Usability and Security of Personal Firewalls

Effective security of a personal firewall depends on (1) the rule granularity and the implementation of the rule enforcement and (2) the correctness and granularity of user decisions at the time of an alert. A misconfigured or loosely configured firewall may be more dangerous than no firewall at all because of the user’s false sense of security. This study assesses effective security of 13 personal firewalls by comparing possible granularity of rules as well as the usability of rule set-up and its influence on security.

[1]  Simson L. Garfinkel,et al.  Design principles and patterns for computer systems that are simultaneously secure and usable , 2005 .

[2]  Ben Shneiderman,et al.  Designing the User Interface: Strategies for Effective Human-Computer Interaction (4th Edition) , 2004 .

[3]  Anne Adams,et al.  Building security and trust in online banking , 2005, CHI Extended Abstracts.

[4]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[5]  Sonia Fahmy,et al.  Analysis of vulnerabilities in Internet firewalls , 2003, Comput. Secur..

[6]  Daniela Gerd tom Markotten Benutzbare Sicherheit in informationstechnischen Systemen , 2004 .

[7]  Steven Furnell,et al.  The challenges of understanding and using security: A survey of end-users , 2006, Comput. Secur..

[8]  Simone Fischer Hübner,et al.  Security and Privacy in Dynamic Environments : Proceedings of the IFIP TC-11 21st International Information Security Conference (SEC 2006) , 2006 .

[9]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[10]  Jakob Nielsen,et al.  Chapter 4 – The Usability Engineering Lifecycle , 1993 .

[11]  Steven Furnell Using security: Easier said than done? , 2004 .

[12]  Steven Furnell,et al.  Security Admin. Tools: Helping us to help ourselves , 2004 .

[13]  Nahid Shahmehri,et al.  A Usability Study of Security Policy Management , 2006, SEC.

[14]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[15]  Morten Hertzum,et al.  Usable Security and E-Banking: ease of use vis-a-vis security , 2004, Australas. J. Inf. Syst..

[16]  Steven Furnell Enemies within: the problem of insider attacks , 2004 .

[17]  Avishai Wool,et al.  The use and usability of direction-based filtering in firewalls , 2004, Comput. Secur..

[18]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[19]  Ben Shneiderman,et al.  Designing The User Interface , 2013 .

[20]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.