Ukuxoxisana noFrancisco Sanz: Isikhulu Esiphezulu se-The Security Sentinel

ISecurity Sentinel (TSS) inkampani yaseSpain ezinikele ekuphepheni kwamakhompyutha, ukhohliwe abaningi futhi ubaluleke kakhulu. I-TSS izinikele ekwenzeni ukucwaningwa kwezokuphepha ezinkampanini, ngokuya ngokuhlolwa okuhlelekile noma izivivinyo zokubhala, ngaphezu kokunikeza izifundo zokuqeqesha kwezokuphepha.

I-Malware nokuba sengozini kuyisihloko esishisayo kubhulogi yethu futhi ikakhulukazi ngezindaba zakamuva nge-VENOM, Heartbleed, nezinye izindaba zokuphepha ezithinta i-GNU Linux. Yingakho sithathe isinqumo sokuxoxisana UFrancisco Sanz, isikhulu esiphezulu se-TSS okuzosinika imikhondo ngalesi sihloko esithandekayo.

UFrancisco (FS kusukela manje kuqhubeke) ungomunye wochwepheshe be-TSS. Ufunde ubunjiniyela bamakhompiyutha e-Autonomous University of Madrid ukuze aphothule izifundo zakhe kwezokuphatha nokukhangisa e-ESIC, athathe izifundo zeCisco CNNA, PHP kanye ne-MySQL, ukugenca ngokuziphatha futhi adlulise isitifiketi se-CEH esivela e-EC-Council ngezigaba 91% / 100 %.

LinuxAdictos: I-GNU Linux ibaluleke kakhulu emkhakheni wezokuphepha. Kubhulogi yethu sikhulume ngokusatshalaliswa okufana neSantoku, Kali, BugTraq, Xiaopan, Parrot OS, WiFislax, DEFT, Backbox, IPCop, noma ezinye ezenzelwe ukuphequlula okuphephile nobumfihlo, njengeMisila neWhonix. Enkambisweni yakho yansuku zonke, usebenzisa ziphi?

UFrancisco Sanz: Ngokuya ngomsebenzi okufanele wenziwe ... ngokwesibonelo, ekubambeni ukuphenta ngisebenzisa ukusatshalaliswa kwami ​​(i-TPS) ngamathuluzi okupenda esiwasebenzisayo, kepha ngokuya ngokuthi kufanele 7.

THE: Abaningi bahlasela isoftware yomthombo ovulekile noma ovulekile bethi inezinga eliphansi noma ayizethembi ngokwengeziwe. Ungathini kulaba bantu? Ngabe ucabanga ukuthi kulula ukuhlasela umshini we-GNU Linux noma weFreeBSD ngoba ungumthombo ovulekile kunowodwa oneWindows ngoba iyikhodi yokuphathelene, noma ingabe iphambene?

FS: Umbuzo wesigidi samadola. Noma umbuzo ojwayelekile. Kimi akusilo uhlelo, kepha umuntu osungula uhlelo.
Noma kunjalo, uma kufanele ngithathe isinqumo, ngihlala ngithi i-LINUX. Kungani? Kunezizathu eziningi, kepha ngokunganwebeki ngizokutshela ukuthi ukumiswa kwayo okuzenzakalelayo kuphephe kakhulu kuneWindows '; ungenza futhi ukuthi ivikeleke kakhulu ngokuba nezinketho eziningi; ngokuba isoftware yamahhala, ungathuthukisa, ushintshe noma wandise izinsizakalo zokuphepha.
Ngakolunye uhlangothi, azikho izinto ezingaphunyelelwa zokutheleleka ngamaTrojans kalula.
Noma kunjalo, kubonakala sengathi manje iWindows iphephe kakhulu, ngokusho kweminye imibhalo ... noma mhlawumbe ileyo enemali eningi ... angazi noma ngiyazichaza. Kulesi silinganiso baqamba ukukhubazeka kwe-kernel eyi-119 Linux ... akucacisiwe ... kepha ama-248 avela phakathi kwezinhlelo zeWindows ... kepha ecacisa inani eliphansi leWindows OS ngayinye ... okungukuthi ... isethi encane yezinombolo. Ukumaketha okuningi;)

THE: ISecurity Sentinel inguzakwethu wephrojekthi yeRapid7 Metasploit, iphrojekthi yomthombo ovulekile, njengamanye amaningi asetshenziselwa ukupenda noma ukuhlaziya i-forensic. Kuyisibonelo esihle esenza kucace lokho esikushilo embuzweni owedlule. Awucabangi?

