Publisher: No Starch Press
The visualization of security data is useful to the modern security analyst, and it will certainly become essential in certain environments very soon. Never has there been more traffic, more threats and a variety of other reasons to learn more about it. Read on to see how this book can help you.
About the author
Gregory Conti is an Assistant Professor of Computer Science at the U.S. Military Academy in West Point, N.Y. He has spoken at a wide range of academic and hacker conferences, including Black Hat, DEFCON and the Workshop on Visualization for Computer Security (VizSEC). Conti runs the RUMINT open source security visualization project.
Inside the book
Conti begins by illustrating best practices and techniques associated with information visualization. If you haven't used such tools before, this introductory chapter is quite educational as it explains how information visualization should be executed and why. The material continues to evolve as the author shows us the composition of text, image and word processing files. It's very interesting to see the binary visualization of a photo in several different formats.
After a very brief overview of how networks operate, Conti demonstrates the visualization of port scans while mentioning tools such as nmap, Wireshark and fe3d. You'll discover just how much visualization can help you when it comes to the discovery and analysis of these suspicious activities. Information visualization can also play an important role when it comes to vulnerability assessment and exploitation. The author writes about Nessus and Metasploit and illustrates how data visualization can aid your understanding of a variety of attacks.
If you're into real-world practical details, you'll enjoy the chapter where Conti uses visualization techniques to analyze live Internet traffic. The tools used here are Wireshark and the author's own project - RUMINT. What follows is a plethora of examples on how others use visualization techniques for diverse security-related purposes.
Firewall and intrusion detection logs are exceptionally important and the author dedicates two chapters to their visualization. The chapter dedicated to the attack and defense of visualization systems is quite capitvating. As Conti says: "If you build a visualization system and use it for anything significant, sooner or later it will be attacked." Here you can find details on many different attacks including: labeling, occlusion, windshield wiper, autoscale and round-off.
Now that you've gone through all these details it's time to get down and dirty and try to create a security visualization system of your own. The author takes it slowly and offers advice on how to do it packed with numerous key questions you can use to drive yourself in the right direction.
In order to facilitate further research into the subject, Conti closes the book with a collection of online and print resources as well as open source security visualization applications. Each tool is accompanied with a screenshot which is very useful as it gives you an idea if it's what you're looking for.
Security Data Visualization dwells deep into a topic that hasn't gotten so much attention before, it's usually just one of the topics in larger security titles. A very pleasing aspect of this book is the slick paper and the full color print which makes for some pleasant reading and exploration of the screenshots.
Given the nature of the topic and the way it's presented, I see diverse users as the target audience. Whether you're a system administrator or a hacker that like to explore how things function from the inside, you'll gain a lot of useful knowledge from this title. One thing is certain, after going through this book you'll realize that going through an endless stream of raw logs is not the only way to keep an eye on your network and identify potential threats.
Security Data Visualization is among the most interesting, well-written, information packed and beautifully laid out books I've had the pleasure of reading this year. Graphical techniques for network analysis have never been so fascinating.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.