The Framework of Network Policy on The Run-Time by idesajith

VIEWS: 41 PAGES: 8

									Short Paper
                       Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011



 The Framework of Network Policy on The Run-Time
            Reconfiguration Systems
                                            Barka Satya1, Ferry Wahyu Wibowo2
                        1
                         Department of Information Systems, STMIK AMIKOM Yogyakarta, Indonesia
                                                Email: barka.satya@gmail.com
                      2
                        Department of Informatics Engineering, STMIK AMIKOM Yogyakarta, Indonesia
                                                Email: ferrywahyu@gmail.com


Abstract—We present a framework of network policy due to                  difference layers, e.g. in the transport layer can be taken a
run-time reconfiguration systems. The framework provides a                secure socket layer (SSL). The method of SSL is used to web
methodology and a design representation which allow to plug               server. Physically, systems can also be secured by the firewall
in different design and implementation rules. Temporal                    that immediate between your system and the internet. A
partitioning and scheduling, back-end tools provide
                                                                          using of encryption technique can also be done in the
reconfiguration control, communication channel generation,
and estimation. This paper elaborates on two of the                       application-layer, so your data or your email message can’t
framework’s main issues: First, we discuss the design                     be read by an irresponsible party.
representation comprising aspects of the problem, the target                  In this paper we want to investigate a piece of security of
architecture, and the communication channels. Second, we                  information systems that can help an information systems
present a hierarchical approach to quality of service in service          owners and administrators to secure theirs information
quality method.                                                           systems such as local area network (LAN) and internet to
                                                                          provide a rapidly information. Accordingly, ease of use an
Keywords— framework, run-time reconfiguration, network,                   information accesses inverses with the information system
policy
                                                                          security level, more higher the security level more difficult to
                                                                          access an information. An information security is how we
                       I. INTRODUCTION                                    can prevent a fraud or, at least, detect a fraud in an information
    The internet technology makes an information,                         systems based, and the other side an information has no
communication and data storage-needs increasingly by the                  physical meaning. The internet system security can be
time. The technology also need for network security to secure             analyzed by the working of internet system. We considered
its operations that a lot of business enterprises used to it.             relationship between both computer on the internet and the
The transmitting data over radio wave or other medias to                  protocol used. To reach the destination server, package of
public side is possible to be listened and changed by a third-            the information must pass through several systems; e.g.
party. Not all of information open for public because of internet         routers, gateways, hosts, or other communication devices;
is widely computer networks that interact due to information              that are likely to be outside of our control. Each point is
exchange and have effort to guarantee confidentiality and                 traversed each other and has potential to be cracked,
security of transmitting information therefore holes of network           intercepted, forged. The weakness of an information system
security can be happened on operating systems, application                is located on the weakest component. Divides such problems
systems, hardware systems and computer networks. The                      into two groups of a safety measure of information security
issues of security are an importance aspect of an information             and intelligence. Security is associated with the data security,
systems to be held, so the following step to get the                      while the intelligence is associated with the searching,
performance of the information systems is to have an                      burglary, and wiretapping data. Both of them are equally
exploration such of researches relate on securities to reach a            important. For a company, the problem of data security is
confidentiality resources and data from an irresponsible third-           usually more important, meanwhile for the military and
party that the biggest factor happen on network security.                 intelligence, a data tapping issue is also more important
                                                                          because it concerns the security of the state.
                                                                              Various studies have been done by the previous
                                                                          researches, but they has not focused on the formation of
                                                                          policy networks in every stage of policy formulation by taking
                                                                          into account the value systems of actors and carried to fill
                                                                          the empty spaces in the theory of network policy is to be
                                                                          achieved in research on policy networks in policy formulation
                                                                          stage the public, and giving rise to new perspectives in the
                                                                          theory of public policy networks. For that study we try to
                                                                          formulate a clear policy network in order to improve and
                                                                          optimize the performance of internet services. In this study
Securing of information systems can be done via some of                   we also monitorize the performance of Internet services as a
                                                                    115
© 2011 ACEEE
DOI: 02.ACT.2011.03.67
Short Paper
                       Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011


reference to determine / identify the factors that cause of the           a decision. However, the internet security problems are less
problems that often occur so as to seek solutions to existing             noticed. This may be due to the viscous element of institutions
problems, such as configuration fixes, security fixes, and                which build the architecture of internet network. For example,
network design appropriate policy with reference to those                 IP version 4 is implemented on the Internet that has many
found through monitoring.                                                 drawbacks. It is trying to repair with secure IP and IP version
                                                                          6. Therefore, we need a system capable of securing the
                       II. BACKGROUND                                     distribution of such information. One way to be taken to
                                                                          overcome this problem is to apply the use of cryptographic
A. Framework of Policy Network
                                                                          transformation of data, so that data generated can’t be
    A framework is a collection of assumptions, concepts,                 understood by third parties. This transformation provides a
values, and practices that act as a way of viewing reality. A             solution to two problems of data security is the issue of privacy
framework is also defined as a structure of basic concept to              and authentication. Privacy means that the transmitted data
handle complex issues, on the other side framework is a logical           can only be understood by recipients of legitimate information.
structure for classifying and organizing complex information.             Authenticity while preventing a third party to transmit the
The incorrect of the concept of network policy have three                 incorrect data or change data that is sent. An information
terms, i.e. First, the main of network policy is to secure                security is very important and key to maintain confidentiality,
computer network. Basically, securing network isn’t the main              especially of such information should only be known by certain
term of the network policy, the main term is actually how to              parties and the information in the network tools that move.
secure process in the organization, in order to back process              Many obstacles to overcome when combining the tools that
up into effectively and efficiently to lack of risks due to human         are used and are in a very spacious environment. The barriers
error, administrator and other parties. A network policy                  include how to design devices that are quite intelligent, quick
provides blue print about what and how to secure the network              to work together, improve performance, and enables a high
in supporting process with the help of technologies and                   connectivity, and security of the system becomes a key factor.
configuration like firewalls, intrusion detection systems                 A device that only allows access for legitimate users and also
(IDSs), anti-virus (AV), back-up and restore strategies, locked           have to maintain secure communications when transmitting
doors and system administration checklist. Second, the                    to or receiving personal information.
network policy must available, integrity and complex.                         Utilization of Information Technology, media and
Practically, network policy that is effective and efficient can           communications has changed the behavior of both human
survive as well. The network policy that is complex generally             society and civilization globally. The development of
not proportional and ignored. The network policy is good, if              information and communication technologies has also led
a set of documents separated by specification of need and                 the world into a relationship without borders and causing
the target to whom, an administrator, user or third-party which           changes in social, economic, and cultural progress
are using. By the separating, the aim of policy can more easier           significantly. An information technology is currently trade-
to be absorbed by the audiences as each responsibility. Third,            off because in addition to contributing to the welfare,
network policy must have one hundred percent complexity                   progress and human civilization, as well as a means of
and work in one process. Practically, the network policy is               effectively act against the law. When this has been born of a
the process and continuous evaluation, even the dynamics                  new legal regime, known as cyber law or the laws of
of the organization involve in determination changes of the               telematics, the internationally used term to the law related on
network policy, because new policy works on the emerging                  usage of information technology and communications.
new lacks and threats on the network systems. That’s way                  Similarly, telematics law which embodies the convergence of
the work of network policy is never ending.                               telecommunications law, media law, and legal informatics.
    There is a process of network policy to form a team. The              Another term used also is the information technology law
common aspect of the writing of the network policy is the                 and the law of cyberspace. The activities carried out through
top-down approach process, although that isn’t an absolute                a network of computer and communication systems in both
requirement because of mixing approaches between both top-                local and global scope by making use of information
down and bottom-up approaches available to be implemented.                technology-based computer system where is in an electronic
The teamwork can be formed consist of personal who has                    system can be viewed virtually. Legal issues is often relevant
understanding of the applications worked on the network,                  when faced by the delivery of information, communication,
not just that but also knew business process in the institution.          and / or transactions electronically, particularly in terms of
So, each personal contributes uniquely as a background they               evidence and matters related to the legal act which is done
have to provide network policy effectively and efficiently.               through electronic systems. What is meant by an electronic
Computers are connected to other computers via local area                 system is a computer system in a broad sense, which includes
network. This is one example of an information technology                 not only hardware and computer software, but also includes
implementations. An information systems consist of human                  a telecommunications network and/or electronic
and technical components that accept, store, process,                     communication systems. Software or computer program is a
dispense, and transmit an information. Personnel of                       set of instructions expressed in the form of language, codes,
information system consists of staff and computers which                  schemes, or any other form, which when combined with media
collect data and process it into reports and use them to make             that can be read by computers will be able to make the
                                                                    116
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67
Short Paper
                       Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011


computer work to perform specific functions or to achieve                   B. Processing Data Instrument
specific results, including preparation in designing the                       Sample size is specified by using formula of proportion
instruction. Electronic systems are also used to explain the                method, as shown at equation 1 [9].
existence of information systems is the application of
information technology-based telecommunication networks
                                                                                         N
                                                                                               Z a / 22 . p.q
and electronic media, the design work, process, analyze,                                                                                (1)
display, and transmit or disseminate information electronically.                                     e2
Information system technical and management is actually                     Where N is number of sample, Z is number of normal
the embodiment of the application of information technology                 distribution that yield reliable level, α is reliable level, p is
products into a form of organization and management                         accepted proportion, q is denied proportion, and e is error or
according to the characteristics and needs of the organization              maximum difference between both sample proportion and
in accordance with the goal. On the other hand, the                         population which can be accepted for reliable level in the
information system technical and functional system is the                   data processing. Example for that formula, if Z = 1.96, α = 0.05,
integration between human and machine components that                       p = 0.5, and e = 0.1 then minimum sample size is 96.
include hardware, software, procedures, human resources,                        A validity test that is used to measure valid or no a
and the substance of the information in the utilization                     questinnair. A questionnair is valid if the question revealable
functions include input, process, output, storage, and                      something that will be measured. To easier our data
communication. Accordingly, the law has actually been long                  processing we use a software SPSS 10 for windows to examine
since expanded interpretation of the principles and norms                   validity of this research. Significant test is done by comparing
when faced with material that intangible issues, such as in                 rate of correlated item with its table for degree of freedom (df
the case of electricity theft as a criminal act. In reality cyber           ) = n-2, for n is sample number. If correlated item decreased
activities are no longer simple because the activities are no               by total correlation is positive then the question or indicator
longer limited by the territory of a country, which is easily               is valid. Before taking data is done, need to test validity and
accessible anytime and from anywhere. Losses can occur in                   reliability to list of questions that is used. A validity test in
both transactors and on others who never do a transaction,                  this research is used to test questionnaire validity. Validity
such as theft of credit card funds through purchases on the                 shows precisely and accurately an instrument to do
Internet. In addition, the verification is a very important factor,         measurement function [10].
considering not only the electronic information has not been                    The method is used to test of questionnaire validity based
accommodated within the legal system in Indonesia in a                      on coefficient of product moment person, as shown at
comprehensive manner, but also proved highly vulnerable to                  equation 2.
change, intercepted, forged, and sent to different corners of
                                                                                                    N XY   XY 
the world within seconds. Thus, the impact can be so complex                     rXY                                                   (2)
and complicated. The problems that occur more widely in the                              NX   2
                                                                                                           NY  Y 
                                                                                                     X 2          2       2


field of civil and criminal because the transactions for                    where rxy is a coefficient of product moment correlation, X is
electronic commerce activities through electronic systems                   an item rate, Y is a total item rate, and N is a number of
has become part of national and international commerce. This                respondent or data sample. The calculation is done by
fact shows that the convergence in information technology,                  computer-aided using SPSS (Statistical Package for Social
media, and information continue to grow without defense,                    Science) program. To determinant a numbers of item that are
along with the discovery of new developments in information                 valid or invalid, need to look at product moment table. The
technology, media, and communications. Activities through                   criteria of validity test assessment are if the correlated item
electronic media system, also called the cyber space, despite               rate is more than total correlation at the significant level 5%
the virtual nature can be categorized as an act of a real or                then the item is valid, but the other way if the correlated item
legal actions. In e-commerce activities, among others known                 rate is less than total correlation at the significant level 5%
to the electronic document whose position equated with                      then the item is invalid.
documents created on paper. In this regard, note the security                    A reliability is an index that shows a result of reliable
and legal certainty in the utilization of information technology,           measurement. A reability could be used if in several
media and communications in order to develop optimally.                     measurements is done and has relative same result in every
Therefore, there are three approaches to maintain security in               measurement aspect unchanged. The way to test a
cyber space, that is the approach the legal aspects,                        questionnair reliability is used an equation of coefficient of
technological aspects, social aspects, culture, and ethics. To              cronbach alpha as shown as equation 3.
overcome the security problems in the implementation of an
                                                                                                      kr
electronic system, the legal approach is absolute, because                                                                           (3)
without the rule of law, the issue of utilization of information                                 1 k  r r
technology is not optimal that the government should support                where  is a coefficient of cronbach alpha, k is a valid item
the development of information technology through the legal                 number, r is rate of correlated item, and 1 is a constant. A
and regulatory infrastructure.                                              reliability testing to all items or questions in this paper is
                                                                            defined in cronbach alpha. A cronbach alpha in this paper is
                                                                            using rate of 0.6 with the assumption that lists of question is
                                                                      117
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67
Short Paper
                       Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011


tested and reliable if the cronbach alpha > 0.6. A require-               the web. The user may be unaware of the firewall. This means
ments of measurement shows that coefficient of reliability                the firewall is transparent to the client.
() is about one (1), and if coefficient of alpha () is more than
                                                                          C. Circuit Level Relay Firewall
0.6 then the instrument has internal consistency reliability.
                                                                              A circuit level relay firewall is also transparent to the client.
                         III. FIREWALLS                                   It listens on a port such as port 80 for http requests and
                                                                          redirect the request to a proxy server running on the machine.
    Firewalls are mainly used as a means to protect an                    Basically, the redirect function is set up using ipchains then
organization’s internal network from those on the outside                 the proxy will filter the package at the port that received the
(internet). It is used to keep outsiders from gaining information         redirect.
to secrets or from doing damage to internal computer systems.
Firewalls are also used to limit the access of individuals on             D. Configuring a Proxy Server
the internal network to services on the internet along with                  The following packages are available in Linux:
keeping track of what is done through the firewall. Please                - Ipchains soon to be replaced by netfilter (Packet filtering
note the difference between firewalls and routers as described            supported by the Linux kernel). It comes with Linux and is
in the second paragraph in the IP Masquerading section.                   used to modify the kernel packet routing tables.
                                                                          - SOCKS - Circuit Switching firewall. Normally doesn’t come
A. Types of Firewalls
                                                                          with Linux, but is free.
    1. Packet Filtering - Blocks selected network packets.                - Squid - A circuit switching proxy. Normally comes with
2. Circuit Level Relay - SOCKS is an example of this type of              Linux.
firewall. This type of proxy is not aware of applications but             - Juniper Firewall Toolkit - A firewall toolkit product used to
just cross links your connects to another outside connection.             build a firewall. It uses transparent filtering, and is circuit
It can log activity, but not as detailed as an application proxy.         switching. It is available as open source.
It only works with TCP connections, and doesn’t provide for               - The TIS Firewall Toolkit (FWTK). A toolkit that comes
user authentication.                                                      with application level proxies. The applications include Telnet,
3. Application Proxy Gateway - The users connect to the                   Rlogin, SMTP mail, FTP, http, and X windows. it can also
outside using the proxy. The proxy gets the information and               perform as a transparent proxy for other services.
returns it to the user. The proxy can record everything that is
done. This type of proxy may require a user login to use it.              D. Ipchains and Linux Packet filtering
Rules may be set to allow some functions of an application to                 For complete information on the use of IP chains and
be done and other functions denied.                                       setting up a firewall, see the following Linux how-tos:
    The “get” function may be allowed in the FTP application,             - IPCHAINS-HOWTO
but the “put” function may not.                                           - Firewall-HOWTO
Proxy Servers can be used to perform the following functions.             - IP-Masquerade-HOWTO
- Control outbound connections and data.                                      Some of the information in this section is based on these
- Monitor outbound connections and data.                                  how-tos. This section summarizes and puts in simple steps
- Cache requested data which can increase system                          some of the items you will be required to perform to set up a
bandwidth performance and decrease the time it takes for                  firewall. It is not meant as a replacement for the Linux how to
other users to read the same data.                                        documents, but a complement to them by giving an overview
Application proxy servers can perform the following                       of what must be done. You may access the howtos from one
additional functions:                                                     of the websites listed in the Linux websites section. The Linux
- Provide for user authentication.                                        Documentation Project or Metalab’s Index of Linux
- Allow and deny application specific functions.                          publications will have copies if these howtos.
Apply stronger authentication mechanisms to some                          The administration of data packet management is controlled
applications.                                                             by the kernel. Therefore to provide support for things like IP
                                                                          masquerading, packet forwarding, and port redirects, the
B. Packet Filtering Firewalls
                                                                          support must be compiled into the kernel. The kernel contains
    In a packet filtering firewall, data is forwarded based on a          a series of tables that each contain 0 or more rules. Each table
set of firewall rules. This firewall works at the network level.          is called a chain. A chain is a sequence of rules. Each rule
Packets are filtered by type, source address, destination                 Firewalls contains two items.
address, and port information. These rules are similar to the             1. Characteristics - Characteristics such as source address,
routing rules explained in an earlier section and may be                  destination address, protocol type (UDP, TCP, ICMP), and
thought of as a set of instructions similar to a case statement           port numbers.
or if statement. This type of firewall is fast, but cannot allow          2. Instructions - Instructions are carried out if the rule
access to a particular user since there is no way to identify             characteristics match the data packet. The kernel filters each
the user except by using the IP address of the user’s computer,           data packet for a specific chain. For instance when a data
which may be an unreliable method. Also the user does not                 packet is received, the “input” chain rules are checked to
need to configure any software to use a packet filtering firewall         determine the acceptance policy for the data packet. The
such as setting a web browser to use a proxy for access to                rules are checked starting with the first rule (rule 1). If the rule
                                                                    118
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67
Short Paper
                       Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011


 characteristics match the data packet, the associated rule               section on IP message formats.
instruction is carried out. If they don’t match, the next rule is              - f Fragment
checked. The rules are sequentially checked, and if the end               When making changes to firewall rules, it is a good idea to
of the chain is reached, the default policy for the chain is              deny all packages prior to making changes with the following
returned. Chains are specified by name. There are three chains            three commands:
that are available and can’t be deleted. They are:                        ipchains -I input 1 -j DENY
1. Input - Regulates acceptance of incoming data packets.                 ipchains -I output 1 -j DENY
2. Forward - Defines permissions to forward packets that                  ipchains -I forward 1 -j DENY
   have another host as a destination.                                    These commands inserts a rule at location 1 that denies all
3.Output - Permissions for sending packets.                               packages for input, output, or forwarding. This is done so no
    Each rule has a branch name or policy. Policies are listed            unauthorized packets are not let through while doing the
below:                                                                    changes. When your changes have been completed, you
     - ACCEPT - Accept the data packet.                                   need to remove the rules at position 1 with the following
     - REJECT - Drop and the packet but send a ICMP                       commands:
          message indicating the packet was refused.                      ipchains -D input 1
     - DENY - Drop and ignore the packet.                                 ipchains -D output 1
     - REDIRECT - Redirect to a local socket with input                   ipchains -D forward 1
          rules only even if the packet is for a remote host.             Examples of the use of ipchains to allow various services
          This applies to TCP or UDP packets.                             Create a new chain:
     - MASQ - Sets up IP masquerading. Works on TCP                       ipchains -N chainame
          or UDP packets.                                                 The option “-N” creates the chain.
     - RETURN - The next rule in the previous calling chain               Add the chain to the input chain:
          is examined.                                                    ipchains -A input -j chainame
    You can create more chains then add rules to them. The                Allow connections to outside http servers from inside our
commands used to modify chains are as follows:                            network:
     - N Create a new chain                                               ipchains -A chainame -s 10.1.0.0/16 1024: -d 0.0.0.0/0 www -j
     - X Delete an empty chain                                            ACCEPT
     - L List the rules in the chain                                      The “-A chainame” adds a rule to the chain called “chainame”.
     - P Change the policy for a chain                                    The “-s 10.1.0.0/16 1024:” specifies any traffic on network
     - F Flush=Delete all the rules in a chain                            10.1.0.0 at port 1024 or above. The “-d 0.0.0.0/0 www” specifies
     - Z Zero the packet and byte counters in all chains                  any destination for www service (in the /etc/services file)
    Commands to manipulate rules inside the chain are:                    and the “-j ACCEPT” sets the rule to accept the traffic.
     - A Append a new rule to a chain.                                    Firewalls
     - I Insert a new rule at some position in a chain.                   Allow connections from the internet to connect with your
     - R Replace a rule at some position in a chain.                      http server:
     - D Delete a rule at some position in a chain.                       ipchains -A chainame -s 0.0.0.0/0 www -d 10.1.1.36 1024: -j
     - Options for masquerading:                                          ACCEPT
m -M with -L to list the currently masqueraded connection.                The “-A chainame” adds a rule to the chain called “chainame”.
m -M with -S to set the masquerading timeout values. IPchains             The “-s 0.0.0.0/0 www” specifies traffic from any source for
Options for setting rule specifications:                                  www service. The “-d 10.1.1.36 1024:” specifies the http server
Firewalls                                                                 at IP address 10.1.1.36 at ports above 1024 and the “- j
     - s Source                                                           ACCEPT” sets the rule to accept the traffic.
     - d Destination                                                      Allow DNS to go through the firewall:
     - p Protocol=tcp, upd, icmp, all or a name from /etc/                ipchains -A chainame -p UDP -s 0/0 dns -d 10.1.0.0/16 -j
          protocols                                                       ACCEPT
     - j Jump target, Specifies the target of the rule. The               The “-A chainame” adds a rule to the chain called “chainame”.
          target can be a user defined chain, but not the one             The “-p UDP” specifies UDP protocol. The “-s 0/0 dns”
          this rule is in.                                                specifies any dns traffic from any location. The “-d 10.1.0.0/
     - i Interface=Name of the interface the packet is                    16” specifies our network and the “-j ACCEPT” sets the rule
          received on or the interface where the packet will be           to accept the traffic. This allows DNS queries from computers
          sent                                                            inside our network to be received.
     - t Mask used to modify the type of service (TOS)                    Allow e-mail to go from our internal mail server to
          field in the IP header. This option is followed by two          mailservers outside the network.
          values, the first one is and’ed with the TOS field,             ipchains -A chainame -s 10.1.1.24 -d 0/0 smtp -j ACCEPT
          and the second is exclusive or’ed. The masks are                The “-A chainame” adds a rule to the chain called “chainame”.
          eight bit hexadecimal values. An example of use is              The “-s 10.1.1.24” specifies any traffic from 10.1.1.24 IP
          “ipchains -A output -p tcp -d 0.0.0.0/0 telnet -t 0x01          address. The “-d 0/0 smtp” specifies any smtp type of service
          0x10” These bits are used to set priority. See the              going anywhere and the “-j ACCEPT” sets the rule to accept
                                                                    119
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67
Short Paper
                      Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011


the traffic.                                                             exit 1
Allow e-mail to come from any location to our mail server:               ;;
ipchains -A chainame -s 0/0 smtp -d 10.1.1.24 smtp -j ACCEPT             esac
The “-A chainame” adds a rule to the chain called “chainame”.            exit 0
The “-s 0/0 smtp” specifies mail traffic from anywhere.                  else
The “-d 10.1.1.24 smtp” specifies mail traffic going to our mail         echo the /etc/iprules.save file does not
server and the “-j ACCEPT” sets the rule to accept the                   exist.
traffic.                                                                 exit 1
Perform a HTTP port redirect for a transparent proxy server:             fi
ipchains -A input -p tcp -s 10.1.0.0/16 -d 0/0 80 -j REDIRECT            3. Save the file in the /etc/rc.d/init.d directory.
8080                                                                     4. In the /etc/rc.d/rc3.d and the /etc/rc.d/rc5.d directories make
The “-A input” adds a rule to the input chain. The “-p tcp”              a symbolic link called S07packetfw to the
specifies the protocol TCP. The “-s 10.1.0.0/16” specifies the           /etc/rc.d/init.d/packetfw file with the command “ln -s /etc/
source as a network with netmask 255.255.0.0. The “-d 0/0”               rc.d/rc3/S07packetfw /etc/rc.d/init.d/packetfw”. This
specifies a destination of anywhere. The number 80 is the                applies to runlevel 3. Do the same for the runlevel 5
HTTP port number, and the command “-j REDIRECT 8080”                     initialization directory. Note: You may need to use a different
redirects the traffic to port 8080.                                      number than the “S07” string to number your link file. Look
Give telnet transmissions a higher priority                              in your /etc/rc.d/rc3.d and /etc/rc.d/rc5.d directories
ipchains -A output -p tcp -d 0.0.0.0/0 telnet -t 0x01 0x10"              to determine what number is available to give this file. Try to
The bits at the end of the line specified in hexadecimal format          give it a number just below your network number
are used to set the priority of the IP message on the                    file. On my system the S10network file is used to start my
network. The first value is and’ed with the TOS field in the IP          network.
message header, and the second value is exclusive or’ed.
See the section on IP message formats for more information.                                    IV. RELATED WORKS
Firewalls
Using ipchains-save and ipchains-restore to make rules                       In this paper we use the survey method to the further
permanent                                                                maximize the accuracy of the policy to be proposed, such as
When you are done setting your ipchains rules, use the                   by seeking a reference to the following important parameters,
following procedure while logged on as root to make them                 how sensitive information should be handled; how
permanent:                                                               maintenance IDs, passwords, and all accounts of important
1. Type the command “ipchains-save > /etc/iprules.save”.                 data; how to respond the potential security incident and trial
2. Create the following script named “packetfw”:                         security system disorders; how to use the workstations and
                                                                         the internet in the right way; and how do email management
#! /bin/sh                                                               system.
# Packet filtering firewall script to be                                     The frameworks of network policy that we reviewed are
used turn the firewall on or off                                         computer acceptable use which the documents have common
if [ -f /etc/iprules.save ]                                              characters due to all of computer users including server and
then                                                                     application worked on the network; the password that
case “$1” in                                                             describes the requirements on the usage of password for
start)                                                                   computer security and its application and how to choose
echo -n “Turning on packet filtering                                     good password and implement it; the policy to arbitrate usage
firewall:”                                                               of email including all aspects to optimally an available email
/sbin/ipchains-restore < /etc/iprules.save                               system; policy that arranges specification web browser which
echo 1 > /proc/sys/net/ipv4/ip_forward                                   allowed and how to implement it, configuration it and all
echo “.”                                                                 policies which arbitrate boundary access at the specific sites;
;;                                                                       policy that describes a mobile computing and portable storage
stop)                                                                    to be allowed on the network system; remote access can be
echo -n “Turning off packet filtering:”                                  used by who, and what specific location; how to configure
echo 0 > /proc/sys/net/ipv4/ip_forward                                   the gateway to get the optimality of network security; how to
/sbin/ipchains -X                                                        maintenance and configure wireless; enable and disable
/sbin/ipchains -F                                                        services of specific server; and describes an incident
/sbin/ipchains -P input ACCEPT                                           response plan. The network policy aims at optimality the
/sbin/ipchains -P output ACCEPT                                          network policy made and what factors can be allowed and
/sbin/ipchains -P forward ACCEPT                                         where to be applicated.
echo “.”
;;                                                                                                  V. RESULTS
*)
e ch o “ Us ag e : /e tc / in it . d/ pa c ke tf w                          There are some differences in the services which effect
{start|stop}”                                                            quality of services (QoSs) i.e. the different between both
                                                                   120
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67
Short Paper
                        Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011


customer’s hope and perception of management about                       that the instrument of relevance, accurate, responsiveness
customer ’s hope, QoSs specification, customer needs,                    and expectation variables are consistent statically.
communicating of services, and actualization performance of                  Coefficient alpha or known as cronbach’s alpha is used
perceptions. The difference of actualization performance of              to measure reliability or internal consistency among items of
perceptions is emerged by other factors which the size used              questions in the instruments. An item of measurement is said
by costumers in the assessment institution’s performances.               reliable if it has coefficient rate of alpha more than 0.6 [10]. A
However performances hope is difference with what has done               rate of internal consistency reliability is shown by table II.
and given by the institution.                                                                         TABLE II.
    In this paper we present research result by the survey                          DISTRIBUTION OF HIGHEST VARIABLES OF SATISFACTION
satisfaction of information system users which has been
surveyed. But first we do testing at the data collected through
research instrument analysis. It is very important due to
requirements of good instrument. A good instrument can be
accepted if research instrument be valid and reliable. For that
reason, the testing use two ways, i.e. validity and reliability
tests. The variables of respondent for this research consist
of gender and fields of work. The numbers of respondent are
two hundred people consist of 74 men and 26 women of field
of informatics engineering and 84 men and 16 women of field
of information systems. The variables of questionnaire
include responsiveness of 7 questions, reliability of 5                      Table 2 showed that each alpha coefficient in the variable
questions, empathy of 5 questions, assurance of 6 questions              is reliable because of each value more than 0.6. So the item of
and tangible of 5 questions. To analyze each variable is got             measurement at each variable is reliable generally and can be
rate scores from each component, thus making an interval at              used in the research process, meanwhile reliability test has
each value of variable. The result for variable of satisfaction          used one shot technique on cronbach’s alpha. The variable
is shown by table 1.                                                     indicators are stated reliable if alpha significance value is
                                                                         less than 0.05. A reliability test is used to show an observation
                              TABLE I.                                   result stability. In the reliability measurement is done by
           DISTRIBUTION OF HIGHEST VARIABLES OF SATISFACTION
                                                                         measuring correlation between both the answer of question
                                                                         and cronbach’s alpha statistic test. A reliability is tested
                                                                         relation with five common dimension of service quality
                                                                         (servqual). According to [10], the result of cronbach’s alpha
                                                                         less than 0.6 is poor reliability, and if about 0.7 is acceptable
                                                                         reliability and if more than 0.8 is good reliability.
                                                                          A validity test aims at testing each item to be able observe
                                                                         some factors. To analyze the difference of result that corrected
                                                                         item – total correlation has value more than 0.3 to get a high
                                                                         validity level. Determination of validity of questionnaire item
                                                                         is calculated by Pearson test or product moment, if the
From the table I, we can observe the scores of each variable             Pearson correlation more than 0.3 so the data is valid but if
was chosen by respondents have difference levels. The                    less than 0.3, the data is invalid. The data has valid result in
variable of responsiveness is enough; reliability and                    five factors.
