Vulnerabilities in personal firewalls caused by poor security usability

Poor usability of IT security present a serious security vulnerability which can be exploited to compromise systems that are otherwise secure. This is of particular concern when considering that the majority of people connecting to the Internet are not experts in IT security. Personal firewalls represent the most important security mechanisms for protecting users against Internet security threats. However, the knowledge and skills required to effectively manage and operate some aspects of a firewall may surpasses the capability of the average user. A set of security usability principles can be used to determined whether a security system has good usability. This paper evaluates the usability of personal firewalls systems by conducting a cognitive walkthrough to identify elements of the design which may violate these usability principles. The paper concludes with recommendations and suggestions for future work in the analysis and design of personal firewalls.