Use of Access Control List Application for Bandwidth Management Among Selected Public Higher Education Institutions in Ethiopia

A cross-sectional survey on use of access control list application for bandwidth management among selected public higher education institutions in Ethiopia was conducted. The objective was to help academic institutions achieve sustainable quality of network service and bandwidth management. 100 information and communication technology staff of 3 directorates of universities and located at Haramaya, Dire Dawa and Odabutum were sampled, using purposive and simple random sampling techniques. Structured questionnaire, interview and observation checklist used for data collection and analyzed to answer the research question. Results revealed a set of procedures performed by hardware, software and administrators, to monitor access, identify users requesting access, record access attempts, and grant or deny access to resources on the internet was used as access control list application. Also, revealed was qualitative data analysis that allowed students to bring their own devices (no matter the number) to connect to the campus-wide network. The implication of results in the three universities was that they were not taking bandwidth management seriously, which was evidenced by the absence of access control list application. It concludes that access control list application for bandwidth management is a necessity and Graphical Network Simulator software version 3 was recommended as appropriate for implementation.


Introduction
Public higher education institutions (PHEIs) in Ethiopia are those tertiary institutions that are sponsored by the government of the country by using public funds. Currently, most PHEIs are struggling to have reliable and usable internet access. According to [1], researchers and students can benefit very much from good internet connectivity and collaborate with other international academic communities with a reliable information delivery chain. The availability of internet networks in PHEIs is also advantageous to the universities network administrators; who follow bandwidth usage to protect the quality of network services. These network administrators will identify the different traffics, such as point of usage of the devices, and follow up the bandwidth as appropriate, to manage the area networks, which is one of the most essential assets for PHEIs [2].
The performance of an existing internet network infrastructure can further be enhanced by deploying a monitoring and control mechanism; primarily known as internet network bandwidth management. The primary aim of it is to improve internet network performance by monitoring and removing unnecessary web traffic. According to [3], the goal of internet network bandwidth management is to apportion bandwidth to the right applications, at the right place and at the right time. The amount of information that is transmitted at any given time along a data line, is measured in bit of available or consumed data communication resources, which is expressed in bits/seconds or its multiples (kilobits/s, megabits/s).
Networks are capable of carrying many types of services such as voice, data, images, and video but their access can as well be controlled with what is known as "access control list". Access Control List (ACL) aims at allowing network administrators to define policies, by controlling how users and/or the devices gain access to the network resources. It controls the bandwidth of incoming Computer Science and Information Technology 8(1): 24-35, 2020 25 and outgoing traffic by a list of individual users or even by service or application; with policies that include pre-admission endpoint security checks and post-admission controls; where users and devices can go on a network and what they can do [4].
Access control is typically common to both the wired and unwired infrastructures of a given organization; hence, one of the biggest drivers for access control list application (ACLA) is the ability to control guest access to a network. These technologies provide for traffic aggregation from access points, to allow network administrators to ensure that specific guests get a specified bandwidth or that all guest users are allocated an aggregate bandwidth in the network infrastructure [2].
In Ethiopia, the single Internet Service Provider (ISP), otherwise known as "Ethio telecom", which gives a shared infrastructure that provides internet service for its customers. In such cases, PHEIs in the country may need a policy on the amount of bandwidth that will be needed from the ISP shared system because they might be competing for bandwidth with other customers of Ethio telecom. A preliminary investigation by the researchers revealed that most Information and Communication Technology (ICT) virtual local area network (VLAN) of Ethiopian PHEIs get direct access to the internet without passing through proxy servers. Hence, the research question posed by the researchers in this paper is "what are the current techniques or mechanisms used by the ICT directorates of selected PHEIs that are located at Haramaya, Dire Dawa and Oda Bultum Universities for their bandwidth management?

Objective
The objective of the paper is to present a study on the assessment of the use of access control list application for bandwidth management among selected PHEIs located at Haramaya, Dire Dawa and Oda Bultum Universities in the Eastern Harerge of Harari Regional State of Ethiopia. It is not only to help academic institutions to achieve sustainable quality of service from their network and effectively utilize, evaluate and upgrade network bandwidth, apply bandwidth management and techniques but to also help network administrators to identify the role of access control list applications to manage bandwidth, control the network traffic flow and create great network infrastructure to reduce cost of bandwidth usage.

Access Control List Application
The study on use of Access Control List Application (ACLA) for Bandwidth Management (BWM) is important because the PHEIs have users of networks that include: university employees and students. The internet network services are used for so many different purposes, some of which are inappropriate or do not make the best use of the available bandwidth. The use is made for entertainment, download of multimedia files, which are not related to educational purposes. Such situations make the PHEIs' network to be one of the most challenging environments to manage the bandwidths. More so, the internet service provider (ISP) has shortcomings on providing internet services for customers who request for large amount of bandwidth. So, controlling or managing this precious resource is vital for both parties [2].
Access control is defined as the ability to allow only authorized users, programs or processes, systems or resources, to have access to the use of the internet. This restriction is usually the ICT function to introduce ACLA. The granting or denying access to the internet is according to a particular security model; of certain permissions to access a resource from the network. An entire set of procedures performed by hardware, software and administrators, to monitor access, identify users requesting access, record access attempts, and grant or deny access will be based on pre-established rules, which access control is the heart of the security [5][6][7].
However, [8] introduced the related knowledge of ACL technology, hardware requirements and software configuration. Discussions were made on the topological structure of campus network from the perspective of campus network planning to application of ACL technology in campus network. On the other hand, [9] studied the ACL Role-Based System, where observations and recommendations were made on the architecture, design and policy to increase the maturity of access control in the organization. But what happens with ACL implementations in many areas with the concept of rules that can be used to manage user authorization in large organizations? With the structure of ACL and the relation with database will define the efficiency and performance of a system. Once the system is working on an audit trail, all processing and action with the management of role and policies; will assist the ACL to perform as been intended to reduce potential risks and vulnerabilities embed in the network or through the VPN workflow as was recommended.

Bandwidth Management
Bandwidth is a very important network resource and plays a very key factor in networking [10]. It could be defined as a range within a band of frequencies or wavelengths or a reference to the data rate supported by a network connection or interface [11 & 12]. Although, bandwidth is one of the most required and most expensive components of the internet today, it is a general knowledge that the higher the available bandwidth, the better the performance of their networks but this is not always true rather actually dependent on certain factors 26 Use of Access Control List Application for Bandwidth Management Among Selected Public Higher Education Institutions in Ethiopia that includes; i.
The cost of bandwidth, which most organizations obtain as much as they can only afford rather than as they need. But most times, the users' demand on bandwidth exceeds the capacity of their link causing saturation and leading to network poor performance. ii. Challenge of bandwidth misuse and abuse causing such networks to surfer from bandwidth insufficiency or vulnerability of their networks. iii. The mismanagement of some networks. This was observed by [13] and stated that most research centers and educational institutions in Africa and the developing world are not managed at all thereby causing network failures and sometimes the extinction of such networks.
Therefore, the significance of bandwidth in a network cannot be overemphasized and becomes very necessary that there is the need for efficient bandwidth management [10]. Investigating bandwidth management in Zimbabwe universities, [14] defined bandwidth management as a generic term that describes the various techniques, technologies, tools and policies employed by an organization to enable the most efficient use of its bandwidth resources. The result of the survey, which had a sample of five universities showed that most universities did not have an official Acceptance Use Policy (AUP) to assist with bandwidth management. This according to the study affected a successful provision of managed network bandwidth within a university because it involved the application of many tools; encompassing a number of different techniques that were often expensive and rarely available for loan, as the study observed.
Accordingly, [15] observed that network traffic management, which is seen to be a relatively new category of network management, is fast becoming a necessity in converging business networks. However, controlling network traffic requires limiting bandwidth to certain applications, guaranteeing minimum bandwidth to others, and marking traffic with high or low priorities. In this case, the implementation of a whole network in real world is not easily possible because of its difficulty to establish the network. But when a single test bed containing multiple networked computers, routers and data links have been validated and verified, it would then become easy for certain network protocol or specific network algorithm to function in real world. In this case, the simulator will help the network developer to check whether the network is able to work in the real world. Thus both the time and cost of testing the functionality of the network would have been reduced and the implementation made easy. Network simulators are also particularly useful in allowing the network designers to test new networking protocols or to change the existing protocols in a controlled and reproducible manner [16].

Bandwidth Management Techniques/Mechanisms
Bandwidth management techniques/mechanisms include queuing and scheduling.

Queuing or First in First out (FIFO)
In the queuing or First in First out (FIFO) technique/mechanism, shows that the first packet in a queue is the first packet to be served. In a FIFO, packets are treated the same and if a queue becomes congested, incoming packets are dropped. The main advantage of FIFO queue is that it is simple and considered a good solution for software based routers. In case there is no congestion in a FIFO queue, resource allocation in a network is done fast due to the simplicity of the technique.
On the other hand FIFO does not provide a means of handling packets which are in different categories. In addition queuing delay increases as congestion increases which affect queued packets .Moreover during network congestion FIFO benefits non connection oriented flows such as User Datagram Protocol/Internet Protocol (UDP/IP) over connection oriented flows such as Transmission Control Protocol/Internet Protocol (TCP/IP). UDP is a communication protocol used across the Internet for especially time-sensitive transmissions such as video playback, while TCP/IP is a set of standardized rules that allow computers to communicate on a network such as the internet.
However, if a TCP packet is lost, TCP understands that the queue is full and therefore reduces the amount of packets being sent. On the other hand if an UDP packet is lost, UDP continues to send packets normally. This leads to unfair allocation of network resources between UDP and TCP flows. FIFO is effective in situations where the number of packets are less than the capacity of the queue; this is because in a case, where there are excess packets these packets are discarded [17].

Scheduling Technique/Mechanism
Scheduling technique/mechanism employs different actions on data packets in order to provide different levels of service. These mechanisms are meant to control the transmission of packets and therefore considered to have a great impact on the quality of service since it determines the sequence in which packets from different flows are processed. These mechanisms are also used to ensure that all packets are handled in a fair manner to prevent one user from utilizing more than his or her share of resources [18].

Methodology
The research method used for this research was a cross-sectional survey research, which employed a mixed data collection technique to collect data for the research. The population of the study was derived from the forty-five (45) PHEIs established in different parts of Ethiopia [19]. The researchers classified the PHEIs into three (3) generations based on their establishment period. Ten (10) were relatively older and categorized in first generation; twelve (12) were established somewhat later and categorized in 2nd generation and twenty-three (23) are newly established and categorized in third generation. This last generation of institutions is in the process of developing internet services and skilled professionals. The developments of the ICTs are directly proportional with their development.
However, the sampling technique used for the selection of the three universities (i.e. Haramaya, Dire Dawa and Odabultum universities) was cluster sampling by categorizing all universities in Ethiopia into three generations. Of the 45 PHEIs in Ethiopia, four of which are from the Eastern Haraghe of Harari Regional State of Ethiopia. They are also represented in each of the three generations of universities as categorized by the researchers as follows: Haramaya University (HU) in 1 st generation, Dire Dawa University (DDU) and Jijiga University (JiU) in 2 nd generation and Oda Bultum University (OBU) in the 3 rd generation respectively. However, the researchers used the representation as it were and only chose one university from the two in the second generation, which is DDU. Its choice was purposive and based on their level of ICT establishments, services, proximity to the researchers operational residents and environment. Therefore, the universities in the study were HU in 1 st generation, DDU in 2 nd generation and OBU in the 3 rd generation respectively.
As for the participants from the representative universities, the researchers based the sampling of the ICT staff from the population of the PHEIs involved in the study as follows: HU 39 out of 52, DDU 34 out of 45 and ODBU 27 out of 35, and bringing the total sample size of participants to 100 of the ICT staff from the PHEIs involved in the study. The sampling of the ICT staff was also based on the inclusion and exclusion criteria of the level of work experience and internet bandwidth management skills of ICT staff; those who know the current challenges of internet bandwidth management and the improper usage of internet bandwidth. Also, included were all ICT directors and IT technicians in the universities who know the current challenges on bandwidth management but administrative staffs, academicians and students were excluded. It was after the inclusion and exclusion criteria that the researchers applied simple random sampling techniques in the respective study area of the ICT staff to select the samples from HU 39, DDU 34 and ODBU 27 respectively.
The study area was East Hararghe, which is one of the Zones of the Ethiopian Region of Oromia. It takes its name from the former province of Hararghe. East Hararge is bordered on the southwest by the Shebelle River, which separates it from Bale, on the west by West Hararghe, on the north by Dire Dawa and on the north and east by the Somali Region. It is in the area that the three universities under study evolved to include Haramaya, Dire Dawa and Odabutum universities. While a brief history of the universities is as follows: i.
Haramaya University was founded in 1954, which is a PHEI, whose objectives are teaching, research and learning in two campuses ( In this study, a mixed data collection methods were used. They include quantitative data collection from the sample respondents using questionnaire. Both open ended and closed ended questions were included in the questionnaire. While qualitative data collection were also used that included observations checklist and interview schedules. As for the questionnaire, eighteen (18) data collectors were employed (i.e. 6 each at the three universities involved in the study). The Data Collectors were recruited and trained on the data collection instrument, principles with special attention paid on "good approach to the 28 Use of Access Control List Application for Bandwidth Management Among Selected Public Higher Education Institutions in Ethiopia respondents and ability to collect all needed research data included in the instrument.
The observation checklist was prepared and administered by the researchers. It served especially, on the existing practices of the access control list for network bandwidth management. The observation was more than just looking at the users but involved systematic, close viewing of actions, the recording of these actions, the analysis and interpretation of what was seen. In this study, the observation by the researchers, gained insights of how ICT staff in the universities practice the management of the universities bandwidth for proper usage of internet service by users and for bandwidth management.
The interview schedule were administered by the researchers also on the network administrators, system administrators and data center administrators of each university ICT directorate; on the current (traditional or physical) data center infrastructural architecture and internet access and policy trends on internet bandwidth management. The researchers used semi-structured interview schedule to obtain responses from the interviewee. The qualitative responses helped in articulating the stand of the respective ICT directorates of universities on the access control list application and the bandwidth management for internet access in the universities.
This study used descriptive and inferential statistics with SPSS version 20 software to answer the research question that was on the current use of ACLAs by the ICT directorates' staff of the selected PHEIs located at Haramaya, Dire Dawa and Oda Bultum Universities for their bandwidth management. The quantitative data derived from the questionnaire instrument were descriptively and inferentially analyzed to answer the research question, while the qualitative data analysis of the interview and observation information were analyzed based on the focus of the objectives of the study and to also answer the research question.

Results
The response rate for the study revealed that from the total 100 (100%) sample size of the ICT staff involved in the study and served with questionnaire, the response rate was also 100 (100%) returned of the questionnaire; thereby recording a 100% response rate for this study sample. Out of which, 39 (39%) were from HU; 34 (34%) from DDU and 27 (27%) from ODBU.

Current Use of ACLA Techniques or Mechanisms
The researchers sort to assess the use of ACLA for bandwidth management in selected PHEIs in Ethiopia. The result of the assessment will enable researchers recommend the appropriate ACLA for the ICT directorates of Haramaya, Dire Dawa and Oda Bultum Universities for bandwidth management implementation.
The respondents (i.e. ICT staff of the ICT directorates of HU, DDU and ODBU) were requested to "agree" or "disagree" on the 15 items being list of mechanisms or techniques derived by the researchers on ACLA that could be used for network bandwidth management in the institutions. The terms mechanisms or techniques are used interchangeably to mean one and the same concept in this text. The identified optional items of "agreement" or "disagreement" were measured in a two point scale, using an equal "mean difference" interval of 1.00. Thus, the guideline below was used to interpret the levels of agreement (i.e. "agreed" or "disagreed") of respondents on the 15 items listed in their questionnaire.
Here, a mean difference was considered Disagreed (DA), if it falls below or within the range of 1.00-2.00 and a mean difference within the range 2.00 and above was considered Agreed (A) for positive items on the list. Table  1 is the mean difference of the ACLA used for network bandwidth management and internet access usage of the ICT directorates in the HU, DDU and ODBU as responded by the ICT staff of the universities.
The Table 1 shows that all the ICT directorates of Haramaya, Dire Dawa and Oda Bultum Universities agreed on use of only one (1) form of the ACLA for bandwidth management. The item was item 3, which was "Use of a set of procedures performed by hardware, software and administrators, to monitor access, identify users requesting access, record access attempts, and grant or deny access to resources on the internet." Respondents disagreed (DA) on fourteen (14) items that include items 1-2 and 4-15; being majority of the techniques. This finding is as a result of the mean difference that falls below or within the range "1.00 -2.00" that identified the respondents' opinion as "Disagreed". The researchers had interviews with the network administrators, system administrators and data center administrators of HU, DDU and ODBU universities' ICT directorates. The responses were deduced as follows: "The data collected showed that all of the three universities have in one way or the other adopted bring your own device (BYOD); that is, they allow their students to connect to the campus-wide network using their own devices. Students at all the three universities were not required to logon to the networks using a generic username and password to access network resources." The researchers also had observation of the existing practices of the access control list for network bandwidth management.and found out that: "A number of devices were connected to the university networks, ranging from laptops and tablets to smart phones. There was no control as to how many devices a student can connect to the network, and network managers have no way of knowing how many devices an individual student or user connects to the network."

