Sunday, October 21, 2007

Security Data Visualization: Graphical Techniques for Network Analysis by Greg Conti Book Review


Security Data Visualization: Graphical Techniques for Network Analysis by Greg Conti

5 Stars

If you want to get into security visualization this is the book for you. This book gives you everything you need to get started in the field. You may be asking yourself why you should care or want to be interested in Security Visualization. In Chapter 1 the author sums it up nicely. “Visualizations make abstract data more coherent...In many cases, visualizations seek to display large amounts of information in a compact but useful way.”


Before we get into the review, I'll disclose that I know the author and he gave me a review copy. I don't think this makes it easier for the author to get a good review, in fact, I think it makes it harder because I expect a lot from the author. Its his fault I'm into computer and information security and I have taken courses that he taught, so he had high expectations to meet.


The first three chapters, An Overview of Information Visualization, The Beauty of Binary File Visualization, and Port Scan Visualization give you all the background you need to get started and introduce you to the author's visualization tool, RUMINT. It was interesting to see the difference between nmap and unicornscan and paves the way to create signatures for all types of port scanners based on their default behavior. Chapter 4, Vulnerability Assessment and Exploitation, walks us through analyzing a dataset with an attack using the Metasploit Framework, very interesting and shows us that even with metasploit's built-in IDS evasion, in the end it must create sockets and connections and those can be seen with visualization tools (with the proper tweaking and analysis). I read the sample chapter available (CH 5, One Night on My ISP) before I read the whole book, and it was certainly easier to follow after reading the previous chapters. I think it gives you a good taste of what you can do with security visualization tools and what the book can teach you but can be hard to follow without the background material in the previous chapters. Chapter 6, A Survey of Security Visualization, gives us an overview of how other security researchers are solving security problems with different types of visualization. Chapters 7 (Firewall Log Visualization) & 8 (Intrusion Detection Log Visualization) written by the guest author Raffy Marty uses his tool “AfterGlow” to examine firewall logs and Treemaps to try to organize the volumes of IDS data. Chapter 9, Attacking and Defending Visualization Systems, shows us some sample attacks that attackers could use to thwart security visualization tools. The occlusion and windshield wiper attacks were interesting as well as the idea of using graphical attacks to send images to the analyst. Chapters 10-12, Creating a Security Visualization System, Unexplored Territory & Teaching Yourself, closes out the book with discussions and thoughts on building your own security visualization tools, areas of future research and obviously ways to help teach yourself security visualization.


Some likes and dislikes. I liked that the author regularly points us to background material and extra reading for every section. Each section could pretty much be a book in itself so links to more reading and current research was helpful for the specific areas that peeked my interest. I really liked that the book was in color, I don't see the book being near as effective in black and white. I liked the guest author's take on visualization, it was nice to get a second opinion in the same book and it was extremely nice that they didn't cover the same material like a lot of books that have multiple authors seem to do. Lastly, I liked that the author had created his own tool to do some of the visualization and that its freely available on the tool's site. I was able to get up and running with RUMINT from the material in the book and the how-to on the site.


For dislikes, it would have been nice to have access to some of the scripts mentioned in the book. Hopefully the author will post those on his site. I didn't care for the font of the book, Times New Roman, small times new roman font got a little tiresome of reading after a chapter or two (minor gripe)

Overall, a great book and highly recommended to anyone interested in getting started with security visualization.



CG

No comments: