A Decision Making Model Proposal for Firewall Selection

Abstract

Covid-19 pandemic required all the world to use internet more actively. As a result, individuals and businesses are more open to digital threats. In order to provide security within the network, firewalls should be used. Firewalls act as a gateway between the corporate and the external networks. Therefore, it is more important than ever to choose the right firewall for each network. In this study, a new linear decision making model is proposed in order to find out the most suitable firewall and the estimates are completed according to this new model. Also, this model is compared with multi-objective optimization on the basis of ratio analysis (MOORA) method. This study distinguishes from other studies by proposing a new solution which ranks the firewall alternatives using linear and MOORA approaches. These approaches are used in many fields before but not in information technologies. Thus, this study can be considered quite innovative in terms of the problem it handles and the approaches used. It offers up-to-date and practical suggestions related to a decision making problem that has not been previously studied in the literature.

1. Introduction

The development of internet in the past few years and the recent Covid-19 pandemic increased the usage of internet dramatically. Nowadays, many businesses operate through internet, many people around the world are working from home with the help of internet and many students are taking their classes online. Therefore, both the individuals and the businesses are open to threats from internet more than ever. As a result, both the personal and the corporate networks should be secured. Otherwise, these can have unbearable impacts especially for businesses. According to a study made by Verizon in 2019 [1], about 70% of cyber-attacks targeted network cloud services and resources. Thus, networks should be protected from unauthorized access. The term “firewall” means the combination of software and hardware products that protect any network from outsider’s unauthorized access [2]. Also, firewalls can be defined as solutions that act as a gateway between the corporate network and the external networks and are designed to solve the problems that the organization may encounter in their internet connection [3].

Firewalls are solutions that separate private parts of a system from public parts, allowing users to benefit from the system only at the level of their rights [3,4]. They define, limit and control access to the available corporate information [2]. Firewall’s main feature is to protect the information and resources behind the firewall from the public [4]. A firewall should have the following features in order to be functional; spoofing protection, user authentication, bandwidth control, network address encryption, data encryption and digital signature [2]. While configuring a network, network administrators make the decisions of configuring the firewall and these can bring challenges [5]. Human beings tend to make errors. Unfortunately, 60% of the security breaches occurred in 2019 are due to the errors made by network administrators [1]. Therefore, extra care should be shown while setting up the firewall in any network. In fact, how it is set up and managed is more important than the system itself [3].

The network administrator should list the subnets in its internal network and create a security matrix before deciding which firewall to choose. This security matrix helps determine which networks will reach which networks and servers as well as what rights to be granted [3]. Corporations consider several facts while choosing the best firewall for their needs. The most important of these facts is cost. The costs of the firewall should be in balance with its benefits [4]. Other features that need to be considered in firewall selection are; technical support, previous experience, services to be provided, performance, scalability, ease of use and configuration, remote and basic access control, preventing denial-of-service attacks and tracking logs of internet usage [2-4]. It doesn’t need to be only one firewall which is being implemented, a combination of different firewalls can also be used.

There are free open source firewalls provided by Linux and FreeBSD. However, these are viewed as primitive and overly simplistic [6]. These firewalls can be a good fit for personal networks or small scale institutions. However, for mid-size and larger corporations, closed source firewalls are better alternatives. Some product offerings for these are; Cisco’s Pix, Check Point, FortiNet’s FortiGate, SonicWall, Sophos XG Firewall and so on. In Fig. 1 below, the evaluation matrix of these closed source firewalls can be found. Most of these firewalls are in the section of either market leader or niche player. Only Huawei is in the challenger category and Forcepoint is in the visionary category. These products come forward with their features such as ease of management and highly reliable operation [6]. Therefore, their benefits for corporations compensate their prices especially for larger enterprises. However, for smaller and mid-size enterprises, these may be costly to maintain and their features may be more than what is needed overall. Therefore, an optimum of features, costs and needs should be found when selecting the right firewall.

Fig. 1. Matrix for Closed Source Firewalls

The major breakthroughs in computer and software technologies provided many opportunities in terms of support for decision makers in corporations and institutions. Before making a decision, all the alternatives should be considered and the best one which fulfills the needs of the decision maker should be chosen [7]. The decision makers, usually C-level executives or the top management, often refer to software systems for giving important decisions. These systems are called Decision Support Systems (DSS) and they receive certain information as input, analyze the data, make the necessary calculations and provide the best alternative as an output. Overall, DSS provides the following advantages:

• time savings by reducing decision cycle time, increasing employee productivity and providing more timely information,

• enhance effectiveness so managers can give better decisions,

• improve interpersonal communication by increasing communication and collaboration among decision makers,

• provide competitive advantage for the business,

• reduces cost by decreasing operating expenses and labor costs, . increase decision maker satisfaction by reducing frustration,

• encourage learning,

• increase organizational control by enhancing management understanding of business operations [8].

However, DSS has disadvantages as well. These are;

• collect data from many different resources and need to integrate data analysis, statistics, econometrics and information system all together and setting these up may be very costly,

• overemphasize decision making because DSS do not take into account the social, emotional and political factors. It only considers the rational factors.

• relevance assumptions, Winograd and Flores [9] states that “once a computer system has been installed it is difficult to avoid the assumption that the things it can deal with are the most relevant things for the manager's concern,”

• transfer of power by transferring the final decision to a software,

• unanticipated effects, DSS overloads decision makers with information and this may reduce the skills of decision makers,

• rejecting responsibility, decision makers want to blame DSS for false decisions, • objectivity problems may occur because using a computerized system doesn’t guarantee that individuals will be objective and rational in their decisions,

• fear of losing status, some decision makers fear that DSS will take their place and they need to make administrative work only,

• overwhelming information, DSS requires many inputs in order to make calculations and these may cause information overload in other parts of the system [8].

When using a DSS, both the advantages and disadvantages should be taken into account. Also, DSS can use many different models for giving the best decision. One of these models is the Linear Model. Linear models derive from the lens model equation [10], based on Brunswik’s lens model of human perception [11]. Linear decision model is used to find out the best alternative among several solutions. It sorts all the alternatives according to several criteria that are weighed according to their determined values.

Multi-objective optimization on the basis of ratio analysis (MOORA) method is one way of solving complex decision making problems. When there are problems including multiple conflicting criteria, then MOORA method can be used to choose the best alternative [12]. MOORA which is first introduced by Brauers [13] can be used in different industries. For example, Chakraborty [7] used MOORA for manufacturing industry, Kracka et. al. [14] applied MOORA method in construction industry for solving problems related to energy loss in building heating. Brauers and Zavadskas [15,16] and Brauers and Ginevicius [17,18] used the MOORA method in various fields of economy. Brauers and Zavadskas [15] used the MOORA method for project management in a transaction economy, and Brauers and Ginevicius [18] used the MOORA method to define the economic policy for balanced regional development in Lithuania.

The aim of this study is to first state the main and sub-criteria for choosing a firewall and find out the best firewall alternative among the offers received. In one of the studies for the selection of firewall; the best 5 products obtained as a result of scoring the technical criteria such as remote management, basic access control, controlling access to multiple servers, preventing DOS attacks and logging capability between 1 and 5 are shown with their prices [2]. In another study, it was suggested that an organization should make evaluations according to the answers of the following questions when choosing a firewall [19]. These are; determining what needs to be protected in the network, determining which services are included in the firewall and their cost, determining from whom the installation and configuration services will be received.

In the programs developed with the methods proposed in this study, decision makers will be able to evaluate the results of each firewall according to their own priorities by ranking the alternatives simultaneously with many methods. Since this evaluation may differ according to individuals and institutions, both linear model and weighted MOORA methods in which weight coefficients are used and other more objective MOORA methods are presented together in the proposed model. Thus, decision makers will have the opportunity to evaluate the ranking results both objectively and subjectively in the applications to be developed by using the proposed approach in this study.

1.1 Related Work

Many approaches have been created for the managers and decision-makers in evaluating and selecting the appropriate technology or the system for their organizations [20]. Especially, there are different kinds of methods used in multi criteria decision making (MCDM) except the linear model and MOORA analysis used in this study. Analytic Hierarchical Process (AHP), Complex Proportional Assessment (COPRAS), Elimination and Choice Expressing Reality (ELECTRE), Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS), and Step-wise Weight Assessment Ratio Analysis are among the most popular.

Different researchers used different methods in their studies for decision making in technology selection. Coldrick et al. [21] used the scoring method, Duarte and Reis [22] used the multi-attribute utility theory, Shen et al. [23] developed a hybrid model for technology selection based on a multi criteria decision making (MCDM) and principle component analysis (MCDMPCA), while Sahin and Yip [24] looked into technology selection for shipping techniques using an upgraded Gaussian fuzzy analytical hierarchical process (FAHP) model, and Xia et al. [25] looked into the sustainability of technology selection in a particular supply chain based on a modified strategic balanced scorecard.

In contrast to other methods mentioned above, both the linear model and MOORA technique considers both helpful and non-beneficial factors and applies different mathematical techniques. The MOORA method's technique yields the overall performance of alternatives based on a variety of factors. As a result of these benefits, the MOORA approach is simple to use and adaptable [26]. The mathematical underpinning of both the linear model and the MOORA approach is not complicated, making it simple to comprehend. The steps of the computational approach do not necessitate the use of any software [27]; instead, they can be carried out using the Microsoft Excel application. The time required to make the final decision is not excessive. There is no limit to how many criteria and problem options there can be. The computational technique is unaffected by the addition of any additional parameters [7].

In this study, a new linear decision making model is proposed in order to find out the best firewall alternative. MOORA method is used for ranking the alternatives too because this method can give effective results with simple mathematical calculations. Afterwards, both of these approaches are compared with each other. It is an important administrative problem for IT managers to determine the corporate firewall need and to meet this need economically and correctly. It is extremely vital that IT managers benefit from computer-aided decision models in business problems that needs decision making. In this study, the criteria of a real decision making problem are defined mathematically and its solution is presented with the help of 5 different models with real alternative data. Besides presenting the criteria used in the selection of firewalls to the literature, it is also shown step by step how to evaluate these criteria with the help of 5 different decision models. In the literature, there is not an adequate definition of criteria or use of methods to guide decision makers, institutions, and administrators regarding the firewall selection problem. When the study is considered as a decision making problem, it is quite innovative and offers up-to-date and practical suggestions in terms of the problem it handles and the methods used.

The rest of the study is as follows. In the next section, materials and methods will be explained. Methods include the proposed linear model and MOORA method. Data collection will be explained under this section as well. In the third section, results will be stated. In the final section, conclusions will be specified.

2. Materials and Methods

In this paper, several methods will be used in order to find out the most suitable firewall. These methods are the linear model and MOORA. These approaches are then going to be compared amongst each other in order to decide the best firewall alternative. Also, a new linear decision making model is developed for this study using a survey and the estimates are done according to this new model.

2.1 Linear Model

In order to construct a decision problem as a linear model, it is necessary to determine the criteria, the alternatives and the weights [28,29]. The weights are determined through multiple regression analysis of previous situations so that the optimal weights can be found for specific situations [29]. If the criteria to be used in the decision model are X₁, X₂, … X_m, a multi-criteria decision problem in the linear system can be expressed as a multi-dimensional F function, as shown in (1).

\(F=f\left(X_{1}, X_{2} ; \ldots X_{m}\right)\)       (1)

To define the decision problem, each alternative can be defined as K matrix as shown in (2).

\(K=\left[\begin{array}{ccccc} a_{11} & a_{12} & a_{13} & . . & a_{1 m} \\ a_{21} & a_{22} & a_{23} & . . & a_{2 m} \\ a_{31} & a_{32} & a_{33} & . . & a_{3 m} \\ . . & . . & . . & . . & . . \\ a_{n 1} & a_{n 2} & a_{n 3} & . . & a_{n m} \end{array}\right]\)       (2)

In matrix K; rows represent alternatives, columns represent values in alternatives for each criterion. In an element of the K matrix, is used to express the jth criterion value of the ith alternative. A description can be made for the alternatives as shown in (3). Defined criterion values can be defined as α as in (4). We can now express the matrix in terms of α. Matrix rows are defined as in (5) from i = 1 to n.

\(\mathrm{A}=\left\{\mathrm{A}_{\mathrm{i}} ; \mathrm{i}=1,2,3, \ldots, \mathrm{n}\right\}\)       (3)

\(\alpha=\left\{\alpha_{j} ; j=1,2,3, \ldots, m\right\}\)       (4)

\(\mathrm{A}_{\mathrm{i}}=\left\{\alpha_{\mathrm{ij}} ; \mathrm{j}=1,2,3, \ldots, \mathrm{m}\right\}\)       (5)

In this way, after defining the decision matrix, the maximum and the minimum values of each criterion are determined. The minimum value of the relevant criterion will be used for the criteria whose optimum value will be minimized, and the maximum value will be used for the values to be maximized. For each criterion, αjmax and αjmin values are calculated. Then, the normalization process is performed by dividing each value to the maximum or minimum such as α_ij / α_jmax. Finally, the below normalized matrix and formula for the linear decision model is reached as in (6).

\(\left[\begin{array}{ccccc} a_{11} & a_{12} & a_{13} & \ldots & a_{1 m} \\ a_{21} & a_{22} & a_{23} & \ldots & a_{2 m} \\ a_{31} & a_{32} & a_{33} & \ldots & a_{3 m} \\ a_{i j} & \ldots & \ldots & \ldots & . . \\ a_{n 1} & a_{n 2} & a_{n 3} & . . & a_{n m} \end{array}\right]\)       (6)

\(\sum_{j=1}^{m} W_{j}=1\)       (7)

In the above formula α represents the criteria to be considered and w represents the weight coefficient. The total of the weights should be equal to 1 as in (7). Finally, the below matrix as in (8) and (9) is reached.

\(\left[\begin{array}{c} f_{1} \\ f_{2} \\ f_{3} \\ \vdots \\ f_{n} \end{array}\right]=\left[\begin{array}{ccccc} a_{11} & a_{12} & a_{13} & . . & a_{1 m} \\ a_{21} & a_{22} & a_{23} & . . & a_{2 m} \\ a_{31} & a_{32} & a_{33} & . . & a_{3 m} \\ a_{i j} & . . & . . & . . & . . \\ a_{n 1} & a_{n 2} & a_{n 3} & . . & a_{n m} \end{array}\right] X\left[\begin{array}{c} W_{1} \\ W_{2} \\ W_{3} \\ \vdots \\ W_{m} \end{array}\right]\)       (8)

\(f_{j}=\sum_{j=1}^{m}\left(a_{i j} W_{j}\right)\)       (9)

By multiplying the decision matrix and the coefficient matrix, the objective function specified in (9), to be used in ordering the alternatives in the last case, is obtained as shown in matrix above in (8). For each alternative, the fi value in (9) is calculated, the alternatives are sorted in descending order according to the fi value, and the ordering of the alternatives is done in the linear function decision model to solve the problem. In this paper, the aim is to use this linear model in order to select the best firewall for a specific corporation according to their criteria importance.

2.2 Proposed Linear Model

In this model, cost, capacity and productivity main criteria are used. Cost main criterion consists of product price, license period, annual license fee and annual maintenance fee criteria. Capacity main criterion consists of the number of users and bandwidth criteria. Productivity main criterion is obtained by calculating the annual usage cost and total cost per user criteria. The below formula numbered as (10) is used for cost, capacity and productivity;

Cost(i) = W_x1.ProductPrice + W_x2.LicensePeriod + W_x3.LicenseFee + W_x4.

Maintenance Fee

Capacity(i) = W_y1.NumberofUsers + W_y2.Bandwidth

(10)

Productivity(i) = W_z1.AnnualUsageCost + W_z2.TotalCostperUser

F(i) = W₁.Cost(i) + W₂. Capacity(i) + W₃. Productivity(i)

The variables W_x1, W_x2, W_x3, W_x4 represent the weighting coefficients of the criteria of the Cost function.

W_y1 and W_y2 are the weight coefficients of the Capacity function,

W_z1 and W_z2 are the criteria of the Productivity function.

W₁, W₂ and W₃ are the weight coefficients of the sub-functions in the main function.

2.3 MOORA Method

The MOORA method consists of four different approaches. These are the Ratio System, the Reference Point, the Importance of Factor and the Whole Product approach.

2.3.1 The Ratio System Approach

The Ratio System approach starts with a matrix of criteria of alternatives. The initial matrix can be constructed as below shown in (11) [30,31]:

\(\qquad \qquad \quad C_1 \quad C_2 \quad \qquad \qquad C_n\\ D=\begin{gathered} A_{1} \\ A_{2} \\ \cdot \\ \vdots \\ A_{m} \end{gathered} \left[\begin{array} \text x_{11} & x_{12} & .. & . . & x_{1 n} \\ x_{12} & x_{22} & . . & . . & x_{2 n} \\ . . & . . & . . & . . & . . \\ . . & . . & . . & . . & . . \\ x_{1 n} & x_{2 n} & . . & . . & x_{m n} \end{array}\right]\)       (11)

\(\mathrm{W}=\left[\mathrm{W}_{1}, \mathrm{~W}_{2}, \ldots \ldots, \mathrm{W}_{\mathrm{n}}\right]\)       (12)

in where A₁, A₂, . . . , A_m are available alternatives,

C₁, C₂, . . . , C_n are criteria,

X_ij is performance rating of ith alternative with respect to jth criterion/attribute,

wj is weight (significance) of jth criterion,

m is the number of alternatives,

n is the number of criteria [30].

The basic idea of the ratio system part of the MOORA method is to calculate the overall performance of each alternative as the difference between the sums of its normalized performances, by the formula below numbered as (13) [30,31]:

\(y^{*}{}_{i}=\sum_{j=1}^{g} x^{*}{}_{i j}-\sum_{j=g+1}^{n}x^{*}{}_{i j}\)       (13)

where X_ij is the normalized performance of ith alternative with respect to jth attribute, g is the number of criteria to be maximized,

Yi* is the overall performance index of ith alternative with respect to all the criteria [30,31].

In this method, according to the values of calculated Yi*, the alternatives are sorted starting from the highest to the smallest and the highest ranked Yi* is revealed as the best decision for the decision maker.

2.3.2 The Reference Point Approach

The Ratio System approach constitute a base for this approach and therefore, necessary calculations should be made first. In this method the largest value for each alternative in the criteria to be maximized and the smallest value in the criteria to be minimized is determined as the reference point (r_i). Later, for each criterion, by taking the distance of the normalized values to this reference point, (14) is used for sorting the alternatives [32].

\(d_{i j}=r_{i}-X_{i j}^{*}, min _{i}max _{j}\left(d_{i j}\right)\)       (14)

2.3.3 The Importance of Factor

In this method, in addition to the calculations made by the ratio method, any criterion is multiplied with a specific w, weight coefficient, so that a certain rate of importance is applied to the criteria. In this way more important criteria will have a greater influence on the decision due to this weight coefficient. This situation is shown in (15) [32].

\(Y_{i}^{*}=\sum_{j=1}^{g} w \cdot X_{i j}^{*}-\sum_{j=g+1}^{n-g} w \cdot X_{i j}^{*}\)       (15)

2.3.4 The Whole Product Approach

The perfect product approach was proposed by Brauers and Zavadskas [15]. It is expressed with the variable U obtained from the division of the multiplication of the criterion values to be maximized to the multiplication of the criterion values to be minimized [15]. The order required for the decision maker is obtained by sorting the Ui value of the alternatives according to the descending order [33].

2.4 Data Collection

The data collection phase of the study consists of two parts. In the first stage, data were collected from experts to determine the criteria used in the decision model and the importance (the weighting coefficients) of these criteria. In the second stage, bids were collected from the distributors in order to determine the alternative products to be used in the decision model and to obtain the data regarding cost, capacity and efficiency on the criteria used in the decision model for these products.

In the first stage of data collection, face-to-face interviews were held with various experts working in the public and private sectors to determine the criteria to be used in the decision model. Then, in order to determine the importance of the criteria found appropriate by the experts, a total of 10 experts were interviewed by face-to-face questionnaire method. The questions asked to the experts are shown below in Table 1. The first two questions in Table 1 were asked to define the role / title of the expert and to learn how many years of experience he has in his profession. In the next questions, the weight coefficients of the criteria in the three main groups and the weight coefficients of sub-criteria within each group were asked. The questionnaire was prepared in the excel file as a spreadsheet so that the total weight ratio of the experts in each criterion group did not exceed 100, and the formula was prepared for the subtotals of each group, enabling the experts to see the total weight coefficient of the relevant group interactively while filling the questionnaire.

Table 1. Survey Questions Used in Expert Opinion to Determine the Weight Coefficients of the Criteria

The characteristics of ten experts who participated in the questionnaire and submitted their opinions are shown in Table 2. When Table 2 is analyzed, it is seen that three of the experts work in the private sector and seven of them work in the public sector. While three experts work as faculty members at the university, four of the experts are engineers and the other three are managers. While the expert with the least total professional experience is an engineer with 5 years of experience, the expert with the most experience is an IT manager with 28 years of experience. The average professional experience of the experts has been calculated as 15.1 years.

Table 2. Characteristics of Experts Participating in the Survey

In the second stage of data collection, distributors who provide corporate firewall sales services were contacted by phone and e-mail, and a price quote was requested for a firewall to be used in a cyber-security laboratory that will be built within the university. Bids received from a company as an example is shown in Appendix 1.

3. Methods and Materials

3.1 Criteria Weight Coefficients

The weight coefficients specified by the experts for the main and sub criteria in Table 1 are shown in Table 3. Group 1, shown in Table 3, refers to the cost criterion, while 1.1, 1.2, 1.3 and 1.4 refer to the sub-criteria of the cost criteria group. Similarly, Group 2 refers to the capacity criteria, 2.1, 2.2, 2.3 refers to the sub-criteria of the capacity criteria group, Group 3 refers to the productivity criteria, and 3.1 and 3.2 refers to the sub-criteria of the productivity criteria group. The geometric mean of the weighting coefficients was calculated in order to reflect the answers of the experts to the decision model as a group decision. The geometric mean of the weight coefficients calculated for the three main criteria groups and nine sub-criteria belonging to these groups are shown at the bottom of the relevant criteria in Table 3. Although geometric averages are calculated with 8 digits after the comma, they are shown in the table with 2 decimal places.

Table 3. Weight Coefficients Obtained from Survey Data

In order for the sum of the weight coefficients to be used in the model, their sum must be 1. Therefore, the weight coefficients in each criterion group are normalized by proportioning to the sum of all the weight coefficients in the relevant group. The geometric mean of the weight coefficients (W_j) of each criterion obtained from the survey data, the totals of these weight coefficients corresponding to their criteria groups ( \(\sum W j\) ) and the calculated normalized weight coefficients ( \(W j / \sum Wj\) ) are shown in Table 4. In Table 4, the variable of the criterion related to the survey questions and the weight coefficient of this criterion are also associated. For example, the variable of the criterion titled 1.1 asked in the questionnaire is X₁, the weight coefficient variable is w₁. The value calculated for this weight coefficient is 0.41. W₁, W₂, W₃ are the weight coefficients of the main criteria within the target function.

Table 4. Calculated Normalized Criteria Weight Coefficients

3.2 List of Alternatives

The data of the products received from the firewall sales distributors in order to create the alternatives and criterion values of the decision model are presented in Table 5. In this table, 10 different product and license options are presented together with criteria values in cost, capacity and productivity criteria groups. In the decision model, the best value for that criterion (with max and min values) is specified under each criterion in order to find out which criterion's maximum and which criterion's minimum value is more ideal within that criterion group and to carry forward the calculations in this direction. A3 and A4; A5 and A6 are the same products within themselves and diversified in the offer with different license terms. The total cost of ownership per user specified with X8 is calculated by dividing the total of the product price and the license fee by the number of users. The total support cost per user specified with X9 is calculated by dividing the one-year license fee by the number of users.

Table 5. Criteria Value Table for Alternatives

3.3 Linear Model Calculations

The criteria values in Table 5 were first normalized by dividing by the max or min value shown in the bottom row for each criterion. Afterwards, linear transformation is provided by taking the opposite of each criterion value according to multiplication. In the obtained linear matrix, the min and max values for the criteria groups are determined again and the criteria values in the linear matrix are divided by these min and max values and normalized again. As a result of this process, each criterion value is converted into a decision matrix with values between 0 and 1. The results of the decision matrix calculated for the linear model are shown in Table 6.

Table 6. Decision Matrix Table

In the next step, the value for each alternative of Cost, Capacity and Productivity functions, which are sub-functions of the target function, is calculated in the decision matrix in Table 6. For this, the values of the relevant criterion variables are multiplied by the weighting coefficients obtained from the survey data and then, summed. In the last case, the target function F is calculated by multiplying the sub-functions by their own weight coefficients and then, these results are summed. The solution of the decision problem obtained by listing the values of the relevant functions calculated for each alternative along with the maximized F values is presented in Table 7. When Table 7 is examined, F(i) values calculated for each alternative are seen. The alternative with the largest F(i) value represents the solution set of the decision problem with the linear model according to the determined weight coefficients. Accordingly, as a result of the calculations made with the linear model in Table 8, it is understood that the best alternative is the offer A7, and then A1 and A2. The worst option is the A6 alternative.

Table 7. Calculated objective function and values of sublinear functions

Table 8. Alternatives ranked by Linear Model

3.4 MOORA Methods

First of all, the square root of the sum of squares based on the MOORA ratio method and other MOORA calculations of the criteria values in Table 5 are calculated for X1..X9 criteria and shown in the second row in Table 9. In the third row of Table 9, the best reference values for each criterion to be used in the MOORA reference point method are specified. In the continuation of Table 9, there are normalized values of the criteria obtained by dividing the sum of squares by the square root. This division is the basis of the MOORA ratio method. In the bottom row of the relevant table, ri values that are closest to the reference point for each criterion are calculated and shown.

Table 9. Base Calculations for MOORA Methods

In Table 10, the calculations of alternatives according to four different MOORA methods including ratio method, reference point method, significance coefficient and exact product methods are made and the results are presented.

Table 10. MOORA Calculation Results of Alternatives

Ranked according to four methods of Moore, the alternatives are shown in Table 11. When Table 11 is examined, the best alternative is calculated as A8 according to the ratio, significance coefficient and exact product methods. According to the reference point method, the best alternative is calculated as A9, and A8 is the second best one in this method. While A2 is listed as the second best alternative in ratio and significance coefficient methods, A1 is the second best one according to the exact product method.

Table 11. Alternatives Ordered by MOORA Methods

In this section, first of all, the weighting coefficients required for the linear model and MOORA methods to be used in the decision model were obtained from the face-to-face survey with the experts and these coefficients were normalized. Afterwards, a decision matrix consisting of 9 criteria was created for each of the 10 alternatives to be used in decision models. For the linear model, the values of the objective function and sub-functions were calculated using the decision matrix. By ordering the alternatives from the largest to the smallest according to the objective function value, the best alternatives of the linear model were determined as A7, A1 and A2, respectively. In the continuation of the study, the necessary calculations were made in the decision matrix according to the MOORA methods, and the best alternatives were listed according to each of the 4 different MOORA methods. It has been seen that the best alternatives in MOORA Ratio and MOORA Significance Coefficient methods are A8, A2 and A10, respectively. A9, A8, A10 were the best alternatives in the MOORA Reference Point method, while A8, A1 and A2 were the best alternatives in the MOORA Exact Product method. Apart from the Reference Point method, A8 stands out as the first among the other 3 MOORA methods. In addition, the A2 alternative was in the top three in a total of 4 methods, including the linear model.

4. Conclusions

Decision making with the weighted sum of the criteria in the linear model is a very practical and simple mathematical process. Similarly, MOORA is a method that eases decision making in all areas with simple mathematical operations. For example, when looking at the studies conducted in recent years, MOORA method has been used successfully in location selection problems [34-36], supplier selection problems [37-39] and employee selection problems [33,40].

When the current studies performed to support the decision-making problems of information managers are examined; studies such as making computer replacement decisions [41], choosing a packaged software for the hospital information management system [42], choosing a registrar’s office automation [43], determining the effective criteria for cloud service provider selection [44], selection of cloud computing service providers [45-47] and selection of service providers according to cloud computing security requirements [48] are seen.

This study was performed to determine the most suitable product among the alternatives that can meet the firewall needs of an institution and have technically similar features. Only two studies were found related to selecting the right firewall for an institution. One of them uses a frequency analysis method for ranking the firewalls [2] and the other one does not mention a mathematical model and states only the best practices for selecting a firewall [19]. In this study, cost, capacity, productivity criteria and the weights of these criteria determined by the experts were used. The weight coefficients were obtained by analyzing data received from experts working as managers, academics and engineers. The alternatives used in this study were created by using the actual data in the price offer received from the sales distributors in order to reflect the real market conditions. Using the suggested criteria and the data obtained from the applications, alternatives were listed using the proposed linear decision making model and four MOORA approaches and the calculation steps in the rankings were presented.

In the proposed linear model, A7, A1 and A2 alternatives were the first, second and third respectively. In three MOORA approaches, A8 ranked first, while on the remaining one, A9 ranked first. A9 is at the bottom of the linear model ranking. When looking at the similar rankings obtained from all approaches, it can be stated that A1 and A2 alternatives are generally in the top three places. Unlike other approaches, because the A9 alternative is the first in the reference point method, when the criteria values are examined, it is understood that it is close to the best one because the license period is three years. It can be stated that this is because the MOORA reference point method only measures the distance to the best value without applying any weight or significance to the criteria. For the situation where A8 is the first in three of the MOORA approaches and A7 is the first in the linear method, it can be stated that the values are better normalized due to the operation performed by dividing the criterion values by the square root of the sum of squares in the MOORA method. In addition, while the criterion weights are directly reflected in the related criteria and main criteria functions in the linear function, these weighting coefficients are reflected only in the importance level method and only in the sub criteria in the MOORA method. Since the criterion weights are more in the foreground of the linear model, it would not be wrong to say that the proposed linear model achieves more sharp or subjective results due to the weight coefficients used.

In this study, a new linear decision making model was proposed on the determination of the firewall device, which is a problem that IT experts and managers have difficulty in making decisions. Also, this model is compared with four different MOORA approaches. Five methods, one of which are linear and four of which are MOORA, are used in this decision support model along with the weight coefficients provided by the managers and the alternatives were ranked for firewall selection and the most suitable alternative was selected. After this stage, the decision maker needs to choose the most appropriate alternative for the budget allocated by the institution among the ordered alternatives obtained by these five methods.

Some limitations of this study are; the weighting coefficients of the criteria are relative. Since companies will change according to their own priorities, the proposed method for solving the same problem offers different results due to different priorities according to sectors or managers. Although this is seen as a limitation of the method, it is an advantage for making subjective decisions based on priorities. The proposed method is based on linear function and MOORA methods. With simple mathematical calculations, the method can be easily applied for any selection and ranking problem. However, the proposed method is not suitable for problems that are nonlinear or cannot be modeled mathematically.

Considering the previous studies mentioned above, it is seen that the methods used in this study are used in many fields, but not in the field of informatics. A solution proposal ranking the firewall alternatives using linear and MOORA models is new in the literature. Researchers or IT managers can analyze any infrastructure or hardware needs in terms of capacity, cost and efficiency with the proposed methods, and can easily complete the decision-making process on the best alternatives to be obtained from the ranking results composed with different models. In this study, it is shown as an example how to use decision support models in solving similar decision problems. This study is presented as a different perspective so that experts and researchers can work on different decision making problems by showing how easy and useful it is to make decisions with simple understandable mathematical methods on a sample decision making problem. In future studies, the methods used here can be applied to decision-making problems in different fields or to other issues which information managers have difficulty in making decisions. In addition to the methods presented here, new studies using different methods can also be performed for the problem of choosing a firewall device.

Appendix