BKSCDTVS.RVW 20071124 "Security Data Visualization", Greg Conti, 2007, 978-1-59327-143-5, U$49.95/C$59.95 %A Greg Conti www.gregconti.com %C 555 De Haro Street, Suite 250, San Francisco, CA 94107 %D 2007 %G 978-1-59327-143-5 1-59327-143-3 %I No Starch Press %O U$49.95/C$59.95 415-863-9900 fax 415-863-9950 info@nostarch.com %O http://www.amazon.com/exec/obidos/ASIN/1593271433/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1593271433/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1593271433/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 244 p. %T "Security Data Visualization: Graphical Techniques for Network Analysis" Data visualization is very valuable. It is, however, difficult to perform properly in many situations: interpretation of data into graphics can be extremely useful, but it is often difficult to determine how best to present the information, and in the same way that proper visualization can be tremendously helpful, the wrong choice can be terrifically misleading. Conti somewhat avoids this issue in the introduction, since all he claims for the book is inspiration. Chapter one provides a number of data visualization and user interface examples. Some simple data visualization experiments in chapter two show a few interesting ideas that can be explored with text and simple graphics files, as well as comparative images as simple processing is pursued. The port scan data displays suggested in chapter three don't seem to work quite as well. Similarly, chapter four looks at vulnerability scanning, but the recommendations presented don't appear to add much of value in displaying the data. Slightly better results seem to be obtained using real Internet data in chapter five, since some notion of the implications of the information can be taken from the illustrations. Chapter six contains a number of examples of impressive visualization of security data, but there is limited discussion as to how to determine the best means of displaying data of different types. The aspects of creation of visualizations, for firewall logs, is dealt with in chapter seven, and with IDS (Intrusion Detection System) data in eight. Chapter nine discusses ways of attacking visualizations, usually by injecting spurious data. General principles for building visualization systems are in chapter ten. Chapter eleven turns to areas for additional research on the topic in the future. Chapter twelve lists references and resources. The book is pretty, and it may provide inspiration. However, it probably won't provide an awful lot of assistance in getting your data effectively visualized. copyright Robert M. Slade, 2007 BKSCDTVS.RVW 20071124