This Article Full Text (PDF) References Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Download to citation manager Citing Articles Citing Articles via Google Scholar Google Scholar Articles by Cavusoglu, H. Articles by Cavusoglu, H. Search for Related Content

Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems

School of Management, University of Texas at Dallas, Richardson, Texas 75083
School of Management, University of Texas at Dallas, Richardson, Texas 75083
Sauder School of Business, University of British Columbia, Vancouver, British Columbia, V6T 1Z2 Canada
huseyin{at}utdallas.edu
sraghu{at}utdallas.edu
cavusoglu{at}sauder.ubc.ca

Proper configuration of security technologies is critical to balance the needs for access and protection of information. The common practice of using a layered security architecture that has multiple technologies amplifies the need for proper configuration because the configuration decision about one security technology has ramifications for the configuration decisions about others. Furthermore, security technologies rely on each other for their operations, thereby affecting each other's contribution. In this paper we study configuration of and interaction between a firewall and intrusion detection systems (IDS). We show that deploying a technology, whether it is the firewall or the IDS, could hurt the firm if the configuration is not optimized for the firm's environment. A more serious consequence of deploying the two technologies with suboptimal configurations is that even if the firm could benefit when each is deployed alone, the firm could be hurt by deploying both. Configuring the IDS and the firewall optimally eliminates the conflict between them, ensuring that if the firm benefits from deploying each of these technologies when deployed alone, it will always benefit from deploying both. When optimally configured, we find that these technologies complement or substitute each other. Furthermore, we find that while the optimal configuration of an IDS does not change whether it is deployed alone or together with a firewall, the optimal configuration of a firewall has a lower detection rate (i.e., allowing more access) when it is deployed with an IDS than when deployed alone. Our results highlight the complex interactions between firewall and IDS technologies when they are used together in a security architecture, and, hence, the need for proper configuration to benefit from these technologies.

Key Words: information security; software configuration; information security technologies; firewalls; intrusion detection systems; economics of information systems; analytical modeling
History: This paper was received on September 26, 2006.