JP4220680B2 - Communication management method - Google Patents

Description

[0001]
[Industrial technical field]
The present invention relates to a system for preventing outflow or leakage of information from the company.
[0002]
[Prior art]
In a company or organization, computers (client machines) and servers are connected to each other via a network such as a LAN, and data sharing and mail communication between users are performed. Further, due to the remarkable spread of the Internet, in-house machines and external servers are often connected via routers and the Internet.
[0003]
When mutual internal data communication and data communication between the outside and the inside become possible in this way, it is important to prevent intrusion from the outside and to prevent data leakage and leakage from the inside.
For example, an intrusion from the outside via the Internet can be prevented to some extent by providing a firewall. Therefore, in a computer system built in a company or organization, a firewall that demarcates a global IP area (external) and a local IP area (internal) is provided at the boundary with the outside.
[0004]
[Problems to be solved by the invention]
However, a firewall cannot prevent leakage or outflow from the inside. Actually, illegal access has more outflows from the inside than from outside. In addition to deliberately taking out data, inadvertent email transmission can often occur. Furthermore, when an employee or the like connects his / her own machine to an internal network such as a LAN, there is a possibility that the entire internal client machine is infected by a virus infected by the machine.
An object of the present invention is to provide a system for preventing data leakage or leakage from the inside.
[0005]
[Means for Solving the Problems]
An object of the present invention is a management method for managing communication between machines and from the machine to the outside in a system in which the outside is defined by a router and a plurality of machines are connected via a local network. Acquiring a signal transmitted on the network, identifying a transmission source and a transmission destination of the acquired signal, determining whether there is an access right to the transmission destination from the transmission source, If there is no access right, request the disconnection of communication to the transmission source machine and the transmission destination machine, and inform the system administrator that access without the access right has occurred to the system administrator. And / or creating a warning report to be communicated over the network to the source It is accomplished by the management method comprising and.
[0006]
According to the present invention, in a system in which a plurality of machines are connected via a local network, a signal (packet) transmitted on the network is acquired, and a transmission destination and a transmission source are specified based on the packet. , The presence or absence of access rights. If the access right does not exist, for example, both the transmission destination and the transmission source are requested to disconnect the communication. Therefore, it is possible to prevent unauthorized access due to intention or carelessness, or to notify the transmission source or the administrator of this.
[0007]
In a preferred embodiment of the present invention, the IP address and port number relating to the transmission source machine, the IP address and port number relating to the transmission destination machine, and the action to be performed when the transmission source accesses the transmission destination. Storing a set of data in the database, and determining whether to have access rights by searching the database to determine the necessary action by identifying the action on the sending machine It is configured.
According to this embodiment, it is possible to flexibly cope with a change in access right by changing or adding a data set.
[0008]
In another embodiment of the present invention, in a system in which the outside is defined by a router and a plurality of machines are connected via a local network, management for managing communication between machines and from the machine to the outside. The method comprises: registering a MAC address of a machine connected to the network; obtaining a signal sent on the network; identifying a source and destination of the acquired signal; Determining whether or not the MAC address of the transmission source is registered; and when the MAC address is not registered, requesting the disconnection of communication to the transmission source machine and the transmission destination machine, A report that should be communicated to the system administrator, indicating that the machine has been accessed by an unregistered machine. Create a and / or, and a step of creating an alert report to be transmitted via the network to the sender.
According to this embodiment, a machine that can be connected to a local network is registered in advance, and only the registered machine (official machine) can permit access via the network.
[0009]
In still another embodiment of the present invention, in a system in which a router is defined between the outside and a plurality of machines are connected via a local network, communication between machines and from the machine to the outside is managed. The management method includes a step of acquiring a signal sent over the network, a step of determining that the acquired signal is mail transmission, a step of determining whether mail transmission is permitted, If the transmission is not allowed, request the mail server to stop sending the mail, create a report that should be communicated to the system administrator indicating that the unauthorized mail transmission has occurred, and And / or generating a warning report to be transmitted to the transmission source via the network. As a result, it is possible to prevent unacceptable mail transmission, or to notify the administrator and the transmission source of the mail even if the mail has already been transmitted.
[0010]
In a more preferred embodiment, the step of determining whether or not mail transmission is permitted is performed by scanning the signal for a prohibited transmission destination, presence of an attached file, and / or a character string. Judge that the prohibited items are not included.
