Kutaurirana naFrancisco Sanz: CEO weThe Security Sentinel

Iyo Security Sentinel (TSS) ikambani yeSpain yakatsaurirwa kuchengetedzwa kwemakomputa, yakakanganikwa nevakawanda uye yakakosha kwazvo. TSS yakazvipira kuitisa ongororo dzekuchengetedza kumakambani, zvichibva pakutsika kwetsika kana bvunzo dzepentesting, mukuwedzera pakupa makosi ekudzidzisa ekuchengetedza

Malware uye kushomeka inyaya inopisa pablog redu uye kunyanya nenhau dzichangoburwa paVENOM, Inobaya moyo, uye zvimwe zvekuchengetedza zvine chekuita neGNU Linux. Ndicho chikonzero nei tasarudza kubvunzurudza Francisco Sanz, CEO weTSS izvo zvichatipa zvinongedzo pane ino nyaya inonakidza.

Francisco (FS kubva zvino zvichienda mberi) mumwe wevashandi veSSSS. Akadzidza mainjiniya emakomputa kuAutonomous University yeMadrid kuti azowana dhigirii mune manejimendi manejimendi uye kushambadzira kuESIC, kutora Cisco CNNA, PHP uye MySQL programme makosi, kubiridzira kwetsika uye kupasa chitupa cheECH kubva kuEC-Council nechikamu 91% / 100%.

LinuxAdictos: GNU Linux yakakosha kwazvo mundima yekuchengetedza. Mune blog yedu tataura nezve kugoverwa kwakadai saSantoku, Kali, BugTraq, Xiaopan, Parrot OS, WiFislax, DEFT, Backbox, IPCop, kana zvimwe zvinotungamirwa pakubhuroka kwakachengeteka uye zvakavanzika, zvakaita seMiswe uye Whonix. Mukuita kwako kwemazuva ese, ndeapi aunoshandisa?

Francis Sanchez: Zvichienderana nebasa rinofanira kuitwa ... semuenzaniso, pentesting ini ndinoshandisa yangu yekuparadzira (TPS) nemidziyo yekupentesa yatinoshandisa, asi zvichibva pane zvavanofanirwa kuita 7.

THE: Vazhinji vanorwisa yemahara kana yakavhurwa sosi software vachiti haina kunaka mhando kana kusagadzikana zvakanyanya. Ungati kudini kuvanhu ava? Iwe unofunga kuti zviri nyore kurwisa GNU Linux kana FreeBSD muchina nekuti yakavhurwa sosi pane imwe iine Windows nekuti iri kodhi yekodhi, kana iri yakapesana?

FS: Mubvunzo wemamiriyoni emadhora. Kana iwo wakajairwa mubvunzo. Kwandiri haisi iyo system, asi munhu anoisa system yacho.
Kunyangwe zvakadaro, kana ndichifanira kusarudza, ini ndaizogara ndichiti LINUX. Sei? Kune zvikonzero zvakawanda, asi nekusawedzera ini ndinokuudza kuti kumisikidza kwayo kwakachengeteka kupfuura Windows '; iwe unogona zvakare kuita kuti ive yakachengeteka nekuve nesarudzo dzakawanda; uri software yemahara, unogona kuvandudza, kugadzirisa kana kuwedzera masevhisi ekuchengetedza.
Kune rimwe divi, hapana zvinokwanisika kukukanganisa neTrojans nyore.
Kunyangwe zvakadaro, zvinoita sekunge izvozvi Windows ndiyo yakachengeteka, zvinoenderana nemamwe mabhuku ... kana pamwe ndiyo ine mari zhinji ... handizive kana ndikazvitsanangura ini. Mukuenzanisa uku, vanotumidza 119 Linux kernel kutadza ... zvisina kutaurwa ... zvisinei, makumi maviri nemasere anowanikwa pakati peWindows masystem ... asi achidudza huwandu hwakaderera kune yega Windows OS ... ndiyo ... diki seti yenhamba. Kushambadzira kwakawanda;)

THE: Iyo Security Sentinel ishamwari yeiyo Rapid7 Metasploit projekiti, yakavhurwa sosi purojekiti, sevamwe vazhinji vanoshandiswa kupenesa kana kuongorora kweongororo. Uyu muenzaniso wakanaka unojekesa zvatakataura mumubvunzo wapfuura. Haufungi iwe

FS: Zvakanaka, Metasploit (Rapid7), yapedza makore mazhinji ichidyara nguva mukuvandudza kwekushandisa kukuvadza masisitimu emarudzi ese.
Ini ndinofunga kuti mukana wekuti iwe unogona kuvandudza, kugadzirisa kana kuwedzera zvinangwa zvechisimba uye kugona kuishandisa nechimiro chakadai, pasina kubhadhara kana kumirira zviitwa zvitsva, kuva rakavhurwa sosi, zvinoita kuti basa rako rive nyore.
Kunyangwe paine vhezheni yakabhadharwa, neiyo yemahara uye neruzivo rwechirongwa muRuby, Python, perl ... une anoshanda, anoshanda kwazvo anoshanda.
Iniwo ndinofanira kutaura kuti vazhinji veMetasploit vashandisi vanongoshandisa gumi kana makumi maviri muzana ezvavanogona. Muchikamu chinotevera cheEthical Hacking kosi yatiri kuvandudza (CHEE), isu tine musoro wenyaya weMetasploit, uko kwatinozodzidzisa mashandisiro echishandiso zvizere.

THE: Python mutauro wepurogiramu pasi peimwe rezinesi remahara (PSFL) uye kuti iwe uripo chaizvo muchikamu chekuchengetedza. Sei? Chii chakakosha nezvevamwe?

FS: Python ine mukana wakakura kwazvo uye raibhurari yayo. Iko kushandiswa kweizvi uye kunyevenuka kwekudzidza mutauro zvinokubatsira zvakanyanya kugona kuita zvishandiso zvidiki zvinonyanya kubatsira kana uchiita chengetedzo odhita yakavakirwa pentesting.
Iwe unogona zvakare kubatanidza madiki Python zvirongwa nevamwe senge nmap, nessus nezvimwe ... uye izvi zvinokubatsira iwe zvakanyanya kuwedzera basa remupentester.
Isu tinotora kosi muna Chikumi 1 yevadzidzi vedu, Python yevapendi, nekuti tinotenda kuti zvakakosha kuti pentester ashandise mutauro uyu.

THE: Munguva pfupi yapfuura, kumwe kunetsekana kwakakomba kwave kuwanikwa mumapurojekiti akavhurika uye imwe malware inorwisa masisitimu eGNU Linux. Makambani anotengesa yakavharwa software, senge Apple neMicrosoft, vane ekuchengetedza ma Auditor anorwisa avo ega masisitimu ekuvandudza kuchengetedzeka. Iwe unofunga here kuti iro rakavhurika sosi chirongwa kusimudzira nharaunda inofanirwa kufunga kusimudzira tsika iyi?

FS: Zvakanaka, iwe unofunga kuti hapana vaongorori veApache, Debian, Fedora, Ubuntu ... chimwe chinhu ndechekuti ivo vanobhadharisa izvo zvinofambiswa nemamwe mafemu, asi zviripo, zviripo, nekuti ini ndinonzwisisa kuti kugovera kukuru kune vanhu vari kushanda pane izvi. Zvingave zvisina musoro kusava nazvo. Iniwo ndinotenda kuti zvese izvi kubheja kweramangwana. Dambudziko nderekuti, Apple kana Windows vanozopedzisira vagova vane simba rakanyanya kuvhurwa sosi yekuparadzira?

THE: Ngatifambei tiende kune The Security Sentinel vatengi. Mwaka uno wezhizha ndanga ndichikurukura nenjinjiniya yeOracle uye akandiudza kuti akawanda maseva uye supercomputer anotengeswa neLinux kukuvadza yavo system, Solaris, uye kuti ivo vanoshandisa iko kugovera kunonzi Oracle Linux yebasa ravo mazuva ese. Iwe unowana akawanda uye akawanda makambani anoshandisa Linux kana achiri kuvimba zvakanyanya paWindows?

FS: Mune ino chikamu, iwe unowana zvese.
Vatengi vangu ikozvino vanoshandisa Linux yakawanda kumaseva kupfuura Windows, asi vashandisi makomputa vachiri 90% Windows uye yakakwira kwazvo muzana vachiri kushandisa XP !!!

THE: Dzimwe hurumende kana makambani ari kutamira kune kugoverwa kweLinux nekuda kwemikana pamwe nezvakanaka zvinounza. Vamwe vakakwezvwa nekuchengeteka. Iwe ungakurudzira makambani nemasangano kuti aite shanduko iyi here? TSS inopa mazano emahara kune chero mhinduro dzekuchengetedza dzaunoshandisa?

