Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools - and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.
Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.
Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior - like how vulnerabilities are exploited and how worms and viruses propagate.
You'll learn how to use visualizationtechniques to:
Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT
See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document
Gain insight into large amounts of low-level packet data
Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks
View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks
View and analyze firewall and intrusion detection system (IDS) logs
Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective