34567897 of 9
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Usability of Firewall Configuration: Making the Life of System Administrators Easier
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0001-9203-0773
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Firewalls are an important component of network security that serve to protect networks by regulating incoming and outgoing traffic. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals who deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found or the existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. We explore three different aspects of firewall configuration: 1) the syntax of rules, 2) the organization of rules in a rule set, and 3) the way rule sets are presented to a user. Using this acquired knowledge, we offer system administrators more usable firewall solutions and approaches to the configuration process that can help facilitate their daily work.

Abstract [en]

Most companies have access to the Internet and their corporate networks connected to it. Many threats to computer systems, e.g. worms, trojans, and denial-of-service attacks, can be encountered online and they may entail, for example, confidential data theft, service disruption and financial losses. Every organization, regardless of its size, type of activity or infrastructure, requires network security solutions in place in order to protect it from the ever-increasing number of cyber threats. Firewalls are an important component of network security that protect networks by regulating incoming and outgoing traffic.

Simply having a firewall does not guarantee any protection against Internet threats, unless it is properly configured. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals that deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found, or when existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. First, we conduct a series of semi-structured interviews with system administrators, in which we ask them about problems confronted when managing firewalls. After having ascertained that there are usability problems involved, we begin to address them. We compare two different firewall rule set representation approaches and identify that a preference for one or the other depends on the firewall expertise of the individual. We introduce and mathematically formalize a set of four usability metrics which are designed to evaluate the quality of firewall rule sets. Furthermore, we not only investigate which firewall interfaces are utilized and preferred by system administrators but also identify and classify the interfaces' strengths and limitations. Finally, we conduct a systematic literature review to gain an understanding of the state of the art in firewall usability. This review classifies the available solutions and identifies the open challenges that exist in the field.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. , p. 17
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:15
Keywords [en]
network security, usable security, firewall configuration, firewall interfaces, usability metrics
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-77106ISBN: 978-91-7867-098-7 (print)ISBN: 978-91-7867-108-3 (electronic)OAI: oai:DiVA.org:kau-77106DiVA, id: diva2:1397771
Public defence
2020-04-03, 1B306, Fryxellsalen, 10:15 (English)
Opponent
Supervisors
Funder
Knowledge FoundationAvailable from: 2020-03-13 Created: 2020-02-27 Last updated: 2020-03-13Bibliographically approved
List of papers
1. Challenges in Managing Firewalls
Open this publication in new window or tab >>Challenges in Managing Firewalls
2015 (English)In: Secure IT Systems: 20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015, Proceedings, Springer, 2015, Vol. 9417, p. 191-196Conference paper, Published paper (Refereed)
Abstract [en]

Firewalls are essential security devices that can provide protection against network attacks. To be effective, a firewall must be properly configured to ensure consistency with the security policy. However, configuring is a complex and error-prone process. This work tries to identify the reasons behind firewall misconfigurations. To achieve our goal, we conducted a series of semi-structured interviews with system administrators that manage access control lists in networks of different sizes. The paper discusses our interview results and describes future work.

Place, publisher, year, edition, pages
Springer, 2015
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9417
Keywords
Access Control, Security Policy, Intrusion Detection System, System Administrator, Access Control Policy
National Category
Software Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-39073 (URN)10.1007/978-3-319-26502-5_13 (DOI)000374098500013 ()978-3-319-26501-8 (ISBN)
Conference
The 20th Nordic Conference on Secure IT Systems, NordSec 2015, Stockholm, Sweden, October 19–21, 2015
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2016-01-19 Created: 2016-01-19 Last updated: 2020-02-27Bibliographically approved
2. Natural vs. Technical Language Preference and its Impact on Firewall Configuration
Open this publication in new window or tab >>Natural vs. Technical Language Preference and its Impact on Firewall Configuration
2020 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Firewalls are network security components designed to regulate incoming and outgoing traffic to protect computers and networks. The behavior of firewalls is dictated by its configuration file, which is a written sequence of rules expressed by a set of keys and parameters. In this paper, we investigate whether certain representations of firewall rule sets can affect understandability. To collect data for our investigation, we designed an online survey for an audience who are familiar with firewalls, in which we aimed to compare two different rule set representations: iptables and English. We collected data from 56 participants. Our results show that participants’ perception of a certain rule set representation depends on their firewall expertise. Participants with basic or intermediate knowledge of firewalls consider rule sets expressed in English to be 40% easier to understand, whereas advanced or expert firewall users deemed it to be 27% more difficult. We will discuss the reasons for these results and describe their possible implications.

National Category
Engineering and Technology Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-76773 (URN)
Conference
HCI INTERNATIONAL 2020
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2020-02-20 Created: 2020-02-20 Last updated: 2020-02-27
3. Measuring the Usability of Firewall Rule Sets
Open this publication in new window or tab >>Measuring the Usability of Firewall Rule Sets
2020 (English)In: IEEE Access, E-ISSN 2169-3536, p. 27106-27121Article in journal (Refereed) Published
Abstract [en]

Firewalls are computer systems that assess the network traffic using an ideally coherentand manageable set of rules. This study aims to provide means to measure the usability of firewall rulesets in terms of how easily IT professionals can understand and manage them. First, we conductedsemi-structured interviews with system administrators wherein we obtained the usability challenges relatedto the management of firewall rule sets. This was followed by the analysis of related work. The interviewresults were combined with the findings from the related work. Accordingly, we acquired four usabilityattributes related to the manageability of firewalls; these were formally defined. We tested and measured thecognitive aspects related to the structure and ordering of the rules through a user study. A third user studywith system administrators validated our metrics. It exhibited a very strong correlation between the metricsand how the administrators characterized usability.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Firewall rule set, iptables, formalization, metrics, usability, user study
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64702 (URN)10.1109/ACCESS.2020.2971093 (DOI)
Projects
HITS, 4707
Note

Artikeln publicerad som manuskript i Voronkovs lic.uppsats.

Available from: 2017-10-17 Created: 2017-10-17 Last updated: 2020-02-27Bibliographically approved
4. System administrators prefer command line interfaces, don't they?: An exploratory study of firewall interfaces
Open this publication in new window or tab >>System administrators prefer command line interfaces, don't they?: An exploratory study of firewall interfaces
2019 (English)In: Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019, USENIX Association , 2019, p. 259-271Conference paper (Refereed)
Abstract [en]

A graphical user interface (GUI) represents the most common option for interacting with computer systems. However, according to the literature system administrators often favor command line interfaces (CLIs). The goal of our work is to investigate which interfaces system administrators prefer, and which they actually utilize in their daily tasks. We collected experiences and opinions from 300 system administrators with the help of an online survey. All our respondents are system administrators, who work or have worked with firewalls. Our results show that only 32% of the respondents prefer CLIs for managing firewalls, while the corresponding figure is 60% for GUIs. We report the mentioned strengths and limitations of each interface and the tasks for which they are utilized by the system administrators. Based on these results, we provide design recommendations for firewall interfaces.

Place, publisher, year, edition, pages
USENIX Association, 2019
Keywords
Network security, Command line interface, Daily tasks, Design recommendations, Exploratory studies, Graphical user interfaces (GUI), Online surveys, System administrators, Graphical user interfaces
Identifiers
urn:nbn:se:kau:diva-76602 (URN)2-s2.0-85076095048 (Scopus ID)9781939133052 (ISBN)
Conference
15th Symposium on Usable Privacy and Security, SOUPS 2019, 12 August 2019 through 13 August 2019
Available from: 2020-01-30 Created: 2020-01-30 Last updated: 2020-02-27
5. Systematic Literature Review on Usability of Firewall Configuration
Open this publication in new window or tab >>Systematic Literature Review on Usability of Firewall Configuration
2018 (English)In: ACM Computing Surveys, ISSN 0360-0300, E-ISSN 1557-7341, Vol. 50, no 6, article id 87Article in journal (Refereed) Published
Abstract [en]

Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. The process of correctly configuring a firewall is complicated and prone to error, and it worsens as the network complexity grows. A poorly configured firewall may result in major security threats; in the case of a network firewall, an organization’s security could be endangered, and in the case of a personal firewall, an individual computer’s security is threatened. A major reason for poorly configured firewalls, as pointed out in the literature, is usability issues. Our aim is to identify existing solutions that help professional and non-professional users to create and manage firewall configuration files, and to analyze the proposals in respect of usability. A systematic literature review with a focus on the usability of firewall configuration is presented in the article. Its main goal is to explore what has already been done in this field. In the primary selection procedure, 1,202 articles were retrieved and then screened. The secondary selection led us to 35 articles carefully chosen for further investigation, of which 14 articles were selected and summarized. As main contributions, we propose a taxonomy of existing solutions as well as a synthesis and in-depth discussion about the state of the art in firewall usability. Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines.

Place, publisher, year, edition, pages
New York, NY, USA: Association for Computing Machinery (ACM), 2018
Keywords
usability, Firewall, systematic literature review, visualization
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-65622 (URN)10.1145/3130876 (DOI)000419881700010 ()
Projects
HITS, High Quality Networked Services in a Mobile World (4707)
Funder
Knowledge Foundation
Available from: 2018-01-18 Created: 2018-01-18 Last updated: 2020-02-27Bibliographically approved

Open Access in DiVA

fulltext(417 kB)19 downloads
File information
File name FULLTEXT02.pdfFile size 417 kBChecksum SHA-512
7c5a1296bb37c5ae3f8331a57e1fc55a16fe6ba1f0a5739c7977acdb4f7aed6f85793a9ef945d381ed9914a41a13ba183df914a1c6a2f6711fd8d5e9dd2a35b5
Type fulltextMimetype application/pdf

Authority records BETA

Voronkov, Artem

Search in DiVA

By author/editor
Voronkov, Artem
By organisation
Department of Mathematics and Computer Science (from 2013)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 19 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 66 hits
34567897 of 9
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf