my laptop. Since then, I have always taken a sacrificial laptop. I pack a DVD with a system image and load it up again every night.

I also have created a throw away email account on something like yahoo or hotmail. Usually sheep with a password of baabaa. It usually gets some laughs. But if the important stuff isn't encrypted, I don't send it.

Wish I was going this year, love to see how far Vanna gets.

Free flight anyone?

I would love to go, even to have my laptop owned. I am smarter than the average bear when it comes to security. I like to think I have all bases covered, and against the average script kiddie I have. But to be at DEFCON and get owned, what a dubious honour :) What "an education". I'm still in early learning, I have fuzzed a bit, I have hacked a bit and even tried to reverse some code caught in my honey pot. Compared to the average user I am pretty smart. To the "ignorant" at work I am a genius, lol. Not my view of myself I can assure you. To those participating at DFCON, well, I would just be a victim.

SSH

I would tunnel everything through ssh, that includes DNS. Your server should be secure but say BSD fully patched will be more than up to the task of acting as a router.

RE: SSH

Also try a man in the middle SSH , so you get a key logger type log for everything they do.

Who checks they have the host key setup (which defeats MITM) if they are bringing a blank laptop to the conference ?, maybe make it reject the first attempt so they know it's really their remote server.

dubious honour

@adnim

Dubious indeed - from the stories I've heard, being owned at DEFCON is par for the course.

Going to DEFCON and ***not*** being owned (short of leaving all technology at home and resorting to paper and pen) - now THAT would be a trick...

Or wander in there with a nice portable honey-pot and go home with a new collection of 'sploits and intrusion techniques to pin up on your wall

I love defcon

I will be running my rogue access point again this year. Whenever your windows box goes looking for your home/office SSID in the clear, my AP starts broadcasting that SSID! I give you a DHCP addr (guess what: I'm your default gateway AND your DNS). Loads of fun.

I have new and improved "sheep sniffing" software.

I usually spend a couple months getting ready: fancy new wireless rig (definietly not FCC compliant!) for wireless interception, massive rainbow tables (upgraded to 80gb drive in my laptop), lots of new toys.

I have been practicing popping into iphones and WinMobile2003 smartphones. Making sure my wep crack stuff is perfect. Looking forward to it!

My plane leaves in three hours, gotta get to the airport and get my stuff all set up. See you there!

Jack

How about...

simply turning off all network interfaces, be it wired or wireless? A laptop without any externally accessible interfaces besides it's keyboard and display can't be hacked remotely.

For those who really want to use the net, the best approach is to make a remote vpn gateway, reinforce it as much as possible. By only allowing in a secure vpn connection with a preset key, the remote system can be relatively safe. For the local machine, booting it with linux from a secure live cd with a wired in vpn key, a single remote desktop application set to launch from the init script and connect automatically to the remote system and by using only a minimal set of programs. This way most people who didn't see the boot process would think the laptop is running a standard os (like windows) but the thuth is that it's only acting as a dumb terminal for a hidden remote machine. (hidden: only responds to requests from it's vpn peer /drops all other packets/ and uses a different interface for it's external traffic)

For those who want to have fun, they can use a virtualized system with their real (host) os running without external interfaces and their network enabled (guest) os acting as a decoy (and possibly loaded with data files that look personal but contain custom multi os worms/trojans/viruses/bombs).

My laptop didn't get owned...

Last time I went I just had a fresh install of Slackware on my laptop, and I didn't even try very hard not to get owned...

This year though, I'll be tunneling all my traffic, including DNS to the VPN that I run on my desktop at work, after hopping through a university Linux server. I've heard stories that people ssh to a computer, someone sniffs the destination address, and owns that box, so I plan to only expose attack surface that I don't own...

Should be good fun, except I hear that the weather is supposed to be interesting. 101 Degrees F during massive thunder/rain storms. I'd bet good money that it won't just be a dry heat any more.

Best get myself to sleep so I'm fresh for the road trip tomorrow.

Simpler Security Measures

Even simpler security measures for when your at DefCon.

DO NOT TAKE ANYTHING WITH A CPU IN IT TO DEFCON.

Take a couple of pens and a notebook for note taking, ideas, etc.

False security

I agree with Brian, there is no such thing as totally secure. This is Defcon. This is the most hostile computer network in existance. You will get hacked eventually. Unless you're the second coming or something there is always someone out there that knows that one critical bit of information that you don't that exploit that one tiny insignificant flaw and then it's over.

But, hey, it's a learning experiance. If you can survive Defcon and walk away with all that nice new information they hand out so readily there, securing most other computers and networks should be cake in comparison. Note the most however, there are, of course, jobs and systems where it's pretty much a given your system will come under constant attack.

But go, have fun, enjoy yourself and take something from it.

Title

Or do what I always do and have done for the last 4-5 years now. DON'T stay at the Defcon Hotel which always sucks anyway. AND leave your laptop in your hotel safe. Makes going to Defcon a MUCH more pleasurable experience. Get your email at night. But still use a VPN, hotels aren't all that safe even if they aren't hosting Defcon.

Live CD Anyone?

You can always have an NTFS host OS, then slap Back|Track in when you are at the Con. This way the 2.6 kernel (which cant write to NTFS) could be compromised, but nothing permanant would be probable.

Of course read access is still possible, so dont store NTLM hashes in yer registry or have personal data on the laptop... Strike that, bring lots of pictures of your WIfe, and pictures of your Girlfriend for teh people to post ;-)

-JP

Were I going...

It'd be simple to secure my box. I'd just remove my m-pci WiFi card and run on my AT&T HSDPA card. What have we got for that?