Learn about the essential steps involved in network security visualization. Jungwoo presents what is involved in the visualization steps such as deciding on requirements, thinking about the data necessary to satisfy the requirements, and preprocessing the data.
- [Instructor] To avoid an ineffective visualization that causes misunderstanding and confusion it's crucial to follow a step-by-step process to produce an informative and useful interpretation of raw data. The very first step is to decide on your requirements. This is also referred to as the problem phase. What story are you trying to tell about your net of security? Are you seeking to gain more insight on connection attempts to a secure shell server from different clients by their country of origin, or are you interested in knowing the volume of incoming or outgoing network traffic through your router? The second step is to think about the data we need to meet the requirements or to answer the questions formulated during the problem definition phase.
Do we have sufficient data? Are firewall logs what we should look at? Or should we be looking at something else? In our secure shell server example, it turns out that we need the firewall logs as well as secure server log files. The data items you need in the firewall logs are the source Ips or packets whose destination port number is 22. The IP addresses can then be resolved to reveal the geographical origin of the connection requests.
The secure shell server logs are necessary to identify which of these requests were accepted or denied. The third and final step is processing the data, because the raw data is often unusable for visualization in its native format. This processing involves parsing which refers to a technique used to extract only the needed parts of original data set for further manipulation. At the end of the processing step, the data is transformed into the information fully prepared for visualization purposes, which in turn answers the net of security questions we set out to answer.
In our firewall and secure shell server log examples, a parser program is necessary to go through the individual log files and retrieve and store only the relevant pieces of the data. By following the three step process, we can significantly improve our chance to produce effective visualization results that can truly answer a net of security questions.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization