CN112398787B - Mailbox login verification method and device, computer equipment and storage medium - Google Patents
Mailbox login verification method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112398787B CN112398787B CN201910755465.0A CN201910755465A CN112398787B CN 112398787 B CN112398787 B CN 112398787B CN 201910755465 A CN201910755465 A CN 201910755465A CN 112398787 B CN112398787 B CN 112398787B
- Authority
- CN
- China
- Prior art keywords
- login
- mailbox
- behavior
- remote
- control system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
Abstract
The application discloses a method, a device and computer equipment for verifying mailbox login, relates to the field of information network security, and can solve the problem that high-risk login behaviors cannot be accurately and automatically intercepted, so that effective management control on mailbox login attack cannot be performed. The method comprises the following steps: configuring an installation attack discovery and risk control system so as to manage and control the mailbox login behavior; identifying and recording remote login information by using the attack discovery and risk control system; verifying the telnet information in the attack discovery and risk control system; and if the verification is successful, controlling to open a mailbox login process. The method and the device are suitable for verifying the mailbox login.
Description
Technical Field
The present application relates to the field of information network security, and in particular, to a method, an apparatus, and a computer device for mailbox login verification.
Background
So far, a large number of overseas hackers outside the leisure law break the mailbox passwords inside the enterprise through various tools or social work methods, manually throw the viruses or steal the information for other people inside the enterprise in a mode of mass-sending mails after logging in, once the passwords are broken, the hackers can use the credible IP to attack, the protection capability is seriously influenced, and the system security of a large number of user environments inside the enterprise is damaged.
In reality, the most common control of mailbox login is mainly to verify whether a source IP is an unfamiliar IP and to ensure the system safety by limiting the unfamiliar IP.
However, the above-mentioned method of determining secure login only through the source IP can only eliminate explicit attack, but is difficult to identify and discover as there is a weak password and a bug for the user to log in the mail server using a correct account password. Therefore, common protection means, including control login from strange IP and multiple login password error conditions, cannot effectively prevent the login from strange IP and cannot control mailbox login attack from the root.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, and a computer device for mailbox login verification, which can solve the problem that a high-risk login behavior cannot be accurately and automatically intercepted, and thus effective management control on mailbox login attack cannot be performed.
According to one aspect of the application, a method for verifying mailbox login is provided, and the method comprises the following steps:
configuring an installation attack discovery and risk control system so as to manage and control the mailbox login behavior;
identifying and recording remote login information by using the attack discovery and risk control system;
verifying the telnet information in the attack discovery and risk control system;
and if the verification is successful, controlling to open a mailbox login process.
Specifically, the configuring and installing an attack discovery and risk control system to manage and control a login behavior includes:
installing an attack discovery and risk control system;
and carrying out management configuration on a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list and a browser list.
Correspondingly, the identifying and recording of the telnet information by using the attack discovery and risk control system specifically includes:
extracting a process creation rule in the mailbox client tool list;
if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior;
if the remote control behavior is judged to be the active operation behavior, acquiring a machine unique identifier corresponding to the control operation;
and encrypting and storing the unique machine identifier to a network management center in the attack discovery and risk control system to realize remote login and dotting.
Specifically, if it is determined that there is a control operation matching the process creation rule, identifying a remote control behavior, specifically including:
acquiring a browser plug-in and a browsing process corresponding to the remote control behavior;
determining a uniform resource locator which is accessed by the current browser according to the browser plug-in and the browsing process;
matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior;
and if the matching is unsuccessful, judging that the remote control behavior is abnormal, and terminating the login operation.
Specifically, the verifying the telnet information in the attack discovery and risk control system specifically includes:
extracting a target machine unique identifier in the remote login information;
matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine;
and if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification.
Correspondingly, when the login operation is terminated, the method specifically includes:
and outputting prompt information for forbidding login.
According to another aspect of the present application, there is provided an apparatus for mailbox login verification, the apparatus comprising:
the configuration module is used for configuring and installing an attack discovery and risk control system so as to manage and control the mailbox login behavior;
the identification module is used for identifying and recording remote login information by utilizing the attack discovery and risk control system;
the verification module is used for verifying the remote login information in the attack discovery and risk control system;
and the control module is used for controlling to open the mailbox login process if the verification is successful.
Specifically, the configuration module is specifically configured to install an attack discovery and risk control system;
and carrying out management configuration on a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list, a browser list and a credit granting terminal list.
Specifically, the identification module is specifically configured to extract a process creation rule in the mailbox client tool list;
if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior;
if the remote control behavior is judged to be the active operation behavior, a machine unique identifier corresponding to the control operation is obtained;
and encrypting and storing the unique machine identifier to a network management center in the attack discovery and risk control system to realize remote login and dotting.
Specifically, the identification module is specifically configured to obtain a browser plug-in and a browsing process corresponding to the remote control behavior;
determining a uniform resource locator which is accessed by the current browser according to the browser plug-in and the browsing process;
matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior;
if the matching is unsuccessful, judging that the remote control behavior is abnormal, and terminating the login operation.
Specifically, the verification module is specifically configured to extract a target machine unique identifier in the remote login information;
matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine;
and if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification.
Correspondingly, the output module is used for outputting the prompt message of forbidding login.
According to yet another aspect of the present application, there is provided a non-transitory readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described method of mailbox login verification.
According to yet another aspect of the present application, there is provided a computer device including a non-volatile readable storage medium, a processor, and a computer program stored on the non-volatile readable storage medium and executable on the processor, wherein the processor implements the method for mailbox login verification described above when executing the computer program.
Compared with the prior art that whether the source IP is the unfamiliar IP or not, the mailbox login behavior can be managed and controlled by configuring and installing the attack discovery and risk control system, the remote login information can be specifically identified and recorded by using the attack discovery and risk control system, the remote login information is verified, and the mailbox login operation is controlled to be opened only after the verification is passed. The method can ensure that only the terminal which executes the remote login and is checked can log in the mailbox server, and all other illegal logins can be refused, thereby greatly improving the mailbox remote login protection capability, being capable of controlling mailbox login attacks from the root and ensuring the system security of the enterprise user environment.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application to the disclosed embodiment. In the drawings:
fig. 1 is a flowchart illustrating a method for verifying mailbox login according to an embodiment of the present application;
fig. 2 is a flowchart illustrating another mailbox login verification method according to an embodiment of the present application;
fig. 3 shows a client dotting flowchart provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram illustrating an apparatus for verifying mailbox login according to an embodiment of the present application;
fig. 5 is a schematic structural diagram illustrating another mailbox login verification apparatus according to an embodiment of the present application.
Detailed Description
The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Aiming at the problem that the high-risk login behavior cannot be accurately and automatically intercepted at present, so that effective management control on mailbox login attack cannot be carried out, the application provides a mailbox login verification method, as shown in fig. 1, the method comprises the following steps:
101. and configuring an installation attack discovery and risk control system so as to manage and control mailbox login behaviors.
The execution subject of this embodiment may be a terminal that needs mailbox login detection and protection, and the mailbox login behavior is managed and controlled by configuring and installing an attack discovery and risk control system on the terminal.
102. And identifying and recording the remote login information by using the attack discovery and risk control system.
The remote login information may include a remote control behavior and a machine unique identifier corresponding to the login terminal. The remote control behavior may be further divided into a user active operation behavior and a program automatic implementation behavior, where the user active operation behavior refers to an operation actively performed by a user through an interactive device such as a keyboard, a mouse, or a touch screen, for example: double-clicking a certain program icon on the desktop by the mouse, executing the program, and opening a certain file through the process sequence menu. Compared with the program automatic implementation behavior, the behavior under the active operation of the user has different behavior permission grants, such as: exe (Office suite of microsoft), under the active operation of a user, any document file at any position can be read and written, but under the condition of non-active selection of the user, the file can only operate a file (temporary file) created by the user.
103. And verifying the remote login information in the attack discovery and risk control system.
For the embodiment, the verification of the remote login information is mainly the verification of the machine unique identifier corresponding to the login terminal, and is used for judging whether the machine unique identifier meets the configuration standard of the machine unique identifier.
104. And if the verification is successful, controlling to open a mailbox login process.
For this embodiment, in a specific application scenario, when it is determined that the machine unique identifier in the telnet information meets the machine unique identifier configuration standard, the mailbox login process can be controlled to be opened.
By the mailbox login verification method in the embodiment, management control can be performed on mailbox login behaviors by configuring and installing the attack discovery and risk control system, remote login information can be identified and recorded by the attack discovery and risk control system, the remote login information is verified, and after the verification is passed, the mailbox login action is controlled to be opened. The method can ensure that only the terminal which executes the remote login and is checked can log in the mailbox server, and all other illegal logins can be refused, thereby greatly improving the mailbox remote login protection capability, being capable of controlling mailbox login attacks from the root and ensuring the system security of the enterprise user environment.
Further, as a refinement and an extension of the specific implementation of the foregoing embodiment, in order to fully describe the specific implementation process in this embodiment, another method for verifying mailbox login is provided, as shown in fig. 2, the method includes:
201. and installing an attack discovery and risk control system.
The attack discovery and risk control system (F & C) comprises an attack discovery and risk control terminal, an attack discovery and risk control server and a network management center (central control), wherein the attack discovery and risk control terminal is mainly used for detecting and identifying remote control behaviors, and when a login behavior actively operated by a user is detected, a machine unique identifier (MID) of the login terminal is uploaded to the network management center in an encrypted form and is stored for a certain time so as to be convenient for the attack discovery and risk control server to inquire and use; and the attack discovery and risk control server is used for receiving the strategy issued by the network management center. And then after detecting that the terminal needs to remotely log in, requesting query from a network management center, returning the dotted MID list to the server in an encrypted form by the network management center, decrypting the dotted MID list by the server, judging whether the unique identifier of the target machine in the dotted MID list is matched with the configuration template corresponding to the unique identifier of the machine, if so, allowing remote login, and if not, rejecting the remote login. The network management center is used for storing the MID of the login terminal sent by the attack discovery and risk control terminal, namely, realizing the record of remote login dotting, and after receiving the request of the attack discovery and risk control server terminal for acquiring the MID list, all the MID stored locally are sent to the attack discovery and risk control server terminal in the form of the list so as to verify the unique identifier of the target machine.
202. And managing and configuring a network management center in the attack discovery and risk control system, wherein the management and configuration comprises a mailbox client tool list and a browser list.
For this embodiment, in a specific application scenario, after the F & C is installed, a network management center needs to be logged in for management configuration. Since the mailbox login behavior is managed through the network management center, a mail client tool list or a browser list to be managed needs to be configured in the network management center in advance.
203. And extracting the process creation rule in the mailbox client tool list.
The process creation rule corresponds to a trigger rule of mailbox login operation, and the purpose of extracting the process creation rule is to detect whether the current operation is normal login trigger operation, further eliminate login operation triggered by automatic implementation behavior of a program, and only perform login verification on active operation behavior of a user.
204. If it is determined that there is a control operation matching the process creation rule, a remote control behavior is identified.
In a specific application scenario, in order to identify a remote control behavior, embodiment step 204 may specifically include: acquiring a browser plug-in and a browsing process corresponding to the remote control behavior; determining a uniform resource locator which is accessed by a current browser according to a browser plug-in and a browsing process; matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior; if the matching is unsuccessful, the remote control behavior is judged to be abnormal, and the login operation is terminated.
For this embodiment, in a specific application scenario, as shown in fig. 3, the attack discovery and risk control terminal may identify a uniform resource locator (url) that the current browser is accessing through browser plug-ins (chrome, firefox) and process hook (ie), determine on the key url logged in by the mailbox, confirm that the login behavior is normal active operation of the user, and if not, stop processing. Because there is no dotting operation, login is denied. If the user actively operates, the attack discovery and risk control terminal takes the MID of the remote login terminal as data, encrypts the data, sends the central control and stores the data for a certain time.
205. And if the remote control behavior is judged to be the active operation behavior, acquiring a machine unique identifier corresponding to the control operation.
For this embodiment, in a specific application scenario, if it is determined that the remote control behavior in the current login operation is the active operation behavior based on the attack discovery and risk control terminal, the attack discovery and risk control terminal extracts the machine unique identifier corresponding to the active operation behavior.
206. And encrypting and storing the unique machine identifier to a network management center in the attack discovery and risk control system to realize remote login and dotting.
For this embodiment, in a specific application scenario, after the attack discovery and risk control terminal extracts the unique machine identifier corresponding to the active operation behavior, the unique machine identifier is encrypted and stored in the network management center after encryption is completed.
207. And extracting the unique identification of the target machine in the remote login information.
For the embodiment, in a specific application scenario, the attack discovery and risk control server may be used to extract the MID list from the network management center, and determine the machine unique identifier in the MID list as the target machine unique identifier that needs to be detected by the trust terminal.
208. And matching the unique identifier of the target machine with the configuration template corresponding to the unique identifier of the machine.
The configuration template corresponds to the structural elements and the arrangement sequence of the unique machine identifier.
For this embodiment, in a specific application scenario, after extracting the unique identifier of the target machine, the attack discovery and risk control server decrypts the unique identifier of the target machine in advance, and after decryption is completed, matches each unique identifier of the target machine in the MID list with the configuration template corresponding to the unique identifier of the machine.
209. And if the matching is successful, judging that the unique identifier of the target machine passes the verification.
For this embodiment, if it is determined that the matching is successful, the mailbox log-in process may be controlled to be opened.
Correspondingly, when the matching fails, prompt information for forbidding login can be output.
The prompt information may include text prompt information, picture prompt information, audio prompt information, video prompt information, light prompt information, vibration prompt information, and the like. The information of forbidding login can be output in various forms of audio, video, text and the like.
By the mailbox login verification method, management control can be performed on mailbox login behaviors by configuring and installing an attack discovery and risk control system, control operations of active operation behaviors can be screened out through process creation rules, control operations belonging to program automatic implementation behaviors are directly eliminated, machine unique identifier verification is performed on the control operations belonging to the active operation behaviors, and mailbox login actions are controlled to be opened when verification passes. By using the method, only the terminal which executes the remote login dotting can log in the mailbox server, and all other illegal logins can be refused, so that the mailbox remote login protection capability is greatly improved even if a correct account is used, the mailbox login attack can be controlled fundamentally, the remote attack by a hacker is avoided, and the system safety of the enterprise user environment is ensured.
Further, as a specific embodiment of the method shown in fig. 1 and fig. 2, an embodiment of the present application provides an apparatus for verifying mailbox login, and as shown in fig. 4, the apparatus includes: configuration module 31, identification module 32, verification module 33, control module 34.
The configuration module 31 is configured to install an attack discovery and risk control system so as to manage and control mailbox login behaviors;
an identification module 32, configured to identify and record telnet information by using the attack discovery and risk control system;
the verification module 33 is used for verifying the remote login information in the attack discovery and risk control system;
and the control module 34 is used for controlling to open the mailbox login action if the verification is successful.
In a specific application scenario, in order to manage and control the login behavior, the module 31 is configured, specifically, to install an attack discovery and risk control system; and carrying out management configuration on a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list and a browser list.
Correspondingly, in order to identify and record the telnet information by using the attack discovery and risk control system, the identification module 32 is specifically configured to extract a process creation rule in the mailbox client tool list; if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior; if the remote control behavior is judged to be the active operation behavior, a machine unique identifier corresponding to the control operation is obtained; and encrypting and storing the unique machine identifier to a network management center in the attack discovery and risk control system to realize remote login and dotting.
In a specific application scenario, in order to identify a remote control behavior when it is determined that there is a control operation matching a process creation rule, the identification module 32 is specifically configured to obtain a browser plug-in and a browsing process corresponding to the remote control behavior; determining a uniform resource locator which is accessed by a current browser according to a browser plug-in and a browsing process; matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior; if the matching is unsuccessful, the remote control behavior is judged to be abnormal, and the login operation is terminated.
Correspondingly, in order to verify the telnet information, the verification module 33 is specifically configured to extract the unique identifier of the target machine from the telnet information; matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine; and if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification.
Correspondingly, in order to prompt the login terminal when the login operation is terminated, as shown in fig. 5, the apparatus further includes: and an output module 35.
And the output module 35 is configured to output a prompt message for prohibiting login.
It should be noted that other corresponding descriptions of the functional units involved in the apparatus for verifying mailbox login provided in this embodiment may refer to the corresponding descriptions in fig. 1 to fig. 2, and are not repeated herein.
Based on the methods shown in fig. 1 and fig. 2, correspondingly, the embodiment of the present application further provides a storage medium, on which a computer program is stored, and the program, when executed by a processor, implements the method for verifying mailbox login shown in fig. 1 and fig. 2.
Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method of the embodiments of the present application.
Based on the foregoing methods shown in fig. 1 and fig. 2 and the virtual device embodiments shown in fig. 4 and fig. 5, to achieve the foregoing object, an embodiment of the present application further provides a computer device, which may specifically be a personal computer, a server, a network device, and the like, where the entity device includes a storage medium and a processor; a storage medium for storing a computer program; a processor for executing a computer program to implement the above-described method for mailbox login verification as shown in fig. 1 and 2.
Optionally, the computer device may also include a user interface, a network interface, a camera, Radio Frequency (RF) circuitry, sensors, audio circuitry, a WI-FI module, and so forth. The user interface may include a Display screen (Display), an input unit such as a keypad (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., a bluetooth interface, WI-FI interface), etc.
It will be understood by those skilled in the art that the computer device structure provided in the present embodiment is not limited to the physical device, and may include more or less components, or combine certain components, or arrange different components.
The nonvolatile readable storage medium can also comprise an operating system and a network communication module. The operating system is a program of hardware and software resources of the entity device for mailbox login verification, and supports the running of an information processing program and other software and/or programs. The network communication module is used for realizing communication among components in the nonvolatile readable storage medium and communication with other hardware and software in the entity device.
Through the description of the above embodiments, those skilled in the art will clearly understand that the present application can be implemented by software plus a necessary general hardware platform, and can also be implemented by hardware. By applying the technical scheme, compared with the prior art, the mailbox login behavior can be managed and controlled by configuring an installation attack discovery and risk control system, the control operation of the active operation behavior can be screened out through the process creation rule, the control operation belonging to the program automatic implementation behavior is directly rejected, the machine unique identifier matching is carried out on the control operation belonging to the active operation behavior, whether the login terminal belongs to authorized login is determined, and then the mailbox login action is controlled to be opened. By using the method, only the set specific credit granting terminal or browser is allowed to log in the mailbox server, and all other illegal logins are rejected, so that the attack cannot be successfully initiated on the common IP even if the correct account password is used, thereby greatly improving the protection capability of mailbox remote login, fundamentally controlling the mailbox login attack, avoiding the remote attack by hackers and ensuring the system security of the enterprise user environment.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present application. Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into multiple sub-modules.
The above application serial numbers are for description purposes only and do not represent the superiority or inferiority of the implementation scenarios. The above disclosure is only a few specific implementation scenarios of the present application, but the present application is not limited thereto, and any variations that can be considered by those skilled in the art are intended to fall within the scope of the present application.
Claims (8)
1. A method for mailbox login verification, comprising:
configuring an installation attack discovery and risk control system so as to manage and control mailbox login behaviors;
the method for identifying and recording the remote login information by utilizing the attack discovery and risk control system comprises the following steps: extracting a process creation rule in the mailbox client tool list; if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior; if the remote control behavior is judged to be the active operation behavior, a machine unique identifier corresponding to the control operation is obtained; the unique machine identifier is used as remote login information to be encrypted and stored in a network management center in the attack discovery and risk control system, and remote login dotting is achieved;
verifying the telnet information in the attack discovery and risk control system, comprising: decrypting the encrypted remote login information and extracting a target machine unique identifier in the remote login information; matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine; if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification;
if the verification is successful, controlling to open a mailbox login process;
wherein, if it is determined that there is a control operation matching the process creation rule, identifying a remote control behavior, specifically comprising:
acquiring a browser plug-in and a browsing process corresponding to the remote control behavior;
determining a uniform resource locator which is accessed by the current browser according to the browser plug-in and the browsing process;
matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior;
and if the matching is unsuccessful, judging that the remote control behavior is abnormal, and terminating the login operation.
2. The method according to claim 1, wherein the configuring of the attack discovery and risk control system for installation to manage and control login behavior comprises:
installing an attack discovery and risk control system;
and managing and configuring a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list and a browser list.
3. The method according to claim 1, wherein when terminating the login operation, further comprising:
and outputting prompt information for forbidding login.
4. An apparatus for mailbox login verification, comprising:
the configuration module is used for configuring and installing an attack discovery and risk control system so as to manage and control the mailbox login behavior;
the identification module is used for identifying and recording the remote login information by using the attack discovery and risk control system and comprises: extracting a process creation rule in the mailbox client tool list; if the control operation matched with the process creation rule is determined to exist, identifying a remote control behavior; if the remote control behavior is judged to be the active operation behavior, a machine unique identifier corresponding to the control operation is obtained; the unique machine identifier is used as remote login information to be encrypted and stored in a network management center in the attack discovery and risk control system, and remote login dotting is achieved;
the verification module is used for verifying the remote login information in the attack discovery and risk control system and comprises: decrypting the encrypted remote login information and extracting a target machine unique identifier in the remote login information; matching the unique identifier of the target machine with a configuration template corresponding to the unique identifier of the machine; if the matching is determined to be successful, judging that the unique identifier of the target machine passes the verification;
the control module is used for controlling to open a mailbox login process if the verification is successful;
the identification module is specifically used for acquiring a browser plug-in and a browsing process corresponding to the remote control behavior; determining a uniform resource locator which is accessed by the current browser according to the browser plug-in and the browsing process; matching the uniform resource locator with a key uniform resource locator for mailbox login, and if the matching is determined to be successful, judging that the remote control behavior is an active operation behavior; and if the matching is unsuccessful, judging that the remote control behavior is abnormal, and terminating the login operation.
5. The apparatus according to claim 4, wherein the configuration module is specifically configured to install an attack discovery and risk control system; and carrying out management configuration on a network management center in the attack discovery and risk control system, wherein the management configuration comprises a mailbox client tool list and a browser list.
6. The apparatus of claim 4, further comprising: an output module;
and the output module is used for outputting the prompt information of forbidding login.
7. A non-transitory readable storage medium having stored thereon a computer program, wherein the program, when executed by a processor, implements the method of mailbox login verification as claimed in any one of claims 1 to 3.
8. A computer device comprising a non-transitory readable storage medium, a processor, and a computer program stored on the non-transitory readable storage medium and executable on the processor, wherein the processor when executing the program implements the method for mailbox login verification as claimed in any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755465.0A CN112398787B (en) | 2019-08-15 | 2019-08-15 | Mailbox login verification method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755465.0A CN112398787B (en) | 2019-08-15 | 2019-08-15 | Mailbox login verification method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112398787A CN112398787A (en) | 2021-02-23 |
| CN112398787B true CN112398787B (en) | 2022-09-30 |
Family
ID=74601765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910755465.0A Active CN112398787B (en) | 2019-08-15 | 2019-08-15 | Mailbox login verification method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112398787B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070644B (en) * | 2021-11-26 | 2024-04-02 | 天翼数字生活科技有限公司 | Junk mail interception method and device, electronic equipment and storage medium |
| CN114666299B (en) * | 2022-04-18 | 2023-03-21 | 北京航天驭星科技有限公司 | Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105593866A (en) * | 2013-10-03 | 2016-05-18 | 日本电气方案创新株式会社 | Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium |
| CN109829307A (en) * | 2018-06-26 | 2019-05-31 | 360企业安全技术(珠海)有限公司 | Process behavior recognition methods and device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8413210B2 (en) * | 2008-12-09 | 2013-04-02 | Microsoft Corporation | Credential sharing between multiple client applications |
| CN105262774A (en) * | 2015-11-11 | 2016-01-20 | 浪潮(北京)电子信息产业有限公司 | Remote login method |
| CN106856448B (en) * | 2016-12-01 | 2018-09-21 | 深圳市小满科技有限公司 | Mailbox configuration method, configuration system based on high in the clouds and cloud server |
| CN109474510B (en) * | 2017-12-25 | 2021-05-25 | 北京安天网络安全技术有限公司 | Mailbox safety cross audit method, system and storage medium |
| CN108989182A (en) * | 2018-06-22 | 2018-12-11 | 广州市风驰商汇信息科技有限公司 | A kind of E-mail address is established and memory space management |
-
2019
- 2019-08-15 CN CN201910755465.0A patent/CN112398787B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105593866A (en) * | 2013-10-03 | 2016-05-18 | 日本电气方案创新株式会社 | Terminal authentication and registration system, method for authenticating and registering terminal, and storage medium |
| CN109829307A (en) * | 2018-06-26 | 2019-05-31 | 360企业安全技术(珠海)有限公司 | Process behavior recognition methods and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112398787A (en) | 2021-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11019048B2 (en) | Password state machine for accessing protected resources | |
| US11223480B2 (en) | Detecting compromised cloud-identity access information | |
| US9866567B2 (en) | Systems and methods for detecting and reacting to malicious activity in computer networks | |
| US10057282B2 (en) | Detecting and reacting to malicious activity in decrypted application data | |
| US10666642B2 (en) | System and method for service assisted mobile pairing of password-less computer login | |
| Bugiel et al. | AmazonIA: when elasticity snaps back | |
| US10038690B2 (en) | Multifactor authentication processing using two or more devices | |
| US10103948B1 (en) | Computing devices for sending and receiving configuration information | |
| US11838421B2 (en) | Systems and methods for enhanced mobile device authentication | |
| US10579830B1 (en) | Just-in-time and secure activation of software | |
| WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| CN112398787B (en) | Mailbox login verification method and device, computer equipment and storage medium | |
| KR101975041B1 (en) | Security broker system and method for securing file stored in external storage device | |
| US20200244646A1 (en) | Remote access computer security | |
| Kuchhal et al. | Evaluating the Security Posture of Real-World FIDO2 Deployments | |
| Sotirios | Windows Active Directory Security Audit | |
| KR101420383B1 (en) | Method for managing secure access of mobile application | |
| Francisca et al. | A Novel System Hardening Technique Against Malicious Penetration Attempts. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |