Control of the gateway security configuration policy Zha wei

Center of Network, Xianning College Xianning , China zhawei@163.com

Abstract—Today's Internet is more diversified in content, but

severely congested. After decades of development, the Internet

has profoundly affected our social life. However, filled with

many reactionary, violent, pornographic and other unhealthy

information, the Internet has became the breeding ground for

various social problems, which poses a severe challenge for

Network security. This article describes how to filter illegal

web pages to achieve a civilized, safe and healthy network

environment.

Keywords-Web Filtering; Content control; Network

Civilization Network Security

Due to the extensive development in computer network and communication technology, Internet, playing a more and more important role in politics, military, finance, business, transportation and education, prospers quickly. In turn, our society is heavily counting on it to obtain information and to communicate. Equipped with nearly complete information, computer network can deal with various tasks, benefiting the whole society and changing the ways people work and live. For example, users can obtain the necessary services, applications, information and entertainment they need anywhere and anytime.

With the rapid development of multi-media technology, which makes the net information more vivid, rich and complete, the interactions between human and computer deepen, in which event the application of Internet once again comes to its peak. But there is no denying that unhealthy information such as reactionary, violent and pornographic etc. which is having and will have a negative impact on certain people and even on parts of the society accounts for quite a large proportion of the total. So how to supervise and resolve the unhealthy information in the Internet and to

promote the Internet security has become the primary topic for the operators, suppliers, the government and the whole society involved.

Network filtering, as a security strategy filtering some selected information thereby purifying the network environment and meeting some other security demands as needed, comes into operation. So it is of practical and primary importance to achieve accurate and scientific webpage filtering.

I. CATEGORIES OF GATEWAY CONTROL

Gateway control falls into 3 categories according to its function:

A. Protocol gateway

As its name indicates, protocol gateway functions among different protocol networks. such as 802.3(Ethernet), IrDa(Infrared Data Association), WAN(Wide Area Networks) and 802.5, X2.5, 802.11a, 802.11b, 802.11g, and WPA etc. different networks have different data configuration, different data size and different transmission rate. In order to eliminate the differences among the different networks and to form a huge internet, protocol gateway is needed.

B. Application gateway

Application gateway mainly aims at certain specialized tasks transferring certain datum form into another thereby realizing data communication. It functions as certain specialized server and gateway. The most common one is mail server. As is known to all, email takes several forms such as POP3 SMTP FAX X.400 MHS etc. If SMTP provides gateways links from POP3 SMTP FAXX.400 and so on, then we can without any hesitation send

226978-1-4577-1415-3/12/$26.00 ©2012 IEEE

emails to other severs via SMTP.

C. Security gateway

One of the most commonly used gateway of its kind is package filter which is in fact to authorize the source address and the target address of the data package, the port number and the network protocol. i.e. it filters the information, letting pass the authorized data package, while intercepting and even discarding the unauthorized ones, whose function is in some way similar to that of the software firewall. But it deals with larger amount of data with greater speed and protects the whole local network without causing bottleneck to the Internet.

Generally speaking, a gateway dose not strictly belong to certain category because it has several functions. For example, the gateway of the visual broadband network is the combination of the data gateway and the multimedia gateway. And the gateway of the campus network linked to educational network serves as the data gateway and the security gateway as well.

II. WEBPAGE FILTERING TECHNOLOGY

A. URL filtering

URL filtering is the most commonly applied way of web page filtering. It extracts the URL address from users request, then combines it with the predefined forms or compares it with the URL database to judge the legality of the URL, and to decide whether or not accept the request.

The URL database which has established unhealthy websites or web addresses searches the suspicious online websites or web addresses via a system which can automatically browse the websites or web addresses based on the preset key words, then judges whether or not they are undesirable ones and registers them into the database. But as online information increases exponentially and as the dynamic web page technology matures, website increases rapidly which leads to the difficulty in tracing every URL. So we can not establish a database consisting of all of the URL address.

B. Content filtering

Content filtering is to write down the key words via

semantic analysis or to filter the photos of the web pages, then to intercept the web pages containing the key words or the photos and to replace them with warning information. In the course of word analysis, mistakes in the position of selecting the words often causes misjudgments leading to controversy. So judgments made by human are usually added to promote its accuracy, which undoubtedly increases expenses on administration. To date, it is a pity that content filtering aims mainly at the text rather than the photos, sounds and visuals. In addition, content filtering can not recognize the words imbedded in the photos.

C. Web page grading

Web page grading is to mark every web page via certain grading system based on its content and the other attributive characteristics, then to compare and decide whether or not to filter it while using it. At present, in web page grading field the Platform for Internet Control Selection (PICS) initiated by W3C is a filtering organization related to web page grading technology. It drew up a set of filtering platforms by using the grading system based on the evaluation of the web page content, whose primary purpose was for parents or teachers to control the content in the Internet accessible to children. But nowadays it is used for web page content filtering.

Web page grading is similar to movie or TV rating which is in line with certain standard called grading system speculating the category, the subcategory or the levels of the category and the specific grading method, which is in fact a network information classification method. To date, the popular one internationally is the PICS—RSACI and SAFESURF. RSACI including four categories—verbal rudeness, nude, sex and violence, is presented by the US entertaining software consulting committee. For each category, it specifies its danger by using 5 numbers--0-4. SAFESURF is a even more detailed grading system—it has 11 categories subdivided into 9 (1-9) levels describing the content of the web page apart from differentiating the related standards on given web pages on certain website.

Using grading system to filter the undesirable information can flexibly configure filtering module, and deeply reflect users’ thinking and values. It is the most

227

feasible method in the future. It is especially true if the web page authors, ISP, and ICP can spontaneously use grading system to grade the web page. As a result it will greatly expand the grading coverage, and will play a vital role in filtering the undesirable online information to purify the Internet environment.

There are mainly two parts in PICS grading. One is that the author of the web page grades the content; the other is that the given server classifies the content objectively and then provides service of grading.

Users first scan the content before clicking in. If the preset marker occurs on the web page, it will skip this page which prevents users from getting access to it. If ICS is used as precaution, browsers up to PICS standards such as Microsoft IE Netscape etc. are needed. If browsers are not up to PICS standards, its function can not be brought to full play. But there is no powerful regulation speculating that webpage content suppliers must marker their pages. Besides it is even impossible for the web page authors to marker their pages, which makes the whole system impossible to take effect.

Each of the three filtering methods has its own merits and demerits. At present, content filtering is probably the most reasonable while it costs the most in precaution and it counts on the related supervision. Actually information filtering is a keep or non-keep question—keeping the related information while omitting the unrelated. So the grading module is of vital importance. A perfect filtering system should be subject oriented, whose grading has a direct effect on filtering. Hence it is also of vital importance to select the filtering system according to the specific network context.

III. THE WEB PAGE FILTERING OF THE CHINESE GRADING

DATABASE BASED ON THE CHINESE URL

There is mountains of information based on the Chinese URL which is also numerous. The traditional web page filtering matches the content by the preset key words, which is low efficient , high misjudged and unpopular as well. Another filtering is to preset the URL list needed to be blocked and to conduct an instant URL match filtering , which is also not flawless—since there are numerous URLs,

it is impossible to realize all the filtering and renew the URL list by hand. Nowadays the most advanced method used around the world is to pre-grade URL according to certain standard, then to filter the categories by using gateway, which guarantees the filtering efficiency, completeness and effectiveness.

So we can make as a complete collection of URL as possible ,then conduct a multi-level grading and generate the URL grading database according to the URL pre-grading technology based on our Chinese culture, ethic, law, regulation, URL application areas and our online habits. URL search engine snatches URL across the country, mainly in mainland China, around the clock, then analyzes matches and filters the seized pages via intelligent multi-level grading system and man-made supervision and evaluation, and finally enters the database. To date, URL database consists of 47 categories with more than 12,000,000 URLs, whose grading standard is based on behavior instead of key words, i.e. the effect of URL visit on enterprises’ productivity is used as the grading principle.

Part of the grading is shown in the following table. BBS drug children Crime tricks

WEB military education Law violation

Real estate Online chatting Online deal vehicle

Press medical Ethic violation Adult

Non-profit

organization

Computer and

Internet

Prtals and

search engine

Job and

Recruitment

gambling reference religion sports

lottery science Cyber game sex

Art Literature virus entertainment

blogger business Remote Proxy politics

law IP Social life Advertising

Finance Stock, funds, foreign currency, securities, banking and others

travel traffic, lodging booking, and others

URL automatic grading engine is the URL intelligent grading technology. It intelligently analyzes and grades web pages according to the heightened Bayesian approach, the web texts, photos, frames, colors, the semantic meanings and the frequency and the proportion of the key words, and also the similarity of the web pages. A team specializing in URL grading and supervision can guarantee the accuracy of URL

228

grading.

New websites appear, and old ones vanish or the content on them changes every day. Servers are updating the URL database with the speed of over 3,000,000 entries every day to guarantee its recency which can be automatically updated to the users.

IV. THE POLICIES BASED ON WEB INTERFACE

WEB-based interface supports flexible strategy configuration,

for example:

Users, departments, and their combination

Time duration such as work hours, off-work hours, and

weekends

URL categories

URL key words

Downloaded file type

Frequency of Web visit and flow

Ways of filtering:

Allowance/ block

Allowance and register/ block and register

Strategy configuration is shown as follows:

Warnings of Web visits Violation

“Unable to display the desirable page” is usually presented

on screen if users fail to have access to Web information. If the

information is blocked due to preset strategy, a more friendly

interface telling the inaccessible reason will be provided to the user.

And the following is an case in point:

Conclusion

After having discussed the security strategies based on

gateway controlling and analyzed several web page filtering skills,

we come to the conclusion that it is available to achieve the best

option of web page filtering based on URL Chinese grading

database. This strategy is widely used by campuses and families in

blocking the undesirable information such as porn, gambling, drug,

reactionary and evil cult etc. and by enterprises as well to control

web visit. We will conduct in depth research in the near future on

how to promote the recognition rate of web content and to further

reduce the expenses on system operation in order to increase the

efficiency and accuracy of undesirable information blocking.

REFERENCE:[1] Wang Wenyong, Huang Lisheng. The analysis of Gigabit network

security supervision [J]. The Computer Science,2005, 32(3).[2] Huang Xuanjing, Wu Lide. Language independent text grading

method [A].2000 International Conference on Multilingual Information Processing [C].2000.37-43.

[3] Li Qiang. The Realization of the Internet undesirable information filtering alarm system [J]. Computer Engineering and Design, 2006 27 18 3419-342.

[4] Zhao Changlin. Eliminating anonymous proxy and defending intranet safety [J]. The world of net administrator. 2009,(8).

[5] Zhao Yaohua. Defending safety threats: one step to gateway security [J].Computer Security, 2004,(5).

[6] Xie Shenquan. Knowledge and network features [J].Journal of Software,1998 10(9):785-789.

[7] Mao Guojun. Theory and approach of data mining [M].Beijing: Qinghua University Press,2005.

[8] Yu Chenghang. Computer network and information security [M].Beijing: China Machin Press 2009.

229