Among the thousands of security experts at the Black Hat, Defcon, and Security BSides conferences next week in Las Vegas, some will surely test whether they can break into nearby laptops, phones, networks -- even RFID-enabled room keys and credit cards.
Based on hacks in previous years, conference veterans realize the possibility of being owned, and some who blog have issued tips for how to use electronic devices safely and lock them down. Here are tips from two of them, McAfee blogger Joris Evers and Robert Auger on the CGISecurity blog:
[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
- Use a laptop that doesn't contain valuable information. More secure still, but a little crippling, don't bring a laptop at all.
- Patch everything -- operating systems, browsers, firewalls, VPN clients, Java -- everything.
- Don't use Wi-Fi networks, or at least turn off the feature to autoconnect to nearby Wi-Fi networks. Stick with the wired network in your hotel room.
- Don't forget your smartphone. If it has Wi-Fi support, turn off Wi-Fi access.
- Beware USB sticks. Don't use any you borrow, find or receive as gifts at the conferences. If you bring one and use it to sneakernet files onto someone else's computer, don't stick it back in your computer.
- Similarly, beware conference downloads and CDs. Based on past conferences, they might be infected.
- Configure your firewall to block all incoming ports and require outgoing apps to receive manual approval to access the network.
- Update your antivirus software.
- Disable Bluetooth.
- Use a privacy screen on your laptop.
- Clear your browser history and cookies.
- Don't use cellphones within 1,000 feet of the conferences to avoid phony cell stations.
- Use RFID blockers on items such as passports, credit cards and room keys that may be RFID-enabled.
Read more about wide area network in Network World's Wide Area Network section.