Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Natural vs. Technical Language Preference and its Impact on Firewall Configuration
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0001-9203-0773
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.ORCID iD: 0000-0002-9980-3473
2020 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Firewalls are network security components designed to regulate incoming and outgoing traffic to protect computers and networks. The behavior of firewalls is dictated by its configuration file, which is a written sequence of rules expressed by a set of keys and parameters. In this paper, we investigate whether certain representations of firewall rule sets can affect understandability. To collect data for our investigation, we designed an online survey for an audience who are familiar with firewalls, in which we aimed to compare two different rule set representations: iptables and English. We collected data from 56 participants. Our results show that participants’ perception of a certain rule set representation depends on their firewall expertise. Participants with basic or intermediate knowledge of firewalls consider rule sets expressed in English to be 40% easier to understand, whereas advanced or expert firewall users deemed it to be 27% more difficult. We will discuss the reasons for these results and describe their possible implications.

Place, publisher, year, edition, pages
2020.
National Category
Engineering and Technology Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-76773OAI: oai:DiVA.org:kau-76773DiVA, id: diva2:1394846
Conference
HCI INTERNATIONAL 2020
Projects
HITS, 4707
Funder
Knowledge FoundationAvailable from: 2020-02-20 Created: 2020-02-20 Last updated: 2020-02-27
In thesis
1. Usability of Firewall Configuration: Making the Life of System Administrators Easier
Open this publication in new window or tab >>Usability of Firewall Configuration: Making the Life of System Administrators Easier
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Firewalls are an important component of network security that serve to protect networks by regulating incoming and outgoing traffic. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals who deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found or the existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. We explore three different aspects of firewall configuration: 1) the syntax of rules, 2) the organization of rules in a rule set, and 3) the way rule sets are presented to a user. Using this acquired knowledge, we offer system administrators more usable firewall solutions and approaches to the configuration process that can help facilitate their daily work.

Abstract [en]

Most companies have access to the Internet and their corporate networks connected to it. Many threats to computer systems, e.g. worms, trojans, and denial-of-service attacks, can be encountered online and they may entail, for example, confidential data theft, service disruption and financial losses. Every organization, regardless of its size, type of activity or infrastructure, requires network security solutions in place in order to protect it from the ever-increasing number of cyber threats. Firewalls are an important component of network security that protect networks by regulating incoming and outgoing traffic.

Simply having a firewall does not guarantee any protection against Internet threats, unless it is properly configured. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals that deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found, or when existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. First, we conduct a series of semi-structured interviews with system administrators, in which we ask them about problems confronted when managing firewalls. After having ascertained that there are usability problems involved, we begin to address them. We compare two different firewall rule set representation approaches and identify that a preference for one or the other depends on the firewall expertise of the individual. We introduce and mathematically formalize a set of four usability metrics which are designed to evaluate the quality of firewall rule sets. Furthermore, we not only investigate which firewall interfaces are utilized and preferred by system administrators but also identify and classify the interfaces' strengths and limitations. Finally, we conduct a systematic literature review to gain an understanding of the state of the art in firewall usability. This review classifies the available solutions and identifies the open challenges that exist in the field.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 17
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:15
Keywords
network security, usable security, firewall configuration, firewall interfaces, usability metrics
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-77106 (URN)978-91-7867-098-7 (ISBN)978-91-7867-108-3 (ISBN)
Public defence
2020-04-03, 1B306, Fryxellsalen, 10:15 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2020-03-13 Created: 2020-02-27 Last updated: 2020-03-13Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records BETA

Voronkov, ArtemMartucci, Leonardo

Search in DiVA

By author/editor
Voronkov, ArtemMartucci, Leonardo
By organisation
Department of Mathematics and Computer Science (from 2013)Department of Computer Science
Engineering and TechnologyElectrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 36 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf