A Human-Network-Security-Interface for an Average Joe

Abstract

The size, number, and complexity of networks continue to increase at an extraordinary rate. Ensuring that these networks' security measures, such as Intrusion Detection Systems (IDS) and firewalls, are properly configured is more important than ever given the number of attacks that are occurring on a daily basis. This paper takes a more holistic view to address four key areas of network security, arguing that security is everyone's responsibility. With this in mind, we look at how information about the security of a network can be collected and translated into effective and reliable security policies and then validate that this information was translated correctly to accomplish the desired outcomes. We then propose a solution through the development, testing, and verification of a new network security instrument that allows natural language to be used to create IDS and firewall rules. With the use of this solution, novices who know little about network security can create effective policies and be satisfied that their networks are secure. This solution was implemented within OpenStack's cloud environment and supports a web interface that allows users to input rules using drop-down lists or open text areas. Using this network security instrument, 1000 input policies were collected from users of varying experience levels. Analysis of the collected data has shown its accuracy to be approximately 90.7% with room for further improvement still possible through further development.