Title

An Investigation into factors inhibiting Australian end-users from utilising ADSL Router security effectively

Date of Award

2015

Degree Type

Thesis

Degree Name

Doctor of Philosophy

School

School of Computer and Security Science

Faculty

Faculty of Health, Engineering and Science

First Advisor

Professor Craig Valli

Second Advisor

Associate Professor Andrew Woodward

Third Advisor

Associate Professor Trish Williams

Abstract

Australia has consistently been identified as a major Internet user that will continue to be targeted by cybercrime. Some protection is afforded by specialised security software for computers. Asymmetric Digital Subscriber Line (ADSL) routers can complement specialised security software in counteracting the severity of cybercriminal activity. However, this relies on the adequate and appropriate selection of security mechanisms and controls on the ADSL router. Increasingly, there is research evidence of cyberattacks specifically targeting or exploiting vulnerabilities within ADSL routers. These cyber-attacks further demonstrate the need to adequately protect an ADSL router using best practice. Unfortunately, research shows that end-users typically do not possess sufficient knowledge to adequately implement appropriate security mechanisms with such technology. This doctoral thesis explores the underlying factors that inhibit Australian end-users from applying appropriate safeguards to protect their home network, with a predominant focus on the ADSL router. To investigate this issue, two formal questions were devised:

1. Can a universal method be developed to extract data of interest from previously used ADSL routers in Australia?

2. What factors inhibit end-users from appropriately securing their ADSL router?

The first research question was addressed through the examination of existing literature,and empirical analysis of ADSL routers in Australia. These processes were undertaken to develop a universal method, which could be utilised to scrutinise and audit the security state of ADSL routers used in a Small office Home office (SoHo) environment. The second research question was addressed through a series of research investigations that included interviews and case studies. These investigations resulted in a number of research outputs depicted through a series of publications, incorporated into this thesis.

The research questions were answered and the thesis contributes to the body of knowledge pertaining to SoHo network security by;

  • Demonstrating a validated and innovative approach to acquire data of interest from ADSL routers.
  • Demonstrating a method to acquire data of interest by bypassing any authentication mechanisms that may have been used by the owner.
  • Highlighting the physical constraints in ADSL routers, that prevents the devised method being applicable to all devices on the Australian market.
  • Demonstrating the lack of security mechanisms employed by end-users on ADSL routers in Australia.
  • Identification of the prevalent ongoing threats targeting ADSL routers, and the potential outcome should the attack be successful.
  • Uncovering the views and concerns end-users have towards computer and network security, and the measures which could be employed to mitigate these concerns.
  • Showing that ADSL router user manuals lack the structure and content of ideal technical product manuals. Solutions for the inadequate security practices contained in the manuals analysed have been proposed.
  • Identification of issues relating to the manner in which third parties can negatively affect the security decisions made by end-users.
  • Describing the issues surrounding the security information supplied by Internet Service Providers in securing an ADSL router.

This research demonstrates that a universal method for the acquisition of data from ADSL routers is not viable as a result of, manufacturer based hardware and software restrictions. Despite the hardware and software limitations, this research shows that endusers do not adopt and incorporate appropriate practices for safeguarding their ADSL routers. This has been further validated through informal interviews portraying the concerns and issues typically encountered when securely configuring an ADSL router. The outcome of the research validates that the casual influences identified in prior research are deemed a hindrance. Factors validated through this thesis, inhibiting endusers beyond their personal IT literacy and skill set in applying appropriate security may include: poorly designed supportive documentation by vendors; insufficient and inappropriate support by Internet Service Providers; flawed support from computer retail outlets; and, misleading or inappropriate online information in an Australian context.

Access Note

Access to this thesis –the full text is not available by author's request. Email request to library@ecu.edu.au

Access to this thesis is restricted. Please see the Access Note below for access details.

Share

 
COinS