Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Challenges in Managing Firewalls
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0001-9203-0773
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0003-0778-4736
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0002-9980-3473
2015 (English)In: Secure IT Systems: 20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015, Proceedings, Springer, 2015, Vol. 9417, p. 191-196Conference paper, Published paper (Refereed)
Abstract [en]

Firewalls are essential security devices that can provide protection against network attacks. To be effective, a firewall must be properly configured to ensure consistency with the security policy. However, configuring is a complex and error-prone process. This work tries to identify the reasons behind firewall misconfigurations. To achieve our goal, we conducted a series of semi-structured interviews with system administrators that manage access control lists in networks of different sizes. The paper discusses our interview results and describes future work.

Place, publisher, year, edition, pages
Springer, 2015. Vol. 9417, p. 191-196
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9417
Keywords [en]
Access Control, Security Policy, Intrusion Detection System, System Administrator, Access Control Policy
National Category
Software Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-39073DOI: 10.1007/978-3-319-26502-5_13ISI: 000374098500013ISBN: 978-3-319-26501-8 (print)OAI: oai:DiVA.org:kau-39073DiVA, id: diva2:895451
Conference
The 20th Nordic Conference on Secure IT Systems, NordSec 2015, Stockholm, Sweden, October 19–21, 2015
Projects
HITS, 4707
Funder
Knowledge FoundationAvailable from: 2016-01-19 Created: 2016-01-19 Last updated: 2020-02-27Bibliographically approved
In thesis
1. Usable Firewall Rule Sets
Open this publication in new window or tab >>Usable Firewall Rule Sets
2017 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use.

The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified.

Abstract [en]

Network security is an important aspect that must be taken into account. Firewalls are systems that are used to make sure that authorized network traffic is allowed and unauthorized traffic is prohibited. However, setting up a firewall correctly is a challenging task. Their configuration files might be hard to understand even for system administrators.

The overall aim of this thesis is to identify firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conduct a series of interviews with system administrators. In the interviews, system administrators are asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we conduct a systematic literature review to get an understanding on the state of the art of the field. This review classifies available solutions and identifies open challenges. To achieve the second part of the objective, a set of usability metrics is proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability is identified.

Place, publisher, year, edition, pages
Karlstads universitet, 2017. p. 11
Series
Karlstad University Studies, ISSN 1403-8099 ; 2017:40
Keywords
Network Security, Usable Security, Firewall Configuration, Systematic Literature Review, Usability Metrics, User Studies
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64703 (URN)978-91-7063-817-6 (ISBN)978-91-7063-912-8 (ISBN)
Presentation
2017-11-27, 9C 204, Rejmersalen, Karlstad, 13:15 (English)
Opponent
Supervisors
Projects
HITS, 4707
Funder
Knowledge Foundation
Note

Artikel 3 i lic.uppsatsen som manuskript. Nu publicerat.

Available from: 2017-11-08 Created: 2017-10-17 Last updated: 2020-02-20Bibliographically approved
2.
The record could not be found. The reason may be that the record is no longer available or you may have typed in a wrong id in the address field.

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records BETA

Voronkov, ArtemLindskog, StefanMartucci, Leonardo

Search in DiVA

By author/editor
Voronkov, ArtemLindskog, StefanMartucci, Leonardo
By organisation
Department of Mathematics and Computer Science (from 2013)
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 344 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf