¿Ü±¹µµ¼
ÄÄÇ»ÅÍ
ÀÎÅͳÝ/À¥ °³¹ß
2013³â 9¿ù 9ÀÏ ÀÌÈÄ ´©Àû¼öÄ¡ÀÔ´Ï´Ù.
Á¤°¡ |
59,000¿ø |
---|
59,000¿ø
1,770P (3%Àû¸³)
ÇÒÀÎÇýÅÃ | |
---|---|
Àû¸³ÇýÅà |
|
|
|
Ãß°¡ÇýÅÃ |
|
À̺¥Æ®/±âȹÀü
¿¬°üµµ¼
»óÇ°±Ç
ÀÌ»óÇ°ÀÇ ºÐ·ù
¸ñÂ÷
Preface | p. xiii |
Acknowledgments | p. xix |
About the Author | p. xxiii |
Visualization | p. 1 |
What Is Visualization? | p. 2 |
Why Visualization? | p. 3 |
Visualization Benefits | p. 5 |
Security Visualization | p. 6 |
Security Visualization's Dichotomy | p. 7 |
Visualization Theory | p. 8 |
Perception | p. 9 |
Expressive and Effective Graphs | p. 11 |
Graph Design Principles | p. 13 |
Information Seeking Mantra | p. 18 |
Summary | p. 19 |
Data Sources | p. 21 |
Terminology | p. 22 |
Security Data | p. 23 |
Common Problems | p. 24 |
Incomplete Information | p. 25 |
Source/Destination Confusion | p. 26 |
Packet Captures | p. 27 |
Traffic Flows | p. 30 |
Collecting Traffic Flows | p. 32 |
Aggregating Traffic Flows | p. 35 |
Clustering Traffic Flows | p. 36 |
Anonymizing Traffic Flows | p. 36 |
Firewalls | p. 37 |
Intrusion Detection and Prevention Systems | p. 40 |
Passive Network Analysis | p. 43 |
Operating Systems | p. 45 |
Real-Time Operating System Information | p. 46 |
Operating System State Information | p. 49 |
Operating System Log Problems | p. 53 |
Applications | p. 55 |
Web Proxy | p. 56 |
p. 58 | |
Databases | p. 60 |
Configurations | p. 62 |
Summary | p. 64 |
VisuallyRepresenting Data | p. 65 |
Graph Properties | p. 66 |
Data Types | p. 66 |
Color | p. 68 |
Size, Shape, and Orientation | p. 69 |
Chart Axes | p. 69 |
Simple Charts | p. 70 |
Pie Chart | p. 71 |
Bar Chart | p. 72 |
Line Chart | p. 73 |
3D Bar Charts | p. 74 |
Stacked Charts | p. 75 |
Stacked Pie Chart | p. 76 |
Stacked Bar Chart | p. 77 |
Stacked Line Chart | p. 78 |
Histograms | p. 78 |
Box Plots | p. 80 |
Scatter Plots | p. 82 |
Parallel Coordinates | p. 85 |
Link Graphs | p. 87 |
Maps | p. 93 |
Treemaps | p. 96 |
Three-Dimensional Views | p. 100 |
Three-Dimensional Scatter Plots | p. 101 |
Three-Dimensional Link Graphs | p. 103 |
Interaction and Animation | p. 104 |
Interaction | p. 104 |
Animation | p. 105 |
Choosing the Right Graph | p. 109 |
Challenges | p. 115 |
Summary | p. 117 |
From Data to Graphs | p. 119 |
Information Visualization Process | p. 119 |
Define the Problem | p. 121 |
Assess Available Data | p. 122 |
Process Information | p. 124 |
Adding Additional Data | p. 126 |
Filtering Log Entries | p. 127 |
Aggregation | p. 128 |
Data Processing Challenges | p. 129 |
Visual Transformation | p. 132 |
Data Mapping | p. 132 |
Size and Shape | p. 137 |
Color | p. 140 |
View Transformation | p. 143 |
Aggregation | p. 144 |
Interpret and Decide | p. 146 |
Tools for Data Processing | p. 150 |
Excel, OpenOffice, and Text Editors | p. 151 |
Regular Expressions | p. 151 |
UNIX tools | p. 152 |
Perl | p. 155 |
Parsers | p. 157 |
Other Tools | p. 158 |
Summary | p. 158 |
Visual Security Analysis | p. 161 |
Reporting | p. 162 |
Reporting Tools | p. 164 |
Issues and Problems | p. 165 |
Reporting Machine Access-An Example | p. 165 |
Historical Analysis | p. 169 |
Time-Series Visualization | p. 169 |
Correlation Graphs | p. 189 |
Interactive Analysis | p. 192 |
Forensic Analysis | p. 197 |
Real-Time Monitoring and Analysis | p. 228 |
Dashboards | p. 228 |
Situational Awareness | p. 236 |
Summary | p. 237 |
Perimeter Threat | p. 239 |
Traffic-Flow Monitoring and Analysis | p. 240 |
Service Characteristics | p. 240 |
Service Anomalies | p. 245 |
Worm Detection | p. 250 |
Denial of Service | p. 254 |
Botnets | p. 257 |
Policy-Based Traffic-Flow Analysis | p. 264 |
Firewall Log Analysis | p. 268 |
Firewall Visualization Process | p. 268 |
Firewall Ruleset Analysis | p. 272 |
Intrusion Detection System Signature Tuning | p. 278 |
Wireless Sniffing | p. 286 |
Email Data Analysis | p. 290 |
Email Server Analysis | p. 291 |
Social Network Analysis | p. 298 |
Vulnerability Data Visualization | p. 302 |
Risk-Posture Visualization | p. 304 |
Vulnerability-Posture Changes | p. 310 |
Summary | p. 312 |
Compliance | p. 315 |
Policies, Objectives, and Controls | p. 316 |
Regulations and Industry Mandates | p. 318 |
IT Control Frameworks | p. 322 |
Logging Requirements | p. 324 |
Audit | p. 328 |
Audit Data Visualization | p. 332 |
Business Process Monitoring | p. 333 |
Compliance Monitoring | p. 338 |
Risk Management | p. 343 |
Control Objective Prioritization | p. 345 |
Risk Visualization | p. 346 |
Separation of Duties | p. 356 |
An Example of Applying Visualization to an SoD Audit | p. 357 |
Generating SoD Graphs | p. 360 |
Database Monitoring | p. 362 |
Summary | p. 370 |
Insider Threat | p. 373 |
Insider Threat Visualization | p. 374 |
What Is a Malicious Insider? | p. 374 |
Three Types of Insider Crimes | p. 375 |
Information Theft | p. 376 |
Fraud | p. 382 |
Sabotage | p. 387 |
Who Are the Malicious Insiders? | p. 390 |
Information Theft | p. 390 |
Fraudster | p. 391 |
Saboteur | p. 391 |
A Detection Framework for Malicious Insiders | p. 392 |
Precursors | p. 392 |
Assigning Scores to Precursors | p. 394 |
Insider-Detection Process | p. 396 |
Summary of Insider-Detection Process | p. 408 |
Insider-Detection Process at Work | p. 409 |
Improved Insider-Detection Process | p. 414 |
Watch Lists | p. 415 |
Adding Watch Lists to the Insider-Detection Process | p. 419 |
Grouping Precursors into Buckets | p. 420 |
Candidate Graph Based on Precursor Buckets | p. 422 |
Improved Insider-Detection Process Summary | p. 424 |
Extended Insider-Detection Process at Work | p. 424 |
Challenges | p. 431 |
Proactive Mitigation | p. 432 |
Sample Precursors | p. 433 |
Summary | p. 444 |
