Udliwanondlebe noFrancisco Sanz: I-CEO ye-Security Sentinel

ISentinel yoKhuseleko (TSS) yinkampani yaseSpain enikezelwe kukhuseleko lwekhompyuter, ilityalwe ngabaninzi kwaye ibaluleke kakhulu. I-TSS uzinikele ekwenzeni uphicotho lwezokhuseleko kwiinkampani, ngokusekwe kukuziphatha okuhle okanye kuvavanyo lwepentesting, ukongeza ekunikezeleni izifundo zoqeqesho kwezokhuseleko.

I-Malware kunye nokuba sesichengeni sisihloko esishushu kwibhlog yethu kwaye ngakumbi ngeendaba zamva nje malunga neVENOM, Heartbleed, kunye neminye imiba yezokhuseleko echaphazela iGNU Linux. Kungenxa yoko le nto sithathe isigqibo sokuba nodliwanondlebe UFrancisco Sanz, u-CEO we-TSS eya kusinika imikhondo malunga nesi sihloko sinomdla.

UFrancisco (FS ukusukela ngoku) yenye yeengcali ze-TSS. Ufundele ubunjineli bekhompyuter kwiYunivesithi yase-Autonomous yaseMadrid ukuze kamva afumane isidanga kulawulo lweshishini kunye nentengiso e-ESIC, athathe iikhosi zeCisco CNNA, i-PHP kunye ne-MySQL, ukuqhekeza ngokuziphatha kunye nokupasa isatifikethi se-CEH kwi-EC-Council ngodweliso lwama-91% / 100%.

LinuxAdictos: I-GNU Linux ibaluleke kakhulu kwicandelo lokhuseleko. Kwibhlog yethu sithethe ngezabelo ezinje ngeSantoku, Kali, BugTraq, Xiaopan, Parrot OS, WiFislax, DEFT, Backbox, IPCop, okanye ezinye ezijolise kukhangelo olukhuselekileyo kunye nemfihlo, njengeMisila kunye neWhonix. Kwindlela yakho yemihla ngemihla, zeziphi ozisebenzisayo?

UFrancisco Sanz: Kuxhomekeke emsebenzini ekufuneka wenziwe ... umzekelo, ekusebenziseni ipententent usebenzisa ulwabiwo lwam (i-TPS) ngezixhobo zokubhala esizisebenzisayo, kodwa ngokusekwe kubo.

I: Uninzi luhlasela isoftware yasimahla okanye evulekileyo isithi ikumgangatho ombi okanye ayikhuselekanga. Ungathini kwaba bantu? Ngaba ucinga ukuba kulula ukuhlasela i-GNU Linux okanye umatshini weFreeBSD kuba ingumthombo ovulekileyo kunenye yeWindows kuba ikhowudi yokuthengisa, okanye ngaba ichasene?

FS: Umbuzo wesigidi seedola. Okanye umbuzo oqhelekileyo. Kum ayisiyo inkqubo, kodwa ngumntu oseta inkqubo.
Nangona kunjalo, ukuba kuya kufuneka ndithathe isigqibo, bendiya kuhlala ndisithi i-LINUX. Ngoba? Zininzi izizathu, kodwa ngenxa yokwanda ndingakuxelela ukuba ukumiselwa kwayo okungagungqiyo kukhuseleke ngakumbi kuneWindows '; ungayenza ukuba ikhuseleke ngakumbi ngokuba neendlela ezininzi; ukuba sisoftware yasimahla, ungaphuhlisa, uguqule okanye wandise iinkonzo zokhuseleko.
Kwelinye icala, akukho ziphumo zinokusulela ngeTrojans ngokulula.
Nangona kunjalo, kubonakala ngathi ngoku iWindows yeyona ikhuselekileyo, ngokutsho kolunye upapasho ... okanye mhlawumbi, eyona inemali ... andazi ukuba ndiyazichaza na. Kolu thelekiso babiza i-119 ye-Linux kernel semngciphekweni ... engachazwanga ... nangona kunjalo i-248 ivela phakathi kweenkqubo zeWindows ... kodwa ichaza inani elisezantsi kwiWindows OS nganye ... leyo ... iseti encinci yamanani. Ukuthengisa okuninzi;)

I: I-Sentinel yoKhuseleko liqabane leprojekthi ye-Rapid7 Metasploit, iprojekhthi yemithombo evulekileyo, njengabanye abaninzi abasetyenziselwa ukuhlalutya okanye ukuhlalutya inkundla. Ngumzekelo olungileyo owenza ukuba kucace oko sikuxelileyo kumbuzo ongaphambili. Ngaba awucingi?

