Canadians learn Defcon network security secrets

TORONTO – A team of less than 10 people that gets only three days to set up the network infrastructure for the world’s longest running and largest underground hacking conference will have to relearn old lessons all over again when DefCon 19 is held next year.

In a session at the annual Security Education Conference Toronto (SecTor) event Wednesday, two of the team members said organizers of Defcon, which is held every year in Las Vegas, are expecting an increase in traffic and are considering a network controller upgrade to allow the use of the 802.11n wireless standard. The main priority, however, will simply be continuing to successfully set up and manage a temporary network in as secure a manner as possible in the middle of a major U.S. tourist centre.

“The goal is to have something secure-ish,” said David Bryan, a security professional with Chicago-based Trustwave Spiderlabs. “Nothing is completely (secure), but we hope that with what we do that you’ll have some semblance of privacy.”

Defcon has not been without its security breaches. Beyond some controversial presentations about hacking, Bryan recalled incidents where members of the press found their laptop security compromised while attempting to cover the event. “That doesn’t go over very well,” he noted. “They tend to write nasty articles when that happens.”

The time crunch is not the only challenge around setting up the Defcon network. The team of eight people come from places like Vancouver, San Francisco and elsewhere, so getting together is not easy. The venue for the event is constantly changing. For a few years it was in the Plaza Hotel, then the Aladdin, then more recently the Riviera Hotel. Each has its own unique issues. Bryan recalled, for example, that Aladdin maintenance staff went home on weekends.

Then there are the labour issues. In hotels without a union, Bryan said, the team can usually drop cables or install access points wherever they wish. In unionized environments, there can be different union organizations responsible for various areas of the hotel, such as the roof or the parking lot, and requests and agreements have to be made with each of them, which means you need a lot more prep time to determine where the cable drops will be.

Defcon has more recently tried to ensure there is Wi-Fi access everywhere, said Luiz Eduardo, senior security engineer with Nitro Security in Portsmouth, N.H. But it’s more than just a case of setting up access points.

“You try to do roaming tests, but before the conference begins, there’s nobody there,” he said. “It’s really hard. You have to basically learn the layout and plan as best you can.”

Next year, however, Defcon 19 will be moving to the Rio Hotel, so, “we’ll have to relearn everything again,” he said.

Capping it all off is a serious lack of equipment. “This is a grassroots kind of thing,” said Bryan. The only money that really comes in is through ticket sales and merchandise such as T-shirts. The network team owns about six switches, he said, and has traditionally borrowed switches from similar events like the Black Hat conference to supply the rooms for breakout sessions. “We’re hoping to get more hardware of our own next year.”

To grapple with all these things, the team is broken into three main groups: one that handles infrastructure, one that takes on wireless and one that deals with video. The overall network has evolved considerably since Defcon started in the early 90s, with 130 VLAN interfaces ending up at the firewall at Defcon 18 this past year. Fifty of those VLANs are encrypted, another 50 aren’t, and 30 are set up for internal segments. The segmentation is key to the network strategy. The team has learned over time to recognize the needs of the general public versus the media in attendance, the speakers, or the staff who work the registration desk.

In terms of products, the network is based on an Aruba Networks 6000 controller and AP 70 Access Points, and the software is FreeBSD. Bryan said the team used to use Open BSD, but found it couldn’t fully utilize multi-processor boxes.

Although the end result is usually relatively smooth, Eduardo said the team has learned to deal with things like device incompatibility, like last year, when there were bugs with iPad users. Worse are rogue attendees.

“People bring jammers. People do like to mess with the network,” he said.

The team is eager to share its best practices, and has set up a Web site with more information.

Defcon has some Canadian origins. It was originally meant to be a party for members of “Platinum Net” a Fido protocol-based hacking network based here.

SecTor 2010 wrapped up Wednesday.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now