FS: Yebo, iMetasploit (Rapid7), isichithe iminyaka eminingi isitshala isikhathi ekwakhiweni kokuxhaphaza ukulimaza izinhlelo zazo zonke izinhlobo.
Ngicabanga ukuthi ithuba lokuthi ungathuthukisa, uguqule noma unwebise izinhloso zokuxhashazwa futhi ukwazi ukulisebenzisa ngohlaka olufana nalolu, ngaphandle kokukhokha noma ukulinda ukuxhashazwa okusha, ukuba ngumthombo ovulekile, kwenza umsebenzi wakho ube lula kakhulu.
Noma kukhona inguqulo ekhokhelwayo, neyamahhala kanye nolwazi lohlelo ku-ruby, i-Python, i-perl ... unesisebenzi esisebenza kakhulu esisebenziseka kakhulu.
Kumele futhi ngiphawule ukuthi abasebenzisi abaningi beMetasploit basebenzisa kuphela i-10 noma i-20% yamathuba abo. Esifundweni esilandelayo se-Ethical Hacking esisakhulayo (CHEE), sinesihloko esiphelele seMetasploit, lapho sizofundisa ukuthi leli thuluzi lisetshenziswa kanjani ngokugcwele.

THE: I-Python wulimi oluhlelayo ngaphansi kwenye ilayisense yamahhala (i-PSFL) nokuthi ukhona kakhulu emkhakheni wezokuphepha. Kungani? Yini okukhethekile ngabanye?

FS: IPython inenzuzo enkulu kakhulu futhi iyimitapo yayo yezincwadi. Ukusetshenziswa kwalokhu nokukhululeka kokufunda ulimi kukusiza kakhulu ukuthi ukwazi ukwenza amathuluzi amancane awusizo kakhulu lapho wenza ukuhlolwa kwezokuphepha okuncike ekuphepheni.
Ungaxhuma futhi izinhlelo ezincane ze-Python nezinye ezinjenge-nmap, nessus njll ... futhi lokhu kukusiza kakhulu ukusheshisa umsebenzi we-pentester.
Sithatha izifundo ngoJuni 1 zabafundi bethu, i-Python yabadayisi, ngoba sikholelwa ukuthi kubalulekile ukuthi umuntu osebenzisa amaphenti asebenzise lolu limi.

THE: Muva nje, sekutholwe ubungozi obubucayi kumaphrojekthi womthombo ovulekile nakwezinye i-malware ezihlasela izinhlelo ze-GNU Linux. Izinkampani ezithengisa isoftware evaliwe, njenge-Apple neMicrosoft, zinabahloli bezokuphepha abahlasela amasistimu abo ukwenza ngcono ezokuphepha. Ngabe ucabanga ukuthi umphakathi ovulekile wokuthuthukisa iphrojekthi kufanele ucabangele ukukhuthaza lo mkhuba?

FS: Yebo, ucabanga ukuthi abekho abacwaningi mabhuku be-Apache, i-Debian, i-Fedora, i-Ubuntu ... enye into ukuthi bakhokhisa amanye amafemu, kepha akhona, ngoba ngiyaqonda ukuthi ukwabiwa okukhulu kunabantu abasebenza kulokhu . Kungaba okungenangqondo ukungabi nazo. Ngiyakholelwa futhi ukuthi konke lokhu ukubheja ngekusasa. Inkinga ukuthi, ingabe i-Apple noma iWindows izogcina iyisabelo somthombo ovulekile esinamandla kunazo zonke?

THE: Masiqhubekele kumakhasimende e-The Security Sentinel. Kuleli hlobo bengikhuluma nonjiniyela we-Oracle futhi ungitshele ukuthi amaseva amaningi kanye nabadlali abaphezulu bathengiswa ngeLinux kulimaza uhlelo lwabo, iSolaris, nokuthi basebenzise nokusabalalisa okubizwa nge-Oracle Linux ngomsebenzi wabo nsuku zonke. Ngabe uthola izinkampani eziningi ezisebenzisa i-Linux noma zisencike kakhulu ku-Windows?

FS: Kulesi sici, uthola konke.
Amaklayenti ami manje asebenzisa i-Linux eningi kumaseva kune-Windows, kepha amakhompyutha abasebenzisi angama-90% weWindows futhi amaphesenti aphezulu kakhulu asasebenzisa i-XP !!!

THE: Abanye ohulumeni noma izinkampani bathuthela ekusatshalalisweni kweLinux ngenxa yamathuba nezinzuzo okulethayo. Abanye bahehwa ukuphepha. Ungakhuthaza izinkampani nezinhlangano ukuthi zenze lolu shintsho? Ngabe i-TSS yeluleka amaphrojekthi wamahhala nganoma yisiphi isixazululo sokuphepha osisebenzisayo?

