There's Gold in Them Thar Devices - Gold Medals are not the only things some hope to win this summer.
by Jeff Bardin, The Brave New World of InfoSec
Tue, 2008-05-27 10:55
Topic(s):

Like the Gold Rush of 1848, the Bejing Olympics of 2008 will result in the mining of information and the panning for data. Here are some ideas of what to do to protect your data (whether traveling to Bejing or anywhere for that matter):

  • Encrypt all corporate devices if you must bring them;
  • If you cannot encrypt, remove sensitive data prior to going; establish BIOS level password; never let the device(s) out of your site; keep with you 24x7 (do not leave anything in your hotel room or office);
  • Encrypt flash drives – remove sensitive data; Better yet, don't bring them;
  • Do not bring MP3 players;
  • Digital cameras - remember they come with storage and will be plugged into your laptop/PC; if you must leave it in your hotel, take the storage card with you;
  • Cell phones – keep with you at all times; - remove sensitive data; password lock and encrypt where possible; do not bring your SD chips;
  • Do not speak of sensitive issues in hotel rooms or other public areas;
  • Use encryption (VPN / SSL VPN) in all connections;
  • Do not connect to the Internet in open areas (kiosks, cafes, etc.);
  • Do not use wireless connections unless you absolutely must;
  • Know what processes run on your laptops prior to going (inventory all processes) using tools such as Process Controller (k23 Productions) or use a blacklist/graylist/whitelisting solution;
  • Ensure all AV and Firewalls are updated on your laptops and cell phones (if you have this functionality on your cellphones); Minimize ports in use;
  • Query your IT/Security organizations to establish anomaly based IPS on your laptops;
  • If you can't encrypt your hard drive, establish a BIOS level password and remove sensitive data;
  • Use Group Policy Objects for the event only if need be to prohibit CD/DVD, USB port, firewire, SD slot usage;
  • Remove any admin rights and give the user basic rights only;
  • Remove any password storage software;
  • Run only bare bones minimum configurations;
  • Consider removing wireless access;
  • Don't allow for cellular card usage;
  • If any of your devices are confiscated and then returned to you, do not use them again - trash them;
  • If you have centralized control of your smartphones, cell phones, PDAs, etc., be prepared to have them remotely wiped;
  • Ensure your passwords are all up-to-date and very strong;
  • When using your laptops to communicate to your company, stay away from Windows and open spaces (Clear Shot);
  • Get a 3M screen filter;
  • Make all travelers aware - train;

Or to avoid most of this pain, just don't bring the stuff - drop off the grid for a few days and enjoy the games.

» read more from Jeff Bardin | post a comment
Reader Feedback
Fri, 2008-08-01 00:29
From FOX News - ?
By Jeff Bardin

Foreign-owned hotels in China face the prospect of "severe retaliation" if they refuse to install government software that can spy on Internet use by hotel guests coming to watch the summer Olympic games, a U.S. lawmaker said Tuesday.

Sen. Sam Brownback, a Republican, produced a translated version of a document from China's Public Security Bureau that requires hotels to use the monitoring equipment.

"These hotels are justifiably outraged by this order, which puts them in the awkward position of having to craft pop-up messages explaining to their customers that their Web history, communications, searches and key strokes are being spied on by the Chinese government," Brownback said at a news conference.

A spokesman for the Chinese embassy in Washington did not immediately respond to a request for comment.

Brownback said several international hotel chains confirmed receiving the order from China's Public Security Bureau. The hotels are in a bind, he said, because they don't want to comply with the order, but also don't want to jeopardize their investment of millions of dollars to expand their businesses in China. The hotel chains that forwarded the order to Brownback are declining to reveal their identities for fear of reprisal. The Public Security Bureau order threatens that failure to comply could result in financial penalties, suspending access to the Internet or the loss of a license to operate a hotel in China.

"If you were a human rights advocate, if you're a journalist, you're in room 1251 of a hotel, anything that you use, sending out over the Internet is monitored in real time by the Chinese Public Security bureau," Brownback said. "That's not right. It's not in the Olympic spirit."

Brownback and other lawmakers have repeatedly denounced China's record of human rights abuses and asked President George W. Bush not to attend the Olympic opening ceremonies in Beijing.

Brownback plans to introduce a resolution in the Senate on Tuesday that will urge China to reverse its actions.

» Reply | Report as spam
Thu, 2008-06-12 13:19
Now Confirmed - HACKED!
By Jeff Bardin

http://wolf.house.gov/index.cfm?sectionid=34&parentid=6&sectiontree=6,34&itemid=1174

 

» Reply | Report as spam
Fri, 2008-05-30 18:07
2008 Olympic Security for Corps
By Anonymous

Thanks for addressing the 800 lb gorilla in the corner.

» Reply | Report as spam
Fri, 2008-05-30 15:27
U.S. won't confirm report of Chinese hacking
By Jeff Bardin

http://www.cnn.com/2008/US/05/30/china.hackers/index.html

 

» Reply | Report as spam

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast