Systematic Literature Review on Usability of Firewall Configuration
@article{Voronkov2018SystematicLR, title={Systematic Literature Review on Usability of Firewall Configuration}, author={Artem Voronkov and Leonardo Horn Iwaya and Leonardo A. Martucci and Stefan Lindskog}, journal={ACM Computing Surveys (CSUR)}, year={2018}, volume={50}, pages={1 - 35} }
Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. [] Key Result Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines.
Figures and Tables from this paper
17 Citations
Natural vs. Technical Language Preference and Their Impact on Firewall Configuration
- Computer ScienceHCI
- 2020
The results show that participants’ perception of a certain rule set representation depends on their firewall expertise, and participants with basic or intermediate knowledge of firewalls consider rule sets expressed in English to be 40% easier to understand, whereas advanced or expert firewall users deemed it to be 27% more difficult.
On optimizing firewall performance in dynamic networks by invoking a novel swapping window–based paradigm
- Computer ScienceInt. J. Commun. Syst.
- 2018
A simple condition for performing the swapping of the firewall's rules is proposed, using a novel “batch”‐based traffic estimator that provides network statistics to the firewall placement optimizer and a subtle but modified batch‐based embodiment of the Stochastic Learning Weak Estimator.
System Administrators Are Parting Ways With Command Line Interfaces: An Exploratory Study of Firewall Interfaces
- Computer ScienceArXiv
- 2019
The comparative characteristics regarding the strengths and limitations of the interfaces and for which tasks they are used by the security experts are reported and design recommendations for firewall interfaces are made.
A Feasible Anomaly Diagnosis Mechanism for Stateful Firewall Rules
- Computer Science2018 27th International Conference on Computer Communication and Networks (ICCCN)
- 2018
This paper describes the newly developed diagnosis mechanisms which can speedily discover anomalies of stateful rules within/among firewalls with an innovative data structure - Enhanced Adaptive Rule Anomaly Relationship (or Enhanced-ARAR) tree.
A Usability Evaluation of Let's Encrypt and Certbot: Usable Security Done Right
- Computer ScienceCCS
- 2019
A randomized control trial is conducted to evaluate the usability of Let's Encrypt and Certbot in comparison to the traditional certificate authority approach and highlights how usability improvements aimed at administrators can have a large impact on security.
Decision Tree for Multiclass Classification of Firewall Access
- Computer ScienceInternational Journal of Intelligent Engineering and Systems
- 2021
A decision tree classification algorithm with a tree-structured model is used for firewall activity analysis, which produces high classification accuracy and offers interpretation ability by presenting the classification model into a tree representation, which is a further advantage.
An archetype for mitigating the security threats in multi-cloud environment by implementing tree-based next-generation firewalls
- Computer ScienceJ. Intell. Fuzzy Syst.
- 2021
The proposed model has a heterogeneous cloud paradigm with a combination of firewall tracts to overcome rising security issues and also defines some advantages of NGFW to overcome these concerns.
System Administrators Prefer Command Line Interfaces, Don't They? An Exploratory Study of Firewall Interfaces
- Computer ScienceSOUPS @ USENIX Security Symposium
- 2019
The goal of this work is to investigate which interfaces system administrators prefer, and which they actually utilize in their daily tasks, and to provide design recommendations for firewall interfaces.
Usability Matters: A Human–Computer Interaction Study on Network Management Tools
- Computer ScienceIEEE Transactions on Network and Service Management
- 2020
An investigation based on the human-computer interaction perspective is presented and improvements on the usability aspects of network monitoring tools are proposed.
A review of scientific research in defensive cyberspace operation tools and technologies
- Computer ScienceJournal of Cyber Security Technology
- 2019
A review of relevant research in cybersecurity tools and technologies is performed, organized according to both active and passive Defensive Cyberspace Operations, which accounts for the bulk of the cyber research literature over the last two decades.
References
SHOWING 1-10 OF 90 REFERENCES
On the Usability of Firewall Configuration
- Computer Science
- 2008
The firewall configuration problem from the usability perspective is studied and models to measure the lexical and structural complexity of firewall configuration are proposed to examine where complexity lies in the configurations of real networks.
A Visualized Internet Firewall Rule Validation System
- Computer ScienceAPNOMS
- 2007
This work is to build a visualized validation system for checking the security consistency between firewalls' rule configuration and the demands of network security policies.
A novel three-tiered visualization approach for firewall rule validation
- Computer ScienceJ. Vis. Lang. Comput.
- 2011
A Feasible Visualized System for Anomaly Diagnosis of Internet Firewall Rules
- Computer Science
- 2012
This work is to build a feasible diagnosis system for checking the anomalies between firewalls' rules which often lead to the inconsistency between the demands of network security policies and firewall rule configuration.
A flexible and feasible anomaly diagnosis system for Internet firewall rules
- Computer Science2011 13th Asia-Pacific Network Operations and Management Symposium
- 2011
This work is to build a feasible diagnosis system for checking the anomalies between firewalls' rules which often give rise to the inconsistency between the demands of network security policies and firewall rule configuration, and a systematic visualization approach is developed.
A History and Survey of Network Firewalls
- Computer Science
- 2014
Little work exists in the area of firewall theory; however, this article summarizes what exists and high-level languages have been developed to simplify the task of correctly defining a firewall’s policy.
A quantitative study of firewall configuration errors
- Computer ScienceComputer
- 2004
Analysis of real configuration data show that corporate firewalls are often enforcing rule sets that violate well established security guidelines.
FIREMAN: a toolkit for firewall modeling and analysis
- Computer Science2006 IEEE Symposium on Security and Privacy (S&P'06)
- 2006
Fireman, a static analysis toolkit for firewall modeling and analysis, is introduced and used to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these networks.
Conflict classification and analysis of distributed firewall policies
- Computer ScienceIEEE Journal on Selected Areas in Communications
- 2005
All anomalies that could exist in a single- or multifirewall environment are identified and a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed firewalls are presented.
Visual analysis of complex firewall configurations
- Computer ScienceVizSec '12
- 2012
A visualization tool to support the network administrator in this complex task of understanding firewall rule sets and object group definitions, which consists of a hierarchical sunburst visualization, which logically groups rules or object groups according to their common characteristics, and classical tree view components for rules and object groups.