Vulnerabilities in personal firewalls caused by poor security usability

Poor usability of IT security present a serious security vulnerability which can be exploited to compromise systems that are otherwise secure. This is of particular concern when considering that the majority of people connecting to the Internet are not experts in IT security. Personal firewalls represent the most important security mechanisms for protecting users against Internet security threats. However, the knowledge and skills required to effectively manage and operate some aspects of a firewall may surpasses the capability of the average user. A set of security usability principles can be used to determined whether a security system has good usability. This paper evaluates the usability of personal firewalls systems by conducting a cognitive walkthrough to identify elements of the design which may violate these usability principles. The paper concludes with recommendations and suggestions for future work in the analysis and design of personal firewalls.

[1]  Jakob Nielsen,et al.  Usability engineering , 1997, The Computer Science and Engineering Handbook.

[2]  Sonia Fahmy,et al.  Analysis of vulnerabilities in Internet firewalls , 2003, Comput. Secur..

[3]  Cathleen Wharton,et al.  Cognitive Walkthroughs: A Method for Theory-Based Evaluation of User Interfaces , 1992, Int. J. Man Mach. Stud..

[4]  R. Power CSI/FBI computer crime and security survey , 2001 .

[5]  Martina Angela Sasse,et al.  Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery , 2003 .

[6]  Juan José,et al.  Ranjit Kumar. Research methodology: a step-by-step guide for beginners , 1999 .

[7]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[8]  J. D. Tygar,et al.  Usability of Security: A Case Study, , 1998 .

[9]  Ivan Flechais,et al.  Usable Security: What Is It? How Do We Get It? , 2005 .

[10]  Peter Gutmann,et al.  Security Usability , 2005, IEEE Secur. Priv..

[11]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[12]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[13]  Audun Jøsang,et al.  An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems , 2008, AISC.

[14]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[15]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[16]  Audun Jøsang,et al.  Security Usability Principles for Vulnerability Analysis and Risk Assessment , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[17]  A. Smith,et al.  Research Methodology: A Step-by-step Guide for Beginners , 2012 .