Preparing your laptop for a security conference

Taking your laptop with you to a hacker/security conference is not without risks. As a security geek, you should be paranoid either way. So how do you go about securing your system?

Well, the best way to guarantee the integrity of your laptop is to make a backup of your laptop and restore it after the conference. Of course, it doesn't hurt to patch your system, make sure it has AV scanning + firewall and some system hardening. Just to make sure you don't end up with a compromised or non-booting laptop during the security conference. Have a look at the digital self-defense article from Didier Stevens for some more details.

After this basic advice, I suggest you have a look at the How to survive part of the 25C3 Wiki which has loads of interesting information. Going from having your laptop lock tested by the lockpicking clubs to setting up a VPN for your iPhone.

Whatever you do, don't use unencrypted protocols like POP3 or HTTP to send or view confidential information. Especially when using the wireless.

But as we saw during a Google developer conference, a wired network can also lead to man-in-the-middle attacks.

Use an SSH tunnel (or even better IPSEC) to encrypt all your traffic.

Some additional resources to wrap up this post:

(Photo under creative commons from RobotSkirts' photostream)


Anonymous said...

thx for the intresting read

Danu said...

Well I think I'll just backup my laptop and restore it after the conference. I'm hopless to understand the rest part of the article... hehehe...