- Taschenbuch: 246 Seiten
- Verlag: No Starch Press; Auflage: 1., Aufl. (Oktober 2007)
- Sprache: Englisch
- ISBN-10: 1593271433
- ISBN-13: 978-1593271435
- Größe und/oder Gewicht: 17,8 x 1,8 x 23,5 cm
- Durchschnittliche Kundenbewertung: Schreiben Sie die erste Bewertung
- Amazon Bestseller-Rang: Nr. 810.740 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
- Komplettes Inhaltsverzeichnis ansehen
Security Data Visualization: Graphical Techniques for Network Analysis: Graphical Techniques for Rapid Network and Security Analysis (Englisch) Taschenbuch – Oktober 2007
Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.
Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.
Wenn Sie dieses Produkt verkaufen, möchten Sie über Seller Support Updates vorschlagen?
Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools - and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence. Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities. Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior - like how vulnerabilities are exploited and how worms and viruses propagate.You'll learn how to use visualization techniques to: Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document Gain insight into large amounts of low-level packet data Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks View and analyze firewall and intrusion detection system (IDS) logs Security visualization systems display data in ways that are illuminating to both professionals and amateurs.Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective
Über den Autor und weitere Mitwirkende
Greg Conti, an Assistant Professor of Computer Science at the U.S. Military Academy in West Point, N.Y., has been featured in IEEE Security and Privacy magazine, the Communications of the ACM, and IEEE Computer Graphics and Applications magazine. He has spoken at a wide range of academic and hacker conferences, including Black Hat, DEFCON and the Workshop on Visualization for Computer Security (VizSEC). Conti runs the open source security visualization project, RUMINT, http: //www.rumint.org/.
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta) (Kann Kundenrezensionen aus dem "Early Reviewer Rewards"-Programm beinhalten)
As previously mentioned, the author has serious trouble maintaining focus on his intended audience, and spends far too much time providing security basics, when the audience who will understand the significance of this book will be intermediate/advanced security people.
The entire book is only 230 pages including images, and can easily be read in an afternoon or two. Without images, it clocks in at well under 200 pages. Many of the chapters ended prematurely, when the information was just starting to get really interesting.
Many of the images really could have been done better. For example, in several screenshots he shows packet traces in rumint, but it's impossible to tell which source and destination packets are which, because he uses 192.168.1.1 and 192.168.1.2 as his IP addresses, whereas designating one box in the 10.x range and another in the 192.168.x range would have illustrated his point much better. Several of the color choices in his statistical analyses were far too similar for easy distinction (blue and dark gray against a black background? Really?).
I did find his treeview analyses of snort logs very interesting and useful, and the chapter on analyzing firewall logs and how to determine how to parse the logs was really good.
In all, it's not a bad book, but it's clear that this author has much knowledge to impart, and I'm disappointed that more of it didn't make it into this book.
Before we get into the review, I'll disclose that I know the author and he gave me a review copy. I don't think this makes it easier for the author to get a good review, in fact, I think it makes it harder because I expect a lot from the author. Its his fault I'm into computer and information security and I have taken courses that he taught, so he had high expectations to meet.
The first three chapters, An Overview of Information Visualization, The Beauty of Binary File Visualization, and Port Scan Visualization give you all the background you need to get started and introduce you to the author's visualization tool, RUMINT. It was interesting to see the difference between nmap and unicornscan and paves the way to create signatures for all types of port scanners based on their default behavior. Chapter 4, Vulnerability Assessment and Exploitation, walks us through analyzing a dataset with an attack using the Metasploit Framework, very interesting and shows us that even with metasploit's built-in IDS evasion, in the end it must create sockets and connections and those can be seen with visualization tools (with the proper tweaking and analysis). I read the sample chapter available (CH 5, One Night on My ISP) before I read the whole book, and it was certainly easier to follow after reading the previous chapters. I think it gives you a good taste of what you can do with security visualization tools and what the book can teach you but can be hard to follow without the background material in the previous chapters. Chapter 6, A Survey of Security Visualization, gives us an overview of how other security researchers are solving security problems with different types of visualization. Chapters 7 (Firewall Log Visualization) & 8 (Intrusion Detection Log Visualization) written by the guest author Raffy Marty uses his tool "AfterGlow" to examine firewall logs and Treemaps to try to organize the volumes of IDS data. Chapter 9, Attacking and Defending Visualization Systems, shows us some sample attacks that attackers could use to thwart security visualization tools. The occlusion and windshield wiper attacks were interesting as well as the idea of using graphical attacks to send images to the analyst. Chapters 10-12, Creating a Security Visualization System, Unexplored Territory & Teaching Yourself, closes out the book with discussions and thoughts on building your own security visualization tools, areas of future research and obviously ways to help teach yourself security visualization.
Some likes and dislikes. I liked that the author regularly points us to background material and extra reading for every section. Each section could pretty much be a book in itself so links to more reading and current research was helpful for the specific areas that peeked my interest. I really liked that the book was in color, I don't see the book being near as effective in black and white. I liked the guest author's take on visualization, it was nice to get a second opinion in the same book and it was extremely nice that they didn't cover the same material like a lot of books that have multiple authors seem to do. Lastly, I liked that the author had created his own tool to do some of the visualization and that its freely available on the tool's site. I was able to get up and running with RUMINT from the material in the book and the how-to on the site.
For dislikes, it would have been nice to have access to some of the scripts mentioned in the book. Hopefully the author will post those on his site. I didn't care for the font of the book, Times New Roman, small times new roman font got a little tiresome of reading after a chapter or two (minor gripe)
Overall, a great book and highly recommended to anyone interested in getting started with security visualization.
Other areas of concern were many of the visualizations and coverage were on the authors own tool called RUMIT. The group felt a lacking of coverage of other tools such as wireshark, etherape, GGobi, or log parser to name a few. The group also felt that at times the author lost a little focus on the audience, who would presumably based on the title and content would be an advanced user and not need things like the TCP/IP primer in chapter 3.
With this in mind, the group still felt it was a good book as a primer to security visualization. And they not only gained insight in to how to security visualization works but got a checklist on what to look for when setting up their own security visualization system.
Ähnliche Artikel finden
- Fremdsprachige Bücher > Computer & Internet > Informatik > Modellierung & Simulation
- Fremdsprachige Bücher > Computer & Internet > Netzwerke > Netzwerke, Protokolle & APIs
- Fremdsprachige Bücher > Computer & Internet > Sicherheit & Verschlüsselung
- Fremdsprachige Bücher > Computer & Internet > Webentwicklung > Web Design