Security Data Visualization: Graphical Techniques for Network Analysis
Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools—and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.
Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.
Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior—like how vulnerabilities are exploited and how worms and viruses propagate.
You'll learn how to use visualization techniques to:
- Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT
- See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document
- Gain insight into large amounts of low-level packet data
- Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks
- View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks
- View and analyze firewall and intrusion detection system (IDS) logs
Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective.
Table of Contents
Chapter 1: An Overview of Information Visualization
Chapter 2: The Beauty of Binary File Visualization
Chapter 3: Port Scan Visualization
Chapter 4: Vulnerability Assessment and Exploitation
Chapter 5: One Night on My ISP
Chapter 6: A Survey of Security Visualization
Chapter 7: Firewall Log Visualization
Chapter 8: Intrusion Detection Log Visualization
Chapter 9: Attacking and Defending Visualization Systems
Chapter 10: Creating a Security Visualization System
Chapter 11: Unexplored Territory
Chapter 12: Teaching Yourself