Data Visualization Tools | p. 445 |
Data Inputs | p. 446 |
Comma Separated Values | p. 446 |
TM3 | p. 447 |
DOT | p. 448 |
GML | p. 449 |
Freely Available Visualization Tools | p. 450 |
Static Data Graphs | p. 451 |
Stand-Alone Applications | p. 464 |
Open Source Visualization Libraries | p. 492 |
Java Libraries | p. 493 |
Non-Java Libraries | p. 494 |
Charting Libraries | p. 495 |
Libraries Summary | p. 496 |
Online Tools | p. 497 |
Swivel | p. 498 |
Many Eyes | p. 499 |
Google Maps and Google Earth | p. 499 |
Google Chart API | p. 501 |
Commercial Visualization Tools | p. 502 |
Advizor | p. 502 |
Other Commercial Visualization Tools | p. 504 |
Summary | p. 505 |
Index | p. 507 |
Table of Contents provided by Ingram. All Rights Reserved. |
Ã¥¼Ò°³
APPLIED SECURITY VISUALIZATION ldquo;Collecting log data is one thing, having relevant information is something else. The art to transform all kinds of log data into meaningful security information is the core of this book. Raffy illustrates in a straight forward way, and with hands-on examples, how such a challenge can be mastered. Let's get inspired.rdquo; Andreas Wuchner, Head of Global IT Security, Novartis Use Visualization to Secure Your Network Against the Toughest, Best-Hidden Threats As networks become ever more complex, securing them becomes more and more difficult. The solution is visualization. Using todayrsquo;s state-of-the-art data visualization techniques, you can gain a far deeper understanding of whatrsquo;s happening on your network right now. You can uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. InApplied Security Visualization, leading network security visualization expert Raffael Marty introduces all the concepts, techniques, and tools you need to use visualization on your network. Yoursquo;ll learn how to identify and utilize the right data sources, then transform your data into visuals that reveal what you really need to know. Next, Marty shows how to use visualization to perform broad network security analyses, assess specific threats, and even improve business compliance. He concludes with an introduction to a broad set of visualization tools. The bookrsquo;s CD also includes DAVIX, a compilation of freely available tools for security visualization. You'll learn how to: bull; Intimately understand the data sources that are essential for effective visualization bull; Choose the most appropriate graphs and techniques for your IT data bull; Transform complex data into crystal-clear visual representations bull; Iterate your graphs to deliver even better insight for taking action bull; Assess threats to your network perimeter, as well as threats imposed by insiders bull; Use visualization to manage risks and compliance mandates more successfully bull; Visually audit both the technical and organizational aspects of information and network security bull; Compare and master todayrsquo;s most useful tools for security visualization Contains the live CD Data Analysis and Visualization Linux (DAVIX). DAVIX is a compilation of powerful tools for visualizing networks and assessing their security. DAVIX runs directly from the CD-ROM, without installation. Raffael Martyis chief security strategist and senior product manager for Splunk, the leading provider of large-scale, high-speed indexing and search technology for IT infrastructures. As customer advocate and guardian, he focuses on using his skills in data visualization, log management, intrusion detection, and compliance. An active participant on industry standards committees such as CEE (Common Event Expression) and OVAL (Open Vulnerability and Assessment Language), Marty created the Thor and AfterGlow automation tools, and founded the security visualization portal secviz.org. Before joining Splunk, he managed the solutions team at ArcS
ÀúÀÚ¼Ò°³
»ý³â¿ùÀÏ | - |
---|
ÇØ´çÀÛ°¡¿¡ ´ëÇÑ ¼Ò°³°¡ ¾ø½À´Ï´Ù.
ÁÖ°£·©Å·
´õº¸±â»óÇ°Á¤º¸Á¦°ø°í½Ã
À̺¥Æ® ±âȹÀü
ÄÄÇ»ÅÍ ºÐ¾ß¿¡¼ ¸¹Àº ȸ¿øÀÌ ±¸¸ÅÇÑ Ã¥
ÆǸÅÀÚÁ¤º¸
»óÈ£ |
(ÁÖ)±³º¸¹®°í |
---|---|
´ëÇ¥ÀÚ¸í |
¾Èº´Çö |
»ç¾÷ÀÚµî·Ï¹øÈ£ |
102-81-11670 |
¿¬¶ôó |
1544-1900 |
ÀüÀÚ¿ìÆíÁÖ¼Ò |
callcenter@kyobobook.co.kr |
Åë½ÅÆǸž÷½Å°í¹øÈ£ |
01-0653 |
¿µ¾÷¼ÒÀçÁö |
¼¿ïƯº°½Ã Á¾·Î±¸ Á¾·Î 1(Á¾·Î1°¡,±³º¸ºôµù) |
±³È¯/ȯºÒ
¹ÝÇ°/±³È¯ ¹æ¹ý |
¡®¸¶ÀÌÆäÀÌÁö > Ãë¼Ò/¹ÝÇ°/±³È¯/ȯºÒ¡¯ ¿¡¼ ½Åû ¶Ç´Â 1:1 ¹®ÀÇ °Ô½ÃÆÇ ¹× °í°´¼¾ÅÍ(1577-2555)¿¡¼ ½Åû °¡´É |
---|---|
¹ÝÇ°/±³È¯°¡´É ±â°£ |
º¯½É ¹ÝÇ°ÀÇ °æ¿ì Ãâ°í¿Ï·á ÈÄ 6ÀÏ(¿µ¾÷ÀÏ ±âÁØ) À̳»±îÁö¸¸ °¡´É |
¹ÝÇ°/±³È¯ ºñ¿ë |
º¯½É ȤÀº ±¸¸ÅÂø¿À·Î ÀÎÇÑ ¹ÝÇ°/±³È¯Àº ¹Ý¼Û·á °í°´ ºÎ´ã |
¹ÝÇ°/±³È¯ ºÒ°¡ »çÀ¯ |
·¼ÒºñÀÚÀÇ Ã¥ÀÓ ÀÖ´Â »çÀ¯·Î »óÇ° µîÀÌ ¼Õ½Ç ¶Ç´Â ÈÑ¼ÕµÈ °æ¿ì ·¼ÒºñÀÚÀÇ »ç¿ë, Æ÷Àå °³ºÀ¿¡ ÀÇÇØ »óÇ° µîÀÇ °¡Ä¡°¡ ÇöÀúÈ÷ °¨¼ÒÇÑ °æ¿ì ·º¹Á¦°¡ °¡´ÉÇÑ »óÇ° µîÀÇ Æ÷ÀåÀ» ÈѼÕÇÑ °æ¿ì ·½Ã°£ÀÇ °æ°ú¿¡ ÀÇÇØ ÀçÆǸŰ¡ °ï¶õÇÑ Á¤µµ·Î °¡Ä¡°¡ ÇöÀúÈ÷ °¨¼ÒÇÑ °æ¿ì ·ÀüÀÚ»ó°Å·¡ µî¿¡¼ÀÇ ¼ÒºñÀÚº¸È£¿¡ °üÇÑ ¹ý·üÀÌ Á¤ÇÏ´Â ¼ÒºñÀÚ Ã»¾àöȸ Á¦ÇÑ ³»¿ë¿¡ ÇØ´çµÇ´Â °æ¿ì |
»óÇ° Ç°Àý |
°ø±Þ»ç(ÃâÆÇ»ç) Àç°í »çÁ¤¿¡ ÀÇÇØ Ç°Àý/Áö¿¬µÉ ¼ö ÀÖÀ½ |
¼ÒºñÀÚ ÇÇÇغ¸»ó |
·»óÇ°ÀÇ ºÒ·®¿¡ ÀÇÇÑ ±³È¯, A/S, ȯºÒ, Ç°Áúº¸Áõ ¹× ÇÇÇغ¸»ó µî¿¡ °üÇÑ »çÇ×Àº¼ÒºñÀÚºÐÀïÇØ°á ±âÁØ (°øÁ¤°Å·¡À§¿øȸ °í½Ã)¿¡ ÁØÇÏ¿© ó¸®µÊ ·´ë±Ý ȯºÒ ¹× ȯºÒÁö¿¬¿¡ µû¸¥ ¹è»ó±Ý Áö±Þ Á¶°Ç, ÀýÂ÷ µîÀº ÀüÀÚ»ó°Å·¡ µî¿¡¼ÀǼҺñÀÚ º¸È£¿¡ °üÇÑ ¹ý·ü¿¡ µû¶ó ó¸®ÇÔ |
(ÁÖ)ÀÎÅÍÆÄÅ©Ä¿¸Ó½º´Â ȸ¿ø´ÔµéÀÇ ¾ÈÀü°Å·¡¸¦ À§ÇØ ±¸¸Å±Ý¾×, °áÁ¦¼ö´Ü¿¡ »ó°ü¾øÀÌ (ÁÖ)ÀÎÅÍÆÄÅ©Ä¿¸Ó½º¸¦ ÅëÇÑ ¸ðµç °Å·¡¿¡ ´ëÇÏ¿©
(ÁÖ)KGÀ̴Ͻýº°¡ Á¦°øÇÏ´Â ±¸¸Å¾ÈÀü¼ºñ½º¸¦ Àû¿ëÇÏ°í ÀÖ½À´Ï´Ù.
¹è¼Û¾È³»
±³º¸¹®°í »óÇ°Àº Åùè·Î ¹è¼ÛµÇ¸ç, Ãâ°í¿Ï·á 1~2Àϳ» »óÇ°À» ¹Þ¾Æ º¸½Ç ¼ö ÀÖ½À´Ï´Ù.
Ãâ°í°¡´É ½Ã°£ÀÌ ¼·Î ´Ù¸¥ »óÇ°À» ÇÔ²² ÁÖ¹®ÇÒ °æ¿ì Ãâ°í°¡´É ½Ã°£ÀÌ °¡Àå ±ä »óÇ°À» ±âÁØÀ¸·Î ¹è¼ÛµË´Ï´Ù.
±ººÎ´ë, ±³µµ¼Ò µî ƯÁ¤±â°üÀº ¿ìü±¹ Åù踸 ¹è¼Û°¡´ÉÇÕ´Ï´Ù.
¹è¼Ûºñ´Â ¾÷ü ¹è¼Ûºñ Á¤Ã¥¿¡ µû¸¨´Ï´Ù.