PreparationsFor26C3

26C3 takes place from 27.12.2009 to 30.12.2009 in Berlin. Before attending it, some projects and preparations on your systems and security measures need to be finished!

Laptop

BIOS password

Memorize a sufficient one and set it before arrival at congress.

Bind ports on loopback

Take a look on what services need to be available to the outside world on the laptop.

Service	Port	Usage	Status
rpc.statd	TCP/48518, UDP/818, UDP/36428,	NFS-RPC	Removed package nfs-common
portmap	TCP/111, UDP/111	NFS-RPC	Removed package portmap
inetd	TCP/113	Ident	Disabled service in /etc/inetd.conf
cups	UDP/631	Printer
ntpd	UDP/123	Time Sync
in.tftpd	UDP/69	File Transfer
avahi-daemon	UDP/5353, UDP/44527	Remote Service Discovery
dhclient	UDP/68

Mobile phone

Bluetooth

Turn off completely!

IrDA

Find a way to disable it!

Remote servers

libpam-shield

Is installed on all servers and hooked into PAM stack.

HTTPS for all sites with authentication

Service	Status
Wiki	Forces redirect to HTTPS for users trying to log in
Blog	Supports HTTPS but has no way of redirecting logins to it
WebDAV	All clients are configured to access resources only through HTTPS

Miscellaneous

Icecast2 streaming

Only feed icecast2 server through OpenVPN? because source password would otherwise be visible in clear text on the wire. Use hostname uni.vpn.fladi.at which will automatically point to the VPN. Encoding is done by gstreamer framework which has it's own icecast2 upstream:

gst-launch-0.10 v4l2src ! videorate ! video/x-raw-yuv,width=640,height=480,framerate=25/2 ! ffmpegcolorspace ! theoraenc quality=50 ! oggmux name=mux pulsesrc ! audio/x-raw-int,rate=8000,channels=1,depth=8 ! audioconvert ! vorbisenc ! mux. mux. ! shout2send ip=uni.vpn.fladi.at port=8000 password=<secret> mount=stream.ogg