The State of Network Security Management: Issues and Directions

Authors: 

Andrew T. Zhou
James Blustein
Nur Zincir-Heywood

Author Addresses: 

Faculty of Computer Science
Dalhousie University
6050 University Ave.
PO Box 15000
Halifax, Nova Scotia, Canada
B3H 4R2

Abstract: 

We describe the results of a survey of the state of practice in security management with a particular focus on intrusion detection systems (IDSs). We anonymously surveyed 17 system administrators from different countries and economic sectors (industry, government, etc.). The data is analysed in terms of administration team size and number of networks (single or multiple).

The results strongly indicate that the state of security management is poor and that sysadmins are satisfied with neither the performance nor the usability of their security administration tools. Many administrators do not perform regular checks of the networks they manage, and most of those checks require a great deal of time to perform. High false alarm rates are a serious problem with IDSs. However there is reason to believe that much of the resulting difficulty could be eliminated through the deployment of more suitable user interfaces. This analysis is the first step in the development of an improved interface for network intruder detection.

The survey and other work in the project are continuing.

Tech Report Number: 
CS-2003-06
Report Date: 
May 30, 2003
AttachmentSize
PDF icon CS-2003-06.pdf727.58 KB