Tools for visualizing IDS output

Pictures

Author(s): Russ McRee

Spot intruders with these easy security visualization tools.

The flood of raw data generated by intrusion detection systems (IDS) is often overwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive means for sorting through the dizzying data and spotting patterns that might indicate intrusion.

Certain analysis and detection tools use PCAP, the Packet Capture library, to capture traffic. Several PCAP-enabled applications are capable of saving the data collected during a listening session into a PCAP file, which is then read and analyzed with other tools. PCAP files offer a convenient means for preserving and replaying intrusion data.

In this article, I'll use PCAPs to explore a few popular free visualization tools. For each scenario, I'll show you how the attack looks to the Snort intrusion detection system [1], then I'll describe how the same incident would appear through a security visualization application.

[...]

Read full article as PDF:

Security_Visualization_Tools.pdf (472.97 kB)

Comments

Hosting PCAPs elsewhere

Russ McRee
In order to provide the PCAPs referred to in the article, I posted them here:
http://holisticinfosec.org/toolsmith/files/pcap/
Cheers.
Missing PCAP files

Charlie Brooks
add a 2nd voice to the request for the missing PCAP files. Thanks.
Updated reference to the PCAPs in the Security Viz article

RUSS MCREE
Russ Mcree's article, "Spot intruders with these easy security visualization tools" was a great read. However, the links to to the referenced PCAPs don't appear to be in the archive. Could an updated pointer be posted or could they be uploaded.

Thanks!

comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Direct Download

Read full article as PDF:

Security_Visualization_Tools.pdf (472.97 kB)

News

SCO Rises from the Swamp

Longtime litigator revives an ancient suit against IBM alleging Linux infringes on Unix copyrights.
UberStudent Project Releases UberStudent 3.0

Specialty distro keeps the focus on advanced learning.
openSUSE Conference Approaches

openSUSE, conference, Greece

The openSUSE Conference will be held July 18-22, 2013, at the Olympic Museum in Thessaloniki, Greece.
Drupal.org Hacked

Security breached at home sites of the CMS project.
Oracle Takes Action on Java Security

Lead Java developer vows policy changes and more attention to fixing problems.
Google and NASA Partner in Quantum Computing Project

Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
Mageia Project Announces Mageia 3 Linux

Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
FSF Outs the World Wide Web Consortium over DRM Proposal

Richard Stallman calls for the W3C to remain independent of vendor interests.
Debian 7.0 Debuts

The new release supports nine architectures, 73 human languages, and zero non-Free components.
Alpha Version of Fedora 19 Released

Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.

Tools for visualizing IDS output

Pictures

Read full article as PDF:

Related content

Comments

Hosting PCAPs elsewhere

Missing PCAP files

Updated reference to the PCAPs in the Security Viz article

Visit Our Shop

Direct Download

Read full article as PDF:

Tag Cloud

News