Monday, August 4, 2008

DefCon PC Hardening

I am preparing to head out to Defcon later this week. Unlike some of my previous trips, this time I will be carrying my laptop with me. There is some stuff that I would like to demo to some people and I also need to be able to connect back to work. The Defcon network is lovingly described as the most hostile network on Earth. While I have never had the please to attend the convention, I have no reason to doubt the complete and utter Truth of this statement.

What are the things that I fear the most (on order of importance)?

  1. Interception of authentication credentials
  2. Compromise of machine
  3. Theft of data
  4. Theft of hardware

To protect against these Bad Things from happening, I took some precautions. This time around, I I am taking a machine with me that does not contain any real data. The machine has been reinstalled from scratch specifically for this event and when I get back, it is going to be re-imaged before it is allowed back onto the network.

Rather than running Windows, I reinstalled the box with Ubuntu Linux (8.04.1) and hardened it by disabling all services and running iptables with a default deny policy on top of that.

Whenever I am going to turn on the machine, I will VPN back to a less-unsafe environment before doing anything else. On the machine, I installed VMWare server and my demo-environment runs in a host-only Virtual Machine that will not be allowed out onto the network.

Looking at the risks above, I feel reasonably comfortable that I am protected from theft of data (there is nothing to steal; all caches are set to purge automatically). The only real attack vector to pwn the box would be via a driver sploit for the wireless card (no hardware off-switch), but that's a risk I'm mitigating by only selectively removing the machine from the hotel room. 

Interception of login credentials should be near-impossible if I can force myself to not do anything without VPN'ing into a safe environment using a good VPN protocol. That leaves the theft of hardware part. The impact of that happening should be small enough since the machine I am carrying has been taken out of rotation due to its age. Besides; it is not mine anyway ;)

Did I forget anything? If so, please let me know ;)



No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.