Infrasec/Compute SecConf

Security Conferences in general can be a hostile place for using your computer and it is important to know what is going on around you. So to set the scene, I am talking about the networks within the conference halls and even in your hotel room. While all the conferences have a varied level of scary, using caution with everything you are doing on your computer is best.

Note: If any of the terms in the "recommendation" section mean nothing or you have no idea what I am talking about, you probably shouldn't use your computer or wireless device at these conferences. You should also make sure you turn off Bluetooth and Wifi on all your devices.

1. Don't use your regular system.
   1. At least for me, I have a lot on my system and I wouldn't want anything to happen to it. So instead, I have a security conference system.
2. Have some password diversity
   1. Don't use the same password for everything. Break them up into different levels such as company, personal, social network and banking.
3. Rouge Access Points
   1. This one is a tough one, at Blackhat typically there are people spoofing the conference access points, so beware of what you are using. If you can verify the MAC address of the access point.
4. Tunnel and Proxy out of the conference
   1. Depending upon your host OS, it is best to use a secure connection such as IPSec, SSH or an SSL VPN to an outside host and proxy all of your traffic to that host. This does two things, you can ensure that if you do have passwords flying around in plain text they won't be seen and if you have established this connection priory to the conference, you can ensure there isn't any tampering with your traffic.
5. Accepting untrusted SSL/HTTPS certificates or even SSH keys