FS: Siluleka ngokuya ngezidingo zeklayenti ngalinye. Ngingathanda ukuthi abantu bazibandakanye kakhulu neLinux, kepha kwesinye isikhathi igama lomkhiqizo lisinda kakhulu.
Noma kunjalo, thina, noma kunini lapho sikwazi khona, sokweluleka amaseva we-Linux ngokuqina, ukuguquguquka nokuphepha kwawo.

THE: Abasebenzisi abaningi noma izinkampani abanaki ukuphepha. Kungumkhuba omubi kangakanani futhi ungabanikeza siphi iseluleko? Sitshele ngecala elibucayi elingavezwa nokuthi uke walibona ngesikhathi sokwazi kwakho ukuqwashisa umphakathi.

FS: Kuningi? Cishe akekho. Into yokuqala engingabaluleka yona ukuthi kube ukunikeza isifundo esincane sokuqwashisa ngemithetho eyisisekelo yokuphepha kwamakhompyutha.
Ngisho naku-Agency Agency ngithole abasebenzisi abane-post-it ne-password yabo kwi-monitor!
Kepha bekumangalisa ukubona in situ, kwisethulo esincane senkampani yethu kumakhasimende okungenzeka ukuthi, okuyinkampani futhi edlala ngezokuphepha emakethe yamasheya (broker), lalela umqondisi wezokusebenza ehhovisi lakhe, umemeze usosayensi wamakhompiyutha "YINI I-B YAMI ... IPHASIWEDI ?? !!
Ngisho nangemva kokubona lokhu, ikhasimende elingahle libe khona alizange lisiqashe ... uNkulunkulu ubabambe bavuma!

THE: Manje ufundisa nezifundo zokugenca nokuphepha. Uthathe ukuhlolwa kwe-EC-Council CEH (Council Ethical Hacking) ngokwakho futhi uthole amaphuzu amahle kakhulu. Kukhona isisho esithi "ukuzivikela okuhle kakhulu kuyicala elihle", ngisho lokhu ngibhekisa embuzweni odlule. Ungakhuthaza abasebenzisi ukuthi bathathe lolu hlobo lwenkambo?

FS: Ngingakukhuthaza ukuthi ungagxili ku- "titulitis" kepha kunalokho uthathe izifundo ozozifunda. Sigxila ezifundweni zethu ekusebenzeni, ngoba angizange ngiyithande le nkambo oyisho ngegama, ngoba ngiyifundele ngedwa, nangaphandle kokuzijwayeza. Yisihloko nje. Noma kunjalo, abafundi bethu "bachotshoziwe" benza imikhuba. Kepha bayakutshela ...
Umsubathi kufanele aziqeqeshe nsuku zonke. Nathi.

THE: Abaningi bakholelwa ukuthi isigebenga umuntu omubi. Ngisho neRAE imchaza njengomduni osebenzisa ulwazi lwakhe ukwenza izinto ezimbi. Kuyadabukisa ukuzwa lokhu, ngoba kuze kwaphoqa ukuthi amagama anjengokuthi “hacking ethical” abonwe ukuze abantu bangacabangi nge-cybercriminal. U-Eric Reymond, uvikela igama elithi "hacker" ngencazelo yoqobo futhi abameli basebenzise "cracker" ukubhekisa "kubantu ababi." Kepha ebusweni bomshini we-propaganda waseHollywood, nawo odale idumela elibi ngobuningi bama-movie nochungechunge olumayelana nabaduni, yini engenziwa ... Ucabangani njengochwepheshe wezokuphepha?

FS: Ngithatha igama elithi hacker njengochwepheshe wekhompyutha kwesinye isikhathi ophenya ngokweqile aze athole impendulo yakhe. Kepha kusuka lapho kuya ebugebengwini ...
Vele kukhona abaduni abayizigebengu, njengoba kungenzeka kube nezicishamlilo nazo eziyizigebengu. Kepha njengoba nje kungenziwanga esimweni sesibili, kungani ukukwenza okokuqala?
Ngamafuphi, ngikholelwa ukuthi iRAE ikhombisa ukungazi okukhulu uma kukhulunywa ngokubiza igama elithi hacker ngokuthi yi-hacker. Into yaseHollywood kungcono ukungayikhulumi ...

Ngiyethemba ukuthandile lokhu ingxoxo yokuqala yochungechunge esilukhulisile kubantu ababalulekile enkundleni yezwe neyamazwe omhlaba ...