FS: Ewe, iMetasploit (Rapid7), ichithe iminyaka emininzi ityala ixesha ekuphuhliseni ukuxhaphaza ukonakalisa iinkqubo zazo zonke iintlobo.
Ndicinga ukuba ukubanakho ukuphuhlisa, ukuguqula okanye ukwandisa iinjongo zokuxhaphaza kwaye ukwazi ukuzisebenzisa ngesakhelo esifana nesi, ngaphandle kokuhlawula okanye ukulinda ukuxhaphazwa okutsha, ukuba ngumthombo ovulekileyo, kwenza umsebenzi wakho ube lula kakhulu.
Nangona kukho ingxelo ehlawulelweyo, kunye nesimahla kunye nolwazi lwenkqubo kwiRuby, iPython, perl ... unomsebenzi oluncedo kakhulu.
Kuya kufuneka ndiphawule ukuba abasebenzisi abaninzi beMetasploit basebenzisa kuphela i-10 okanye i-20% yamathuba abo. Kwikhosi elandelayo ye-Ethical Hacking esiyiphuhlisayo (i-CHEE), sinesihloko esipheleleyo seMetasploit, apho siya kuthi sifundise indlela yokusebenzisa isixhobo ngokupheleleyo.

I: I-Python lulwimi lwenkqubo phantsi kolunye iphepha-mvume lasimahla (PSFL) kwaye ubukho kakhulu kwicandelo lokhuseleko. Ngoba? Yintoni ekhethekileyo ngabanye?

FS: IPython inenzuzo enkulu kwaye ziilayibrari zayo. Ukusetyenziswa kwezi zinto kunye nokufunda ngokulula kolwimi kunceda kakhulu ukuba ukwazi ukwenza izixhobo ezincinci eziluncedo kakhulu xa usenza uphicotho lokhuseleko ngokusekwe kwi-pentesting.
Unokudibanisa iinkqubo ezincinci zePython kunye nabanye njenge-nmap, nessus njl njl ... kwaye oku kukunceda ngakumbi ukukhawulezisa umsebenzi wepentester.
Sithatha ikhosi nge-1 kaJuni kubafundi bethu, i-Python yabahambi ngeentente, kuba sikholelwa ekubeni kubalulekile ukuba umntu ohambahambayo asebenzise olu lwimi.

I: Mva nje, kuye kwabonwa ubungozi obubonakalayo kwiiprojekthi zomthombo ovulekileyo kunye nezinye izinto ezingalunganga ezihlasela iinkqubo ze-GNU Linux. Iinkampani ezithengisa isoftware evaliweyo, enje ngeApple kunye neMicrosoft, zinabaphicothi bezokhuseleko abahlasela ezabo iinkqubo zokuphucula ukhuseleko. Ngaba ucinga ukuba uluntu oluphuculweyo lweprojekthi yoluntu kufuneka luthathele ingqalelo ukukhuthaza le ndlela?

FS: Ewe, ucinga ukuba akukho baphicothi zincwadi ze-Apache, i-Debian, i-Fedora, i-Ubuntu ... enye into kukuba bahlawulisa ezinye iifemu, kodwa zikhona, kuba ndiyaqonda ukuba ulwabiwo olukhulu lunabantu abasebenza kule nto . Akunakuba sengqiqweni ukungabinazo. Ndiyakholelwa ukuba konke oku ukubheja kwikamva. Ingxaki yile, ngaba iApple okanye iiWindows ziya kugqibela ngokuba zezona zinto zinamandla zisasaziweyo?

I: Masiqhubekele kubathengi beSentinel yoKhuseleko. Ehlotyeni bendincokola nenjineli yeOracle kwaye undixelele ukuba iiseva ezininzi nangakumbi kunye neekhompyuter zithengiswa ngeLinux ukwenzakalisa inkqubo yazo, uSolaris, nokuba basebenzise ulwabiwo olubizwa ngokuba yiOracle Linux emsebenzini wabo yonke imihla. Ngaba ufumana ngakumbi nangakumbi iinkampani ezisebenzisa iLinux okanye zixhomekeka kakhulu kwiWindows?

FS: Kule meko, ufumana yonke into.
Abathengi bam ngoku basebenzisa iiLinux ezininzi kuneeseva kuneWindows, kodwa iikhompyuter zomsebenzisi zisese-90% yeWindows kwaye ipesenti ephezulu kakhulu isasebenzisa i-XP !!!

I: Abanye oorhulumente okanye iinkampani bafudukela kusasazo lweLinux ngenxa yamathuba kunye nezibonelelo ezizisayo. Abanye batsaleleka kukhuseleko. Ngaba ungakhuthaza iinkampani nemibutho ukuba yenze olu tshintsho? Ngaba i-TSS iyacebisa ngeeprojekthi zasimahla zazo naziphi na izisombululo zokhuselo ozisebenzisayo?