assurance are good; and empathy and tangible are very good                   A gap 5 is a difference caused by perception and customers
those reflect to the relevance of output results.                        hope that are unstable. If customers measure an institution
    After get the result of questionnaire, thus do testing of            performance with the different ways or false in perception a
validity and reliability. In addition, all questionnaire will be         service quality. The gap 5 formula is a perception value
tested and then analyze the gap so will show the values of               decreased by an expectation value. A gap 5 analyzing is done
customer expectations and customer perceptions. A test of                by seeing gap between both customer expectation services
questionnaire validity has done to know the affectivity of               and value of customer to the institution services. The value
the instrument of measurement variable. A validity testing               of gap if negative (-) then services that are percepted
uses correlation technique of product moment, that is way to             inappropriate with an expectation services. The gap 5 is
correlate score each item wits its score. The valid criteria or          shown in table 3.
no is found in the table, example if the correlation variable                From the table 3 shown that responsiveness has highest
least than the value in table like the significant cronbach’s            gap, then reliability, assurance, tangible and empathy
alpha α = 5% so it isn’t valid statement. The result of validity         consecutively. If the quality (Q) = 1, then quality of service is
test and reliability to the questionnaires that spread to one            good.
hundred respondents showed that relevance, accurate,
responsiveness and expectation variables are valid and reliable
to measure research object behaviors and can be resumed
                                                                   121
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67
Short Paper
                        Proc. of Int. Conf. on Advances in Computing, Control, and Telecommunication Technologies 2011

                             TABLE III.                                                             REFERENCES
          RATES OF HOPE, PERCEPTION, GAP AND SERVICE QUALITY
                                                                          [1] H. Chaouchi, “A New Policy-Aware Terminal,” Network
                                                                          Control and Engineering for QoS, Security and Mobility, IFIP TC6/
                                                                          WG6.2 WG6.7 Conference on Network Control and Engineering
                                                                          for QoS (net-Con 2001), 2002.
                                                                          [2] S. Maity, P. Beral, S. K. Ghosh, and P. Dasgupta, “A Formal
                                                                          Verification Framework for Security Policy Management in Mobile
                                                                          IP based WLAN,” International Journal of Network Security & Its
                                                                          Application (IJNSA), vol. 2, no. 4, pp. 194-211, October 2010.
                                                                          [3] K. Anderson, “Intelligence-based Threat Assessments for
                                                                          Information Networks and Infrastructures,” White Paper of Network
                                                                          Risk Management, LLC, 2005.
                                                                          [4] L. Lymberopoulos, E. Lupu, and M. Sloman, “An Adaptive
                                                                          Policy Based Framework for Network Services Management,”
                           CONCLUSIONS                                    Journal of Network and Systems Management, vol. 11, no. 3, pp.
                                                                          277-303, 2003.
    In this paper we has presented due to the customer’s                  [5] N. Feamster, A. Nayak, H. Kim, R. Clark, Y. Mundada, A.
satisfaction of network policy on the run-time reconfiguration            Ramachandran, and M. bin Tariq, “Decoupling Policy from
system. The dimension of responsiveness for the policy has                Configuration in Campus and Enterprise Networks,” 17 th IEEE
to be interact able with other services and the usage of internet         Workshop on Local and Metro Area Networks (LANMAN), May
can minimize reduced information. For the reliability the                 2010.
network has to be provided a large capacity to the customer               [6] Juniper Networks, Campus Networks Reference Architecture,
used in order to get information as soon as possible. In the              Reference Architecture, Juniper Networks, Inc., 2010.
empathy case, the system input design is one of attractive to             [7] T. Benson, A. Akella, and D. Maltz, “Unraveling the Complexity
                                                                          of Network Management,” 6th USENIX Symposium on Networked
the services. The assurance of the network policy has to
                                                                          Systems Design and Implementation, pp. 335-348, 2009.
provide instruction of internet usage and the information                 [8] Q. Hu and S. Ma, “Does Privacy Still Matter in the Area of Web
more reliable and user-friendly. In case of tangible, the policy          2.0? A Qualitative Study of User Behavior Towards Online Social
have to appropriate with the device to interconnect each                  Networking Activities”, Proceeding of Pacific Asis Conference on
other. The results are achieved by the respondents who has                Information Systems (PACIS), paper 2, pp. 591-602, 2010.
filled the questionnaires and the data has been processed in              [9] R. M. Weiers, Introduction to Business Statistics, 3rd edition,
hierarchically methods.                                                   Pacific Grove, Calif. : Duxbury Press, 1998.
                                                                          [10] H. Wainer and H. I. Braun, Test Validity, Hillsdale, N.J. : L.
                                                                          Erlbaum Associates, 1988.
                                                                          [11] http://www.comptechdoc.org, 2011 november 5




                                                                    122
© 2011 ACEEE
DOI: 02.ACT.2011.03. 67

								
To top