Use of Access Control List Application for Bandwidth Management Among Selected Public Higher Education Institutions in Ethiopia
To test the mean differences that exists among the ICT staff of ICT directorates of HU, DDU and ODBU on the use of ACLA for bandwidth management an inferential statistical analysis was employed to test a generated hypothesis that reads that "There is no significant difference among the mean difference of the ICT staff of ICT directorates of HU, DDU and ODBU on the use of ACLA for bandwidth management". A One-way analysis of variance (ANOVA) statistics was used to test the differences that exist in the null hypotheses. Also, a further test for significant difference on the ANOVA result was conducted using a Post hoc Scheffe's test and pair wise multiple comparisons. The choice of Scheffe's test is made in order to find out which pairs of means are significant. The Scheffe test corrects alpha for simple and complex mean comparisons and also has narrower confidence interval. Complex means comparisons involve comparing more than one pair of means simultaneously.
However, Table 2(a) contains a summary one way ANOVA result; comparing the opinions of the ICT staff of ICT directorates of HU, DDU and ODBU on the use of ACLA for bandwidth management.
Table 2(a) above on summary of One way ANOVA result on use of ACLA mechanisms/techniques for network bandwidth management and internet access usage in the universities; showed significant difference in the mean difference among the three (3) groups (i.e. ICT directorates of Haramaya, Dire Dawa and Oda bultum universities); as compared to "between groups and within the groups difference". Of the 15 items of the mechanisms/techniques on the table 2(a), item 3 was significant. The item's p-value = <0.05, the p-value was = <0.001. But all of the other 14 items out of the 15 items were not significant at p = >0.05. The items were 1-2 and 4-15. The items were all above p-value = >0.237 to 0.665 respectively. Hence, the researchers found that there were no bases for rejecting the null hypothesis since one of the items of the 15 items was significantly difference on the mechanisms/techniques used for network bandwidth management and Internet access usage among the ICT directorates of HU, DDU and ODBU Universities.
However, a further test for significant difference on the ANOVA result, was conducted using a Post hoc Scheffe's test and pair wise multiple comparisons on the use of ACLA among the ICT directorates of HU, DDU and ODBU Universities to provide specific information on which means are significantly different from each other.

Discussion
The study found that all the ICT directorates of Haramaya, Dire Dawa and Oda Bultum Universities agreed on use of only one (1) form of the ACLA for bandwidth management, which was "Use of a set of procedures performed by hardware, software and administrators, to monitor access, identify users requesting access, record access attempts, and grant or deny access to resources on the internet." The qualitative data analysis also revealed that all of the three universities have in one way or the other adopted bring your own device (BYOD), that is, they allow their students to connect to the campus-wide network; using their own devices that range from laptops and tablets to smart phones. There was no control as to how many devices a student can connect to the network, and network managers have no way of knowing how many devices an individual student or user connects to the network. The inferential statistics showed significant difference among the three universities on the use of ACLA mechanisms/techniques for network bandwidth management.
The implication of the result in this study is on the internet connectivity in institutions of learning, which is not just a necessity but very important for academic and non-academic activities. Another implication is that the three universities in this study were not taking bandwidth management seriously, which was evidenced by the absence of access control list application for bandwidth management. The absence of ACLA has been the major cause of wastage and misuse of internet resources in higher institutions of learning. Bandwidth allocation based on simply filtering by protocol or virtual local area networks (VLAN) type is not sufficient to meet bandwidth management needs in the universities. Again, the lack of restrictions on the number of devices a student could connect to the network at any given time, this practice may lead to over usage of bandwidth that may not be connected to educational purposes and disadvantageous to bandwidth management. Hence, the results of the study supports [14], [16] and [23] on bandwidth management in universities and network traffic management using dynamic bandwidth on demand, as well as the virtual dependence of human endeavour that is nowadays heavily dependent on computers and networks..

Conclusions
This study on use of access control list application for bandwidth management among PHEIs of Haramaya, Dire Dawa and Oda Bultum Universities in the Eastern Harerge of Harari Regional State of Ethiopia concludes that there was lack of the use of ACLA in the three PHEIs under study. Hence, access control list application is needed for bandwidth management to take into account more than just the protocol when assigning the relative importance of network traffic. But also for real implementation that needs a real network interface interaction. In this paper, therefore, the researchers propose a Graphical Network Simulator software version 3 (i.e. GNS3) as an ACLA for implementation by the ICT directorates of Haramaya, Dire Dawa and Oda Bultum Universities for their bandwidth management. GNS3 is an open source software with high modularity that support simulation for TCP, UDP, ICMP, IPv4, multicast routing, P2P and CSMA protocols. It supports ported code to make model validation easier and more credible. It is much more flexible than any other simulators and has wide range of use in both optimization and expansion of the existing networks.