The Spinning Cube of Potential Doom 161
An anonymous reader writes "This month's Communications of the ACM (does not seem to have a link to online text) has an article about The Spinning Cube of Potential Doom, a security visualization tool that I first saw at SC2003. The cube displays data from Bro along 3 axes and creates interesting visual results (port scans, barber poles, lawnmower). This definitely makes patterns in all that 'boring log data' jump out. This is a very interesting development, the ability to monitor in real time and replay historical security related information. Definitely a step towards the new types of tools we will need to secure hosts and networks."
Security is only one possible area for innovation (Score:5, Interesting)
If this continues... (Score:5, Interesting)
Do we really want that?
virtual ICE? (Score:4, Interesting)
They appear as complex crystalline structures with no obvious holes other than the known authentication interfaces.
Those who hack/defeat them are called "icebreakers" and they use software which has its own visual attack signature to distract or deflect(overload/DNS attack) the ice or to find hidden cracks (exploits)
Visionary stuff (pun partially intended).
what a great name (Score:3, Interesting)
The human mind: A better monitoring system? (Score:5, Interesting)
For real-time monitoring, your point about mutliple systems is very valid, but what if this approach could be scaled up to allow you to visually inspect the whole system for a number of problems? Perhaps an entire array of cubes, each for a subnet or an individual system, focusing on those that pique your interest.
This idea may be able to mesh with the glanceable objects [wjla.com] idea (just the idea, not their chicken egg specifically). If it is informative enough, it could allow you to periodically check some aspects of your whole system for things that you either can't write scripts to do, or don't have time to write scripts for.
-Zipwow
SGI did this years ago (Score:4, Interesting)
They even had a 3D intra-website link manager at one time!
Re:If this continues... (Score:4, Interesting)
Old stuff, new usage (Score:4, Interesting)
This and the orb? (Score:4, Interesting)
Thinkgeek used to sell them, but I couldn't think of something I would find it useful for. This would be perfect. Just have a globe on your desktop that changes colors based on the data provided by the cube matrix. If the orb starts turning crimson, you know that that your network is in need of administrative attention.
Data visualization using Strange Attractors (Score:4, Interesting)
Included was a very cool tool, Phentropy, for visualizing arbitrary data using Strange Attractors. You may recall a paper [coredump.cx] on TCP/IP Sequence number analysis that highlighted the usefulness of Strange Attractors for data visualization.
Phentropy plots an arbitrarily large data source (of arbitrary data) onto a three dimensional volumetric matrix, which may then be parsed by OpenQVIS [sourceforge.net]. Data mapping is accomplished by interpreting the file as a one dimensional stream of integers and progressively mapping quads in phase space.
OpenQVIS is a neat package and could fill a lot of arbitrary data viz needs.. But damned if I have been able to get the thing to build under Linux. The project could really use some help, and I think a lot of good could come of it. The Phd types [uni-erlangen.de] who wrote it seem to have mostly moved on..
Re:The human mind: A better monitoring system? (Score:3, Interesting)
Mirror? (Score:3, Interesting)
All Glory to the HypnoCube (Score:3, Interesting)
We have something similar (Score:5, Interesting)
The universities internal network IP range is mapped onto the left hand face of the cube, the rest of the world is mapped onto the right face. They are mapped so similar addresses are clustered together and addresses further apart are uh, further apart. A box represents one packet, the volume of the particle is proportional to the size of the packet, and the colour is based on port number.
Also we "light" each end of the connection for a bit after the packet has been sent. So machines appear to be glowing in the colour of the traffic they are sending.
We use it to show off "networks" to people who think we just sit at computers and type into stuff, however it has been very useful to detect attacks and broken machines since they provde distinctive patterns. Portscans are a series of "sparkly" packets. Network scans are a row of marching lines. Virii infected machines appear as a cone centered on the infected machine.
My favorite... (Score:3, Interesting)
It's a brutal but compelling reminder that we should all avoid unencrypted telnet/pop3/imap.
Consider spending some time today getting STARTTLS running on your mail server. Or consider getting IMAP/SSL going. Or consider figuring out GnuPG or S/MIME email once and for all. Don't be part of the problem.