v i s u
play

V I S U A L I Z A T I O N F O R I T - S E C U R I T Y L - PowerPoint PPT Presentation

Mar 03, 2024 •186 likes •855 views

V I S U A L I Z A T I O N F O R I T - S E C U R I T Y L . A a r o n K a p l a n ( k a p l a n @ c e r t . a t ) h t t p : / / C E R T . A T OVERVIEW Motivation Target Group 5 Minutes of design background for techies

  1. V I S U A L I Z A T I O N F O R I T - S E C U R I T Y L . A a r o n K a p l a n ( k a p l a n @ c e r t . a t ) h t t p : / / C E R T . A T

  2. OVERVIEW • Motivation • Target Group • 5 Minutes of design background for techies • Tools • DNSviz and Flows

  3. Why am I holding this talk?

  4. Why am I holding this talk?

  5. Why am I holding this talk?

  6. Why am I holding this talk?

  7. Why am I holding this talk?

  8. Why am I holding this talk?

  9. Overview • What will you get out of it? • Quick IT-security visualization skills with 5 tools • Understanding the basic visualization cycle • Initial good results in < 1 day • Really good results in 10+ years ;-)

  10. CERT.at, Austria • CERT.at is part of NIC.at , the Austrian domain registry. CERT.at is the national CERT • Austria is in Europe , but we definitely like the friends from AUSCert and down under • Vienna, Austria is where we will have our next FIRST conference 2011 • German is spoken in Austria • Our neighbouring countries are: Hungary, Slovenia, Germany, Switzerland, Slovakia, Czech Republic, Italy, Liechtenstein

  11. CERT.at, Austria • CERT.at is part of NIC.at , the Austrian domain registry. CERT.at is the national CERT • Austria is in Europe , but we definitely like the friends from AUSCert and down under • Vienna, Austria is where we will have our next FIRST conference 2011 • German is spoken in Austria • Our neighbouring countries are: Hungary, Slovenia, Germany, Switzerland, Slovakia, Czech Republic, Italy, Liechtenstein

  12. OVERVIEW • Motivation • Target Group • 5 Minutes of design background for techies • Tools • DNSviz and Flows #3

  13. Motivation !

  14. Motivation • “A picture is worth 1000 log records” (R. Marty) !

  15. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion !

  16. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain !

  17. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain • People “get it” !

  18. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain • People “get it” • Visualization can explain it all to your grandpa/ father/mother/partner... !

  19. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain • People “get it” • Visualization can explain it all to your grandpa/ father/mother/partner... ! • ... and helps them understand that you need to save the internet first

  20. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain • People “get it” • Visualization can explain it all to your grandpa/ father/mother/partner... ! • ... and helps them understand that you need to save the internet first • gives new insights -> explore data

  21. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain • People “get it” • Visualization can explain it all to your grandpa/ father/mother/partner... ! • ... and helps them understand that you need to save the internet first • gives new insights -> explore data • gives us an overview

  22. Motivation • “A picture is worth 1000 log records” (R. Marty) • We have too much data, info explosion • High broadband path to your brain • People “get it” • Visualization can explain it all to your grandpa/ father/mother/partner... ! • ... and helps them understand that you need to save the internet first • gives new insights -> explore data • gives us an overview • sells your services

  23. OVERVIEW • Motivation • Target Group • 5 Minutes of design background for techies • Tools • DNSviz and Flows

  24. Target groups • Users • Management, Sales, Politicians • Operational sta fg • Researchers

  25. Target groups • Users • Management, Sales, Politicians • Operational sta fg • Researchers source: CAIDA.org

  26. Target groups • Users • Management, Sales, Politicians • Operational sta fg • Researchers source: CAIDA.org

  27. OVERVIEW • Motivation • Target Group • 5 Minutes of design background for techies • Tools • DNSviz and Flows #3

  28. Some design background • One of the leading persons in the field right now: Edward Tufte • Learned a lot from Otto Neurath : “Isotypes” in Vienna in the early 1900s • First invention of “ icons ”. Idea: educate the illiterate working class population in Europe w.r.t basic economics relationships

  29. Otto Neurath’s Isotype

  30. Otto Neurath’s Isotype

  31. Otto Neurath’s Isotype

  32. Otto Neurath’s Isotype

  33. Otto Neurath’s Isotype

  34. Otto Neurath’s Isotype

  35. Modern day examples How many people are connected to the internet? In 2009, we had approximately 6,767,805,208 people on the earth from those, 1,802,330,457 have internet access which makes it 26.6% or one quarter of the world population. (source: http://www.internetworldstats.com/stats.htm)

  36. Modern day examples US household per month spammer per day waste of resources by spam and a spammer’s income (source: McA fg ee CO2 Impact of Spam + NY Times )

  37. Making users understand IT security source: AusCERT http://www.auscert.org.au/9536

  38. Making users understand IT security sources: Arbor ATLAS, spamcop.net

  39. Making users understand IT security sources: Arbor ATLAS, spamcop.net

  40. OVERVIEW • Motivation • Target Group • 5 Minutes of design background for techies • Tools • DNSviz and Flows

  41. TOOLS • Graphviz • Maxmind GeoIP • Logster • Unix wizardry • Google Earth • Gapminder • Processing.org • Outlook: Davix

  42. Graphviz • based on research @ AT&T Labs • Syntax: digraph { A -> B; A -> C [label=”foo”]; } dot -T png -o out.png \ inputfile.dot

  43. Maxmind GeoIP • http://maxmind.com • cityLite DB is usually enough my $ gi = Geo::IP->open("/home/aaron/GeoLiteCity.dat", GEOIP_STANDARD); # ----------------- functions ---------------- # input : ip # output: array [countrycode, city, lat, lon] sub ip2geolocate { my $ip = $_[0]; my @ret; my $record = $ gi ->record_by_name("$ip"); @ret = ( $record->latitude , $record->longitude) ; return(@ret); }

  44. Tools: Logster • Logster by Clarified Networks • Input format: Apache log file format • output: movie. Can screen capture

  45. Tools: Logster • Logster by Clarified Networks • Input format: Apache log file format • output: movie. Can screen capture

  46. Tools: Gapminder

  47. Tools: Google Earth • format: KML. Well documented. • Head section • Placemarks

  48. Tools: Unix filters • Use Unix tools to quickly get a grasp of the trends • cut -d “;” -f 5 | sort | uniq -c | sort -rn • gnuplot plot “myfile.csv” using 1 with boxes

  49. Scale-freeness • Albert-László Barabási made them famous. • Some property is distributed by an inverse power law formula: P(k) ~ 1/k γ (2 < γ < 3) • “fractal” • “internet-ish” • “biological” • “not again-ish”

  50. TOOLS: Processing.org • Invented by Ben Fry, Casey Reas @MIT • Basic idea: easy IDE for Java 3D/OpenGL programing. Lots of examples, openprocessing.org • Includes a rich API: • sockets • DB connections • serial I/O • sound, etc.

  51. Processing example: circular layout

  52. Other processing Examples • Esfera • Registrymon

  53. Outlook: DAVIX • ISO image on http:// www.secviz.org

  54. OVERVIEW • Motivation • Target Group • 5 Minutes of design background for techies • Tools • DNSviz and Flows

  55. DNS

  56. DNS !

  57. DNS for IT security viz anycast utilization registrar mon sinkhole Authoritative Registrars detect mis- monitor DNS tasting configurations passive DNS DNS as IDS mapping Stub Recursor misconfigs trace malware’s open recursor map gethostbyname() calls flow mapping

  58. Idea list DNS and IT security viz • Authoritative Nameservers: • you don’t see much at the authoritative NS • TTLs are wrong • other misconfigurations • But - idea: Spam for a newly registered domain should be a spike. But can we filter it out from the noise? • Anycast e fg ectiveness (c.f. CAIDA paper) • Sinkholing works!

  59. Idea list DNS and IT security viz • Registry / Registrars: • from registry’s perspective: track your resellers. How “clean” is a registrar? • monitor DNS tasting. Find domain catchers. • Recursors: • passive DNS • DNS “netflow” (“passive DNS++”) • DNS as IDS (<- Google talk today!) • log/visualize localhost/bogus/bogon answers! • fastflux • monitor TXT record answers • map (maliciously) open recursors

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Water tershed ed p plan anning from a g from a water ut er utili ility ty per perspecti

Water tershed ed p plan anning from a g from a water ut er utili ility ty per perspecti

Water tershed ed p plan anning from a g from a water ut er utili ility ty per perspecti ective Jo John hn Kounts Water Program Director Washington Public Utility Districts Association Wh Why ut utili iliti ties need eed water

644 views • 8 slides
International developments in public/private financial information- sharing partnerships

International developments in public/private financial information- sharing partnerships

KEYNOTE ADDRESS: International developments in public/private financial information- sharing partnerships Southern Africa Anti-Money Laundering &amp; Financial Crime Conference 23 &amp; 24 October 2019 at the Indaba Hotel, Johannesburg Nick

453 views • 23 slides
for Security and Services Antonio Rizzo, Alessandro Rossi, Francesco Montefoschi, Giovanni

for Security and Services Antonio Rizzo, Alessandro Rossi, Francesco Montefoschi, Giovanni

CyberPhysical systems for Security and Services Antonio Rizzo, Alessandro Rossi, Francesco Montefoschi, Giovanni Burresi Carlo Festucci, Maurizio Caporali Siena, 14 Sett 2018 Case of study: ATM-Sense TREND Rapine vs Attacchi ATM - Fonte

275 views • 27 slides
WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

WORLDWIDE CYBER-ATTACKS: THEIR IMPACT ON THE INTERNATIONAL HEALTH SERVICES AND THEIR ANSWER IN

MOL2NET 2017, International Conference on Multidisciplinary Sciences, 3rd edition. Section 08: LAWSCI-01: Wokshop on Challenges in Law, Technology, Life, and Social Sciences. 25 30 July, 2017. Bilbao, Spain. WORLDWIDE CYBER-ATTACKS: THEIR

78 views • 5 slides
Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did

Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did

1 Lec02: x86_64 / Shellcode / Tools Taesoo Kim 2 Administrivia Survey: how many hours did you spend? (&lt;3h, 6h, 10h, &gt;20h) Please join Piazza An optional recitation at 5-7pm on every Wed (in CoC 052 ) Lab02 is already

394 views • 26 slides
Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect

Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect

Probabilistic Computation Lecture 15 Computing with Less Randomness, or with Imperfect Randomness 1 Soundness Amplification for BPP 2 Soundness Amplification for BPP Repeat M(x) t times and take majority 2 Soundness Amplification for

1.78k views • 125 slides
Logistics Project IOStreams III Part 2 (water) due Sunday, Oct 16 th Feedback by

Logistics Project IOStreams III Part 2 (water) due Sunday, Oct 16 th Feedback by

Logistics Project IOStreams III Part 2 (water) due Sunday, Oct 16 th Feedback by Monday Part 3 (block) due Sunday, Oct 30 Inserters and Extractors, Questions? Manipulators, and friends Exam Exam 2 Exam 2 What

368 views • 8 slides
Disclosures High Bleeding Risk Patient with AF Research support VA, NIH, AHA, Janssen,

Disclosures High Bleeding Risk Patient with AF Research support VA, NIH, AHA, Janssen,

12/3/17 Treatment of the Low Stroke Risk or Disclosures High Bleeding Risk Patient with AF Research support VA, NIH, AHA, Janssen, Medtronic, iRhythm, Cardiva, MINTU TURAKHIA, MD MAS AstraZeneca, Boehringer Ingelheim Associate Professor

298 views • 15 slides
Privacy Aspects of Social Graphs Joseph Bonneau Stanford Security Seminar, July 14 2009

Privacy Aspects of Social Graphs Joseph Bonneau Stanford Security Seminar, July 14 2009

Privacy Aspects of Social Graphs Joseph Bonneau Stanford Security Seminar, July 14 2009 University of Cambridge Computer Laboratory Social Context And The Web Everything's Better With Friends... Hyper-presence of friends

1.02k views • 89 slides
U N Landforms in Remote-Sensing Data I P O T S D A M U N I P O T S D A M U N

U N Landforms in Remote-Sensing Data I P O T S D A M U N I P O T S D A M U N

GeoViz Hamburg 2011 Automated Object-Identification for Isolated Transient U N Landforms in Remote-Sensing Data I P O T S D A M U N I P O T S D A M U N I P O Changes in the size and distribution of thermokarst lakes T

295 views • 10 slides
1 Yaniv Taigman 1 Ming Yang 1 MarcAurelio Ranzato 2 Lior Wolf 1 Facebook AI Research 2 Tel Aviv

1 Yaniv Taigman 1 Ming Yang 1 MarcAurelio Ranzato 2 Lior Wolf 1 Facebook AI Research 2 Tel Aviv

DeepFace for Unconstrained Face Recognition 1 Yaniv Taigman 1 Ming Yang 1 MarcAurelio Ranzato 2 Lior Wolf 1 Facebook AI Research 2 Tel Aviv University 11/26/2014 Era of big visual data 1.6M daily uploads 60M daily uploads 6B photos (12/2013)

720 views • 52 slides
Disclosures Genentech Surgical Advisory Board Advanced Facial Reconstruction UCSF Head and

Disclosures Genentech Surgical Advisory Board Advanced Facial Reconstruction UCSF Head and

Disclosures Genentech Surgical Advisory Board Advanced Facial Reconstruction UCSF Head and Neck Course P. Daniel Knott, MD FACS November, 2014 Director Facial Plastic and Reconstructive Surgery UCSF Medical Center 2 Overall Paradigm

423 views • 13 slides
Sparse Representations The Sparse Representations (SRs) framework was inspired by studies of

Sparse Representations The Sparse Representations (SRs) framework was inspired by studies of

Manifold Based Sparse Representation for Robust Expression Recognition without Neutral Subtraction Raymond Ptucha, Grigorios Tsagkatakis, Andreas Savakis Department of Computer Engineering, Rochester Institute of Technology, Rochester, NY Nov

411 views • 11 slides
4DVideo &amp; Dynamic Scenes Torsten Sattler and Martin Oswald Spring 2018 1 Institute of

4DVideo &amp; Dynamic Scenes Torsten Sattler and Martin Oswald Spring 2018 1 Institute of

4DVideo &amp; Dynamic Scenes Torsten Sattler and Martin Oswald Spring 2018 1 Institute of Visual Computing 3D Reconstruction over time? 2 Institute of Visual Computing Motivation: Dynamic Scenes 3 Institute of Visual Computing

788 views • 46 slides
Swaminathan Sundararaman, Sriram Subramanian, Abhishek Rajimwale, Andrea C. ArpaciDusseau,

Swaminathan Sundararaman, Sriram Subramanian, Abhishek Rajimwale, Andrea C. ArpaciDusseau,

Kernel File System Membrane Bug Membrane is a layer of material which serves as a selective barrier between two phases and remains impermeable to specific particles, molecules, or substances when exposed to the action of a driving force.

