Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems

Authors:
Huseyin Cavusoglu;Srinivasan Raghunathan;Hasan Cavusoglu
Affiliations:
School of Management, University of Texas at Dallas, Richardson, Texas 75083;School of Management, University of Texas at Dallas, Richardson, Texas 75083;Sauder School of Business, University of British Columbia, Vancouver, British Columbia, V6T 1Z2 Canada
Venue:
Information Systems Research
Year:
2009

Citing 23
Cited 6

A survey of intrusion detection techniques

Computers and Security
Authentication via keystroke dynamics

Proceedings of the 4th ACM conference on Computer and communications security
Testing and evaluating computer intrusion detection systems

Communications of the ACM
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Detection, Estimation, and Modulation Theory: Radar-Sonar Signal Processing and Gaussian Signals in Noise

Detection, Estimation, and Modulation Theory: Radar-Sonar Signal Processing and Gaussian Signals in Noise
How to Buy Better Testing

InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Experience with EMERALD to Date

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
An Immunological Approach to Change Detection: Algorithms, Analysis and Implications

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Firewall Design: Consistency, Completeness, and Compactness

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
A Decision Analysis Method for Evaluating Computer Intrusion Detection Systems

Decision Analysis
The Value of Intrusion Detection Systems in Information Technology Security Architecture

Information Systems Research
The Economic Incentives for Sharing Security Information

Information Systems Research
Guide to Firewalls and Network Security: Intrusion Detection and VPNs

Guide to Firewalls and Network Security: Intrusion Detection and VPNs
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security+ Guide to Networking Security Fundamentals, Second Edition

Security+ Guide to Networking Security Fundamentals, Second Edition
Principles of Information Security

Principles of Information Security
Network Software Security and User Incentives

Management Science
Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches

Decision Analysis
Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge

IEEE Transactions on Software Engineering
Security Patch Management: Share the Burden or Share the Damage?

Management Science
Intrusion-Detection Policies for IT Security Breaches

INFORMS Journal on Computing
Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions

Information Systems Research

Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment

Journal of Management Information Systems
An Analysis of the Impact of Passenger Profiling for Transportation Security

Operations Research
Decision support for Cybersecurity risk planning

Decision Support Systems
When Hackers Talk: Managing Information Security Under Variable Attack Rates and Knowledge Dissemination

Information Systems Research
Goals and Practices in Maintaining Information Systems Security

International Journal of Information Security and Privacy
Passenger Profiling and Screening for Aviation Security in the Presence of Strategic Attackers

Decision Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

Proper configuration of security technologies is critical to balance the needs for access and protection of information. The common practice of using a layered security architecture that has multiple technologies amplifies the need for proper configuration because the configuration decision about one security technology has ramifications for the configuration decisions about others. Furthermore, security technologies rely on each other for their operations, thereby affecting each other's contribution. In this paper we study configuration of and interaction between a firewall and intrusion detection systems (IDS). We show that deploying a technology, whether it is the firewall or the IDS, could hurt the firm if the configuration is not optimized for the firm's environment. A more serious consequence of deploying the two technologies with suboptimal configurations is that even if the firm could benefit when each is deployed alone, the firm could be hurt by deploying both. Configuring the IDS and the firewall optimally eliminates the conflict between them, ensuring that if the firm benefits from deploying each of these technologies when deployed alone, it will always benefit from deploying both. When optimally configured, we find that these technologies complement or substitute each other. Furthermore, we find that while the optimal configuration of an IDS does not change whether it is deployed alone or together with a firewall, the optimal configuration of a firewall has a lower detection rate (i.e., allowing more access) when it is deployed with an IDS than when deployed alone. Our results highlight the complex interactions between firewall and IDS technologies when they are used together in a security architecture, and, hence, the need for proper configuration to benefit from these technologies.