Re: Recent experience traveling China

["Don M. Blumenthal" <dmb () DONBLUMENTHAL COM>]

Sorry. I clicked Send when moving my cursor to edit what I had written.
================

> From what I understand, security and access issues will vary by where someone is in China. I had no problem with VPN 
> in Beijing, but that was a couple of years ago.

As long as Shawn mentioned them, based on experience, direct or from others in a organization that I work with, the 
State Department warnings are legitimate. Some of the physical surveillance was comically obvious (guy with a telephoto 
lens behind a potted something or other plant),  so I assume that other more subtle activities were going on. A 
colleague caught two men in his hotel apparently checking his computer for files.

My company told employees to leave Macs at home and issued 7" notebooks that we were to keep with us at all times. That 
was a failure (and the colleague above ignored "keep it with you.")  I scrubbed an ancient (10+ years} laptop and put 
Linux on it. All security savvy people that I spotted had Chromebooks or PCs with Linux. All data was on portable 
storage, with any auto backups directed to the those drives or disabled. 

Branching into personal safety of kind, travelers should have at least surgical or gardening masks to give some 
protection from air pollution in the major cities. It was brutal in Beijing. I know that this point is way beyond the 
scope of the question, but the thread skated past VPNs awhile back. :)

Don


​


​


From: Shawn Merdinger
Received: 3/3/2016 1:14:03 PM -05:00
To: SECURITY () listserv educause edu
Clearly a challenging environment.

A few US Gov't resources...not that anything official will provide
clear answers or solutions.

http://travel.state.gov/content/passports/en/country/china.html 
[http://travel.state.gov/content/passports/en/country/china.html]

"Surveillance and Monitoring: Security personnel carefully watch
foreign visitors and may place you under surveillance. Hotel rooms
(including meeting rooms), offices, cars, taxis, telephones, Internet
usage, and fax machines may be monitored onsite or remotely, and
personal possessions in hotel rooms, including computers, may be
searched without your consent or knowledge. Security personnel have
been known to detain and deport U.S. citizens sending private
electronic messages critical of the Chinese government."

https://www.fbi.gov/about-us/investigate/counterintelligence/student-brochure 
[https://www.fbi.gov/about-us/investigate/counterintelligence/student-brochure]

Several tips, but imho the most important:

"n most countries, you have no expectation of privacy in Internet
cafes, hotels, airplanes, offices, or public spaces. All information
you send electronically (fax, computer, telephone) can be intercepted,
especially wireless communications. If information might be valuable
to another government, company or group, you should assume that it
will be intercepted and retained. Security services and criminals can
track your movements using your mobile phone and can turn on the
microphone in your device even when you think it is turned off."

Cheers,
--scm

On 3/3/16, Nasir Hakeem wrote:
> Our group has 2 options, one is the open DNS client that is tied to umbrella
> (uses our approved DNS ips anywhere reachable) and second we have our
> standard Cisco vpn service. Have not had any reported issues with users
> outside the US. This includes China and Middle East.
>
> Nasir Hakeem | Sr. Systems and Network Administrator
>
> Sent via a mobile device
>
>
> On Mar 3, 2016, at 8:56 AM, Hudson, Edward
> <>> wrote:
>
> Tread carefully. We have had experiences with university personnel traveling
> to China and using "purchased" VPN clients which are malware laden.
> We tend to encourage taking a loaner device, stripped down to bare
> essentials and no sensitive data. Also there are potential ITAR issues with
> encryption.
>
> Ed Hudson, CISM
> Director, Information Security
> California State University
> Office of the Chancellor
>
> 401 Golden Shore
> Long Beach, CA 90802
> Tel 562-951-8431
> ehudson () calstate edu
>
>
>
>
>
>
>
>
>
> On 3/3/16, 8:40 AM, "The EDUCAUSE Security Constituent Group Listserv on
> behalf of Emily Harris"
> <> on
> behalf of emharris () VASSAR EDU> wrote:
>
> All:
>
> Vassar has about 40 people taking a trip to China and we are attempting to
> advise them on a number of issues, including maintaining a safe and secure
> computing posture while abroad.
>
> We are a Google school, and as you know, China blocks access to Google
> applications. I am wondering if anyone on the list has recent experience
> traveling to China and using their own institutional VPN. An article I read
> recently indicated that China is cracking down on corporate VPNs and many of
> them do not work. Can anyone speak to experience in this realm? We are
> weighing our options for recommendations to these 40+ people. Thank you!
>
> --
> Emily Harris
> Interim Information Security Officer, CIS
> Vassar College
> 845-437-7221