743 views • 41 slides
Chapter 13 Implemen ting the Ob ject-Orien ted P aradigm In this c hapter w e will

Chapter 13 Implemen ting the Ob ject-Orien ted P aradigm In this c hapter w e will

Chapter 13 Implemen ting the Ob ject-Orien ted P aradigm In this c hapter w e will discuss some of the diculties in v olv ed in implemen ting those features of Leda that are relev an t to the ob ject-orien

138 views • 9 slides
ECE264: Advanced C Programming Summer 2019 Week 7: Binary Tree Traversal (contd.), Binary Search

ECE264: Advanced C Programming Summer 2019 Week 7: Binary Tree Traversal (contd.), Binary Search

ECE264: Advanced C Programming Summer 2019 Week 7: Binary Tree Traversal (contd.), Binary Search Trees, Misc. topics (const, variadic functions, macros, bitwise operations, bit fields), Parallel programming using threads Breadth First Traversal

1.1k views • 86 slides
CSCI 304: Computer Organiza6on Fall 2017, TR 12:30-1:50pm

CSCI 304: Computer Organiza6on Fall 2017, TR 12:30-1:50pm

CSCI 304: Computer Organiza6on Fall 2017, TR 12:30-1:50pm Bin Ren Assistant Professor in CS 1 CSCI304 = Alice in Wonderland 2 Introduc6on

878 views • 61 slides
Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University

Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University

Xcode 11.4 with iOS 13.4 and Swift 5.2 is here! Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University Instructor: Larry Holder Mobile Applica,on Development in iOS 1 Data Storage Already seen:

616 views • 37 slides
Playing with CPython (3.4) Objects Internals JESUS ESPINO GARCIA, DEVELOPER #007000 Introduction

Playing with CPython (3.4) Objects Internals JESUS ESPINO GARCIA, DEVELOPER #007000 Introduction

Playing with CPython (3.4) Objects Internals JESUS ESPINO GARCIA, DEVELOPER #007000 Introduction What I want? I want to play with python 100 + 2 == 103 I want to play with python True == False I want to play with python truncate((1, 2, 3))

535 views • 53 slides
Summary from last time Let f : X Y be a map of Our goal was to construct a functor f ! : D

Summary from last time Let f : X Y be a map of Our goal was to construct a functor f ! : D

Summary from last time Let f : X Y be a map of Our goal was to construct a functor f ! : D + (Sh( Y )) D + (Sh( X )) so that there are natural isomorphisms Hom D + (Sh( Y )) ( Rf ! F , G ) = Hom D + (Sh( X )) ( F , f ! G ) for all F

412 views • 6 slides
LECTURE 3 Large LECTURE 3 Medium Small How does f change Introduction to the Parton

LECTURE 3 Large LECTURE 3 Medium Small How does f change Introduction to the Parton

Recap: Parton Model, Factorization, Evolution CTEQ-MCnet school on QCD Analysis and Phenomenology dependence must balance and the Physics and Techniques of Event Generators LECTURE 3 Large LECTURE 3 Medium Small How does f

420 views • 11 slides
Digitizing 35mm Slides by Dan Hyde Last update July 14, 2020 I have several thousand old 35mm

Digitizing 35mm Slides by Dan Hyde Last update July 14, 2020 I have several thousand old 35mm

Digitizing 35mm Slides by Dan Hyde Last update July 14, 2020 I have several thousand old 35mm slides from the 1970-1990 era. I would like to digitize a bunch of them in order to display and preserve them. But how to do it? This article

128 views • 9 slides
FOTO/CHART HELYE curl -s https://10.13.37.42/phpmyadmin/ | egrep -o

FOTO/CHART HELYE curl -s https://10.13.37.42/phpmyadmin/ | egrep -o

FOTO/CHART HELYE curl -s https://10.13.37.42/phpmyadmin/ | egrep -o '&lt;(script|img|link)[^&gt;]{,80}&gt;?' &lt;link rel=&quot;icon&quot; href=&quot;favicon.ico&quot; type=&quot;image/x-icon&quot; /&gt; &lt;link

406 views • 21 slides

More recommend