FS: Sicebisa ngokuxhomekeke kwiimfuno zomthengi ngamnye. Ndingathanda abantu babandakanyeke ngakumbi kwiLinux, kodwa ngamanye amaxesha igama lebrendi linobunzima kakhulu.
Nangona kunjalo, thina, nanini na sinako, ukucebisa iiseva zeLinux ukomelela kwazo, ukuguquguquka kunye nokhuseleko.

I: Abasebenzisi abaninzi okanye iinkampani abazihoyi ezokhuseleko. Kukuziphatha kakubi kangakanani kwaye ungabanika ngcebiso ngantoni? Sixelele ngetyala elinobuzaza elinokuthi libhengezwe kwaye uthe walibona ngexesha lamava akho ukwazisa uluntu.

FS: Zininzi? Phantse akukho mntu. Into yokuqala endinokubacebisa ngayo kukunika ikhosi encinci yokwazisa ngemigaqo esisiseko yokhuseleko kwikhompyuter.
Nokuba kwi-Arhente yeRhafu ndifumene abasebenzisi ngeposi-kuyo kunye negama labo lokugqitha kwisohlo!
Kodwa bekumangalisa ukubona in situ, kwintetho encinci yenkampani yethu kumthengi onokubakho, ekwayinkampani edlala ngokukhuselekileyo kwimarike yemasheya (abarhwebi), mamela umlawuli wezinto ezivela eofisini yakhe, ukhwaze Isazinzulu sekhompyuter "YINTONI BAM B ... IPHASIWEDI ?? !!"
Kwanasemva kokubona oku, umthengi onokubakho akazange asiqeshe ... UThixo ubabambe bavuma!

I: Ngoku ufundisa nezifundo malunga nokugenca kunye nokhuseleko. Uthabathe uvavanyo lwe-EC-Council CEH (iBhunga lokuSebenza ngokuSebenza ngokuziphatha) kunye namanqaku amahle. Kukho intetho ethi "olona khuselo lulungileyo lolwaphulo-mthetho olulungileyo", ndithetha oku ngokubhekisele kumbuzo ongaphambili. Ngaba ungakhuthaza abasebenzisi ukuba bathathe olu hlobo lwekhosi?

FS: Ndingakukhuthaza ukuba ungagxili kwi "titulitis" kodwa endaweni yoko uthathe izifundo oza kuzifunda. Sijolisa iikhosi zethu ekusebenzeni, kuba khange ndiyithande le khosi uyibize ngegama, kuba ndizifundele ngokwam, kwaye ngaphandle kokuziqhelanisa. Yisihloko nje. Nangona kunjalo, abafundi bethu "batyumkile" ngokwenza izinto. Kodwa bayakuxelela ...
Imbaleki kufuneka iziqeqeshe yonke imihla. Nathi.

I: Uninzi lukholelwa ukuba umgculeli ngumntu ongalunganga. Nokuba iRAE imchaza njengomgculeli osebenzisa ulwazi lwakhe ukwenza izinto ezimbi. Kubuhlungu ukuyiva le nto, kuba inyanzelise nokuba amagama anje ngokuba "nokuqhekeka kokuziphatha" abonwe ukuze abantu bangacingi ngesaphuli-mthetho. U-Eric Reymond, ukhusela igama elithi "hacker" ngenkcazo yentsusa kunye nabameli basebenzise "umqhekezi" ukubhekisa "kubantu ababi." Kodwa sijamelene nomatshini wobuxoki waseHollywood, nawo odale igama elibi ngobuninzi beemovie kunye noluhlu malunga nabagculeli, yintoni enokwenziwa ... Ucinga ntoni njengengcali yezokhuseleko?

FS: Ndithathela ingqalelo igama elithi hacker njengengcali yekhompyuter ethi ngamanye amaxesha iphande ngokungakhathali de ifumane impendulo. Kodwa ukusuka apho ukuya kulwaphulo-mthetho ...
Ewe bakhona abagcini abazizaphuli mthetho, nanjengoko kunokubakho abacimi-mlilo abazizaphuli-mthetho. Kodwa njengokuba ingafakwanga ngokubanzi kwimeko yesibini, kutheni iyenza eyokuqala?
Ngamafutshane, ndicinga ukuba i-RAE ibonisa ukungazi okukhulu xa kuziwa ekubizeni igama elithi hacker njenge-hacker. Into yaseHollywood kungcono ukuba ungayikhankanyi ...

Ndiyathemba uyithandile le Udliwanondlebe lokuqala kuthotho esiphakamisileyo amanani abalulekileyo kwimeko yesizwe nakwamanye amazwe ...