Usable Firewall Rule Sets

Voronkov, Artem

January 2017

Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use. The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls. The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified. / Network security is an important aspect that must be taken into account. Firewalls are systems that are used to make sure that authorized network traffic is allowed and unauthorized traffic is prohibited. However, setting up a firewall correctly is a challenging task. Their configuration files might be hard to understand even for system administrators. The overall aim of this thesis is to identify firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conduct a series of interviews with system administrators. In the interviews, system administrators are asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we conduct a systematic literature review to get an understanding on the state of the art of the field. This review classifies available solutions and identifies open challenges. To achieve the second part of the objective, a set of usability metrics is proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability is identified. / HITS, 4707

Network Security

Usable Security

Firewall Configuration

Systematic Literature Review

Usability Metrics

User Studies

Computer Sciences

Datavetenskap (datalogi)

The Role of Firewalls in Network Security : A Prestudy for Firewall Threat Modeling / Brandväggars roll i nätverkssäkerhet : En förstudie för hotmodel- lering av brandväggar

Bonnevier, Jani, Heimlén, Sebastian

January 2018

Firewalls help protect computer networks from intrusions and malware by enforcing restrictions on what network traffic is allowed to pass through the firewall into the network. This thesis explores the role of firewalls in network security, with the ultimate goal of advancing attempts to create a threat model for firewalls. Five areas are explored, namely: Definitions of Concepts Firewalls vs. Services as Targets for Direct Attack The Past and Future of Firewalls Approach to Estimating Firewall Security Firewall Configuration and Security Policies These areas are explored using a questionnaire survey. Each question in the questionnaire is either tied to a particular area, or is used to evaluate the respondents’ credibility. The questionnaire has 15 questions, many of which ask for free text answers. The group of potential respondents consists of 209 individuals, of whom about 75 % are authors of scientific articles that discuss firewalls, penetration testing, and other relevant topics. The rest are information security professionals, journalists or bloggers of varying merit that were found online. 20 responses to the questionnaire were received. Responses to qualitative questions were codified to produce some quantitative data. The conclusions drawn based on the results include, among other things: Attackers tend to directly target network services rather than firewalls. Respondents disagreed on whether the role of firewalls is currently changing. A possible approach to estimating firewall security takes into account the network services that the firewall protects. Firewall configurations frequently do not match the security policies of the organizations in which the firewalls are deployed. / Brandväggar hjälper att skydda datornätverk från intrång och skadeprogram genom att begränsa den trafik som tillåts passera genom brandväggen in i nätverket. Denna uppsats utforskar brandväggars roll i nätverkssäkerhet med målet att göra framsteg i försök att skapa en hotmodell för brandväggar. Fem områden utforskas, nämligen: Definitioner av begrepp Brandväggar kontra tjänster som mål för direkta angrepp Brandväggens historia och framtid Tillvägagångssätt för att estimera brandväggssäkerhet Brandväggskonfiguration och säkerhetspolicyer Dessa områden utforskas via en enkätstudie. Varje fråga i enkäten tillhör antingen ett specifikt område, eller används för att evaluera respondenternas trovärdighet. Enkäten har 15 frågor, varav många efterfrågar fritextsvar. Gruppen potentiella respondenter består av 209 individer, varav cirka 75 % är författare av vetenskapliga artiklar som behandlar brandväggar, penetrationstestning och andra relevanta ämnen. Resten är professionella säkerhetskonsulter, journalister eller bloggare med olika meriter inom informationssäkerhet eller nätverk. 20 svar på enkäten togs emot. Svar på kvalitativa frågor klassificerades för att producera kvantitativ data. Slutsatserna som drogs baserat på resultaten inkluderar bl.a.: Angripare tenderar att ha nätverkstjänster som sina direkta mål, snarare än brandväggar. Respondenterna var oense om huruvida brandväggars roll just nu förändras. Ett möjligt tillvägagångssätt för att uppskatta brandväggssäkerhet tar hänsyn till de nätverkstjänster brandväggen skyddar. Brandväggskonfigurationer överrenstämmer ofta inte med säkerhetsriktlinjerna i de organisationer där brandväggarna är i bruk.

Computer and Information Sciences

Data- och informationsvetenskap