Skip to main content

Avoiding User Downtime Due to Setting & Authenticating Security

Researchers: Daniel Siewiorek, Asim Smailagic

Abstract

Avoiding User Downtime Due to Setting and Authenticating Security Settings and Policies

The goal of this effort is to formulate interaction models for mobile users seeking secure, remote network access. An initial study of local help desk logs indicated that remote access is a major source of end user network problems. A detailed analysis of 2.5 years of help desk data specific to remote access indicated that the average case duration was 49 hours and that one of the largest problems was obtaining adequate user rights upon connection. The main sources of denied security access were problems installing, configuring, and using VPN and conflicts with security policies, authentication, and registration. Further probing indicated that users did not even know, let alone understand, their security settings. The analysis points to major opportunities to record and learn from problem resolution and to match future problems with proven solutions.

Introduction

Resolving network interoperability problems is difficult and time consuming. Almost every user has experienced such a problem either directly, or as a by-product of a task they were attempting to complete. Problems may originate or be complicated by system heterogeneity, administrative policies, security practices, and end user errors or improper mental models.

It is necessary to obtain an understanding of network interoperability problem resolution. Remote network access is a rich source of information, frequent problems, and considerable detrimental impact on user efficiency. Given the general fog of uncertainty typically present in help desk support, we propose the following hypothesis:

  • End users frequently do not know their system state and how it needs to be modified for gaining remote, secure network access

Background Research

Although there has been considerable effort in developing knowledge databases and expert systems that allow users and help desk personnel to rapidly translate symptoms to problem root causes and solutions our literature search did not reveal any work that focused on capturing the characteristics of and downtime due to network interoperability problems from the perspective of an end user. It is especially important to note that end user downtime is often considerably more expensive than the actual cost to resolve the problem.

The main goals of an initial effort were to:

  • Characterize remote network access and interoperability problems, and
  • Identify key issues that produce downtime for remote end users.

Over 2.5 years of SCS help logs were reviewed and taxonimized. A large number of cases (54%) were resolved within one day of being reported. Inspection of the problem resolution shows that individual user cases linger on much longer. This pattern is likely due to delays incurred during diagnosis due to iterations on communication of symptoms and state. Improper or incomplete user mental models can lead to clarifying questions and requests for remote diagnosis (e.g., “What is entered in the username field?”). The tail for Single cases may be due to waiting periods for new application versions (e.g., VPN client, ISP client, etc).

The high rate of problems associated with the VPN implies that many cases were specifically due to problems originating from the use or application of security policies. The bulk of end user problems were due to insufficient user rights (55%). Also interesting was that security problems for both administrators and end users tended to consume more time than cases not involving security. Two security categories were examined: VPN and Realm. VPN cases included problems installing, configuring, and using the VPN. Cases associated with Realm included conflicts with security policies (e.g., mail relaying), authentication (e.g., password errors), and network card registration. Security problems were common – 41% of the cases and 47% of the time involved VPN and/or Realm. Overall, security problems take an average of 60 hours to resolve. VPN cases took an average of 104 hours to resolve.

In conclusion, security problems were frequent – especially for end users where the majority of the problems and case time were related to obtaining necessary user rights. The main sources of denied security access were problems installing, configuring, and using the VPN and conflicts with security policies, authentication, and registration. The findings confirm our hypothesis as related to security. The disconnect between the end users’ awareness of their security state and the security policies was pronounced and spread across a wide range of security topics. As such, the data strongly supports the following thesis:

  • End users frequently do not know their system state, especially from the perspective of realm and access requirements.

The high incidence of security policy related problems at end user machines is particularly interesting in that such problems can have significant negative impacts on end user productivity. However, problems stemming from a user’s inability to achieve a required level of security can directly restrict the ability of end-users to complete their work efficiently. Restrictions due to inability to meet security policy can lead to constraints on e-mail use, file and intranet access, use of licensed higher bandwidth connection modes, and use of task specific applications.

Proposed Research

We plan on pursuing an iterative approach to monitoring and correcting problems associated with the setting of security parameters. The first generation software will monitor user activity and produce output that can be processed into patterns to recognize when users are having security connectivity problems. Subsequent iterations will validate user settings in real-time. For example, network users often encounter barriers due to neglect of security tools. A common problem is that the user has not activated a VPN or enabled a similar security layer. Validation software would identify the absence of a VPN and either initiate one autonomously, request user permission to initiate one, or ask the user to manually initiate one.

Successful monitoring and validation capability permits the development of a suggestion function that can walk users through more complex security connectivity problems. In subsequent years, beyond the seed funding year, more advanced software can include an autonomous solution function that can instantiate temporary or permanent remedies without the user intervention. Administrators can use similar software that monitors real-time documentation of the problem or real-time data feeds from end-user software and provides suggestions and reminders. Another possibility is to use natural language processing on past user help requests and the corresponding administrator responses to automatically detect similar problems in the future and synthesize suggested administrator responses to those requests. Software can also provide suggestions to users for sub-optimal alternatives as the user progresses through problem resolution. In the case of the user who needs to access e-mail over a slow connection, the agent may suggest reduced encryption and security layers for faster interaction at the expense of e-mail sending functionality.