What do you think about the full disclosure of vulnerabilities?
I am against full disclosure of vulnerabilities. It does not serve any interest of people who are responsible for security related issues. Yes it may be helpful for hackers. As security professionals, we should be responsible to disclose security related things to only those people who will fix these problems (vendors or developers of open source products). Broadcasting information about vulnerabilities is not in the best interest of the security community.
What advice would you give to people starting to learn about intrusion detection?
I would suggest learning protocols headers and use of sniffers and protocols analyzers (e.g. Ethereal and tcpdump) first. Without knowing what protocols are, and how hackers exploit these protocols, it is difficult to implement a good IDS policy. For example, to detect port scanning, you must know how different flags in TCP header are used for port scanning. Similarly a sniffer is the most important tool under a security person's belt and you must learn and use it extensively.
What are your future plans? Any exciting new projects?
Other than my routine job at Dedicated Technologies, I am working on open source projects to integrate some of these products into solutions so that they can be easily used by security administrators. I am also working on a series of open source books as well.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.