FS: Isu tinopa zano zvichienderana nezvinodiwa nemutengi wega wega. Ndinoda kuti vanhu vabatanidzwe zvakanyanya neLinux, asi dzimwe nguva zita rechiratidzo rinorema zvakanyanya.
Kunyangwe zvakadaro, isu, pese patinokwanisa, kuraira maSeva eLinux nekusimba kwavo, kushanduka uye kuchengeteka.

THE: Vazhinji vashandisi kana makambani havateereri kuchengetedzeka. Kusvika papi pakaipa tsika uye nderipi raungavapa? Tiudze nezvenyaya yakakomba inogona kuburitswa uye iyo iwe yawakaona panguva yechiitiko chako kusimudzira ruzivo kuruzhinji.

FS: Zvakawanda? Pamwe hapana. Chinhu chekutanga chandinozovapa zano ndechekupa kosi diki yekuziva pane zvakakosha zvekuchengetedza komputa.
Kunyangwe mune Mutero Wenzvimbo ini ndawana vashandisi neiyo post-iyo ne password yavo pane yekutarisa!
Asi zvaishamisa kuona in situ, mune diki mharidzo yekambani yedu mune inogona mutengi, inova zvakare kambani inotamba nezvichengetedzeka pamusika wemasheya (broker), teerera kumutungamiriri wezvekushanda kubva kuhofisi yake, shevedzera sainzi yemakomputa "CHII CHINONZI B CHANGU ... CHINYORWA ?? !!"
Kunyangwe mushure mekuona izvi, vangangoita mutengi havana kutiroja ... Mwari vabate vakareurura!

THE: Iye zvino iwe zvakare unodzidzisa makosi ekubavha uye chengetedzo. Iwe wakatora iyo EC-Council CEH (Council Ethical Hacking) bvunzo iwe pachako uye uine mamakisi akanaka. Pane chirevo chinoti "dziviriro yakanakisa imhosva yakanaka", ndinotaura izvi ndichireva kumubvunzo wapfuura. Iwe ungakurudzira vashandisi kuti vatore mhando iyi kosi?

FS: Ndingavakurudzire kuti vasatarise "titulitis" asi panzvimbo yekutora makosi ekudzidza. Isu tinotarisa makosi edu pakuita, nekuti ini handina kufarira kosi iyi yaunotumidza zita, nekuti ini ndakaidzidza ndega, uye zvakare ndisina kuita. Ingoriwo zita. Zvisinei, vadzidzi vedu "vakapwanyika" vachiita maitiro. Asi ivo vanokuudza ...
Mumhanyi anofanira kudzidzira mazuva ese. Isuwo.

THE: Vazhinji vanodavira kuti mubiridzi munhu akaipa. Kunyangwe RAE inomutsanangura semubati anoshandisa ruzivo rwake kuita zvakaipa. Zvinosuruvarisa kunzwa izvi, nekuti zvakatomanikidza mazwi senge "ethical hacking" kuti aonekwe kuitira kuti vanhu vasafunge nezve cybercriminal. Eric Reymond, anodzivirira izwi rekuti "hacker" nedudziro yekutanga uye vanotsigira vachishandisa "cracker" kureva "vakaipa varume." Asi takatarisana nemuchina wekuparadzira weHollywood, iyo yakagadzirawo mukurumbira wakashata nemazhinji emamuvhi uye akateedzana nezvevabiridzi, chii chingaitwe ... Iwe unofungei seyanzvi hwekuchengetedza?

FS: Ini ndinofunga iro izwi rekuba seyehunyanzvi hwemakomputa uyo dzimwe nguva anonyatsoongorora kusvikira awana mhinduro yake. Asi kubva ipapo kupara mhosva ...
Ehe saizvozvo kune vabiridzi vari matsotsi, sezvo panogona kuve nevanodzima moto vari matsotsiwo. Asi sekusinganisirwe muchiitiko chechipiri, nei uchizviita pakutanga?
Muchidimbu, ini ndinofunga kuti RAE inoratidza kusaziva kukuru kana zvasvika pakudaidza izwi rekuti hacker seanobira. Chinhu cheHollywood chiri nani kusazvitaura ...

Ndinovimba wakafarira izvi kutanga kubvunzurudzwa kwezvakateedzana zvatakasimudza kune akakosha manhamba pane yenyika uye yepasi rose chiitiko ...