kau.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
System Administrators Prefer Command Line Interfaces, Don’t They?: An Exploratory Study of Firewall Interfaces
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0001-9203-0773
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0002-9980-3473
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0003-0778-4736
2019 (English)In: Proceedings of the fifteenth symposium on usable privacy and security (Soups 2019), Berkeley, USA: USENIX - The Advanced Computing Systems Association, 2019, p. 259-271Conference paper, Published paper (Refereed)
Abstract [en]

A graphical user interface (GUI) represents the most common option for interacting with computer systems. However, according to the literature system administrators often favor command line interfaces (CLIs). The goal of our work is to investigate which interfaces system administrators prefer, and which they actually utilize in their daily tasks. We collected experiences and opinions from 300 system administrators with the help of an online survey. All our respondents are system administrators, who work or have worked with firewalls. Our results show that only 32% of the respondents prefer CLIs for managing firewalls, while the corresponding figure is 60%for GUIs. We report the mentioned strengths and limitations of each interface and the tasks for which they are utilized by the system administrators. Based on these results, we provide design recommendations for firewall interfaces.
Place, publisher, year, edition, pages
Berkeley, USA: USENIX - The Advanced Computing Systems Association, 2019. p. 259-271
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-76774ISI: 000527571900015Scopus ID: 2-s2.0-85076095048ISBN: 978-1-939133-05-2 (print)OAI: oai:DiVA.org:kau-76774DiVA, id: diva2:1393428
Conference
15th Symposium on Usable Privacy and Security, Santa Clara, CA. AUG 12-13, 2019
Projects
HITS, 4707
Funder
Knowledge FoundationAvailable from: 2020-02-16 Created: 2020-02-16 Last updated: 2021-01-21Bibliographically approved
In thesis
1. Usability of Firewall Configuration: Making the Life of System Administrators Easier
Open this publication in new window or tab >>Usability of Firewall Configuration: Making the Life of System Administrators Easier
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Firewalls are an important component of network security that serve to protect networks by regulating incoming and outgoing traffic. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals who deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found or the existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. We explore three different aspects of firewall configuration: 1) the syntax of rules, 2) the organization of rules in a rule set, and 3) the way rule sets are presented to a user. Using this acquired knowledge, we offer system administrators more usable firewall solutions and approaches to the configuration process that can help facilitate their daily work.
Abstract [en]

Most companies have access to the Internet and their corporate networks connected to it. Many threats to computer systems, e.g. worms, trojans, and denial-of-service attacks, can be encountered online and they may entail, for example, confidential data theft, service disruption and financial losses. Every organization, regardless of its size, type of activity or infrastructure, requires network security solutions in place in order to protect it from the ever-increasing number of cyber threats. Firewalls are an important component of network security that protect networks by regulating incoming and outgoing traffic.

Simply having a firewall does not guarantee any protection against Internet threats, unless it is properly configured. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals that deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found, or when existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. First, we conduct a series of semi-structured interviews with system administrators, in which we ask them about problems confronted when managing firewalls. After having ascertained that there are usability problems involved, we begin to address them. We compare two different firewall rule set representation approaches and identify that a preference for one or the other depends on the firewall expertise of the individual. We introduce and mathematically formalize a set of four usability metrics which are designed to evaluate the quality of firewall rule sets. Furthermore, we not only investigate which firewall interfaces are utilized and preferred by system administrators but also identify and classify the interfaces' strengths and limitations. Finally, we conduct a systematic literature review to gain an understanding of the state of the art in firewall usability. This review classifies the available solutions and identifies the open challenges that exist in the field.
Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 17
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:15
Keywords
network security, usable security, firewall configuration, firewall interfaces, usability metrics
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-77106 (URN)978-91-7867-098-7 (ISBN)978-91-7867-108-3 (ISBN)
Public defence
2020-04-03, 1B306, Fryxellsalen, 10:15 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2020-03-13 Created: 2020-02-27 Last updated: 2020-05-27Bibliographically approved

Open Access in DiVA

fulltext(3649 kB)133 downloads
File information
File name FULLTEXT01.pdfFile size 3649 kBChecksum SHA-512
f7d949bea05974e79042452694ff18c2da3eb88d979909fc9fb1d269c76d8e3aa6e98583a6ad4ee20f3ab010044afce8f3f2fc06fe154f937a9a310465e4c014
Type fulltextMimetype application/pdf

Scopus

Authority records

Voronkov, ArtemMartucci, LeonardoLindskog, Stefan

Search in DiVA

By author/editor
Voronkov, ArtemMartucci, LeonardoLindskog, Stefan
By organisation
Department of Mathematics and Computer Science (from 2013)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 133 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 459 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Karlstad University
|
University Library
|
Researchers support