Lance is a former officer in the Army's Rapid Deployment Force, and the author of numerous Whitepapers on computer security.
In his own words: "I'm a geek who constantly plays with computers, especially network security. I love security because it is a constantly changing environment, your job is to do battle with the bad guys."
Your whitepapers have been a great success. When are you going to release something new? You mentioned getting back to "research mode" for a while.
I'll be releasing something new when I learn something new. I like to share information as I learn it. This tends to happen in spurts. I learned a great deal this summer when the honeypots were compromised by the script kiddie community. Not only did I learn about the tools and tactics of the black-hat community, but I learned a great deal on how to monitor them, such as passive fingerprinting or network traffic analysis. I wrote several papers to share this knowledge.
I and several others are now rebuilding our research, so we can learn more about the more sophisticated black-hats. Once we learn more from that research, we will be sharing our lessons learned once again with the security community.
I always like to be doing research, it keeps me on my toes :)
In your articles you write about Solaris, Linux, etc., but what is the operating system you prefer and why?
Depends on what I am doing, but I feel the most comfortable with both Linux and Solaris. Both have their uses. I like linux for use with my laptop, it also makes a great platform for auditing networks and systems. I find Solaris to be more robust for server use, such as firewalls or application systems.
Which Security Tools you prefer? You mentioned Nessus a couple of times...
I would have to say my three favorite tools are:
All three tools allow you to see what is happening at the network level. They are highly customizable, and the authors of all three tools are extremely helpful. Almost everything I learned from networking is based on these three tools.
Nessus is my tool of choice when I want to take a snapshot of existing vulnerabilities in an organization. It is highly customizable, and the output is simple to query and easy to read.
In your "Know Your Enemy" series you describe script kiddies. What's your opinion on the mass spreading of script kiddies and what influence do you think it will have?
Script kiddies pose a huge risk, and it is only growing. I perceive them as such a threat because:
1. Random: They do not care who their target is, just as long as they can find them. Sooner or later they probe everyone. So, regardless who you are, they will find you. If you have a vulnerable system, they are going to find it.
2. Numbers: These people are growing in numbers, and so are their scans. Its nothing for them to scan millions of systems with a single tool. I have personally found kiddies with files containing over 1.9 million systems that they have already found. Statistics are not in the favor of security.
Script kiddies have been extremelly successful in using these tactics. However, this does not prove how good they are, instead this proves how poorly secured a large percentage of the Internet is. If people addressed only the most basic security issues, I feel far fewer systems would be compromised. I feel the security community is growing in awareness because of this threat, however not as fast as the growth of the Intenet in general.
As regards vulnerabilities, do you agree with them being posted before they are fixed?