Tools for visualizing IDS output
Spot intruders with these easy security visualization tools.
The flood of raw data generated by intrusion detection systems (IDS) is often overwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive means for sorting through the dizzying data and spotting patterns that might indicate intrusion.
Certain analysis and detection tools use PCAP, the Packet Capture library, to capture traffic. Several PCAP-enabled applications are capable of saving the data collected during a listening session into a PCAP file, which is then read and analyzed with other tools. PCAP files offer a convenient means for preserving and replaying intrusion data.
In this article, I'll use PCAPs to explore a few popular free visualization tools. For each scenario, I'll show you how the attack looks to the Snort intrusion detection system , then I'll describe how the same incident would appear through a security visualization application.
Read full article as PDF:Security_Visualization_Tools.pdf (472.97 kB)
Hosting PCAPs elsewhereIn order to provide the PCAPs referred to in the article, I posted them here:
Missing PCAP filesadd a 2nd voice to the request for the missing PCAP files. Thanks.
Updated reference to the PCAPs in the Security Viz articleRuss Mcree's article, "Spot intruders with these easy security visualization tools" was a great read. However, the links to to the referenced PCAPs don't appear to be in the archive. Could an updated pointer be posted or could they be uploaded.
Longtime litigator revives an ancient suit against IBM alleging Linux infringes on Unix copyrights.
Specialty distro keeps the focus on advanced learning.
The openSUSE Conference will be held July 18-22, 2013, at the Olympic Museum in Thessaloniki, Greece.
Security breached at home sites of the CMS project.
Lead Java developer vows policy changes and more attention to fixing problems.
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
Richard Stallman calls for the W3C to remain independent of vendor interests.
The new release supports nine architectures, 73 human languages, and zero non-Free components.
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.