[0011]
In another embodiment, in a system in which a router is defined between the outside and a plurality of machines are connected via a local network, a management method for managing communication between machines and from the machines is provided. The step of acquiring a signal sent over the network, the step of specifying the transmission source and destination of the acquired signal, and analyzing the signal, whether the character string based on the signal includes prohibited items If a character string based on a signal and a signal is included, the transmission source machine and the transmission destination machine are requested to disconnect communication, and the system administrator has no access right Create a report that should be communicated to the system administrator indicating that access has occurred and / or a warning to be communicated to the source over the network. And a step to create a report.
[0012]
In still another embodiment of the present invention, in a system in which a router is defined between the outside and a plurality of machines are connected via a local network, communication between machines and from the machine to the outside is managed. The management method includes the steps of installing an agent program that accumulates at least a key input by a user in a predetermined period on each machine, and receiving information indicating the accumulated key input by the agent program at a predetermined timing. A report to be transmitted to the system administrator and / or to the transmission source when the prohibited character string is included in the character string by the key input as a result of the analysis. Creating a warning report to be communicated over the network. In encrypted mail transmission, it is not easy to determine whether or not a problematic character string is included in a transmitted sentence from a packet transmitted to the network. Therefore, in this embodiment, the key input is accumulated, and the accumulated key input is analyzed to determine whether or not there is a problematic character string. Is notified. Thereby, although it is not possible to prevent the mail transmission itself, it is possible to know that there is a possibility that an illegal mail transmission has occurred.
[0013]
The system has segments defined by one or more routers, in which one or more machines are located, and in each segment, based on the signals sent over the network, the steps include May be executed.
[0014]
It is another object of the present invention to monitor communication between machines and from the machine to the outside in a system in which a router is defined between the outside and a plurality of machines are connected via a local network. A device for acquiring a signal transmitted on the network, a communication machine specifying unit for specifying a transmission source and a transmission destination of the acquired signal, and an access right to the transmission destination from the transmission source Access right judging means for judging the presence or absence of access, and when there is no access right, the transmission source machine and the destination machine are requested to disconnect communication, and the system administrator has no access right without access right. Create a report to indicate to the system administrator that should have occurred and / or alert level to be communicated to the source over the network Also achieved by a communication monitoring apparatus characterized by comprising a treatment means for creating over bets.
[0015]
In another embodiment, the communication monitoring apparatus includes a machine registration unit that registers a MAC address of a machine connected to the network, a signal acquisition unit that acquires a signal transmitted on the network, a transmission source of the acquired signal, and A communication machine specifying means for specifying a transmission destination, an official machine determining means for determining whether or not the MAC address of the transmission source has already been registered, and the transmission source machine and the transmission when the MAC address is not registered. Create a report to be communicated to the system administrator that requests disconnection from the destination machine and indicates that access by a machine not registered with the system administrator has occurred, and / or the source And a treatment means for generating a warning report to be transmitted through the network.
[0016]
In another embodiment, the communication management device includes a signal acquisition unit that acquires a signal transmitted on the network, a communication machine specification unit that specifies a transmission source and a transmission destination of the acquired signal, and the signal The signal analysis means for determining whether or not the character string based on the signal is prohibited from transmission, and when the character string is prohibited from transmission, Create a report that should be communicated to the system administrator, requesting that the machine and the destination machine be disconnected, and indicating that an access without access rights to the system administrator has occurred; and / or And a means for generating a warning report to be transmitted to the transmission source via the network.
[0017]
In yet another embodiment, the communication monitoring device is a signal acquisition means for acquiring a signal sent out on the network, and that the acquired signal is permitted to be transmitted by judging that the acquired signal is a mail transmission. The mail transmission specifying means for determining whether or not the mail transmission is not permitted, and when the mail transmission is not permitted, the mail server is requested to cancel the mail transmission, and the unacceptable mail transmission has occurred. And a means for generating a report to be transmitted to the system administrator and / or a warning report to be transmitted to the transmission source via the network.
[0018]
The communication monitoring device may be a segment defined in the router, and may be disposed in each of the one or more segments in which one or more machines are disposed in the segment. In this case, it is desirable that each communication monitoring device has a database that stores unique information related to communication restrictions between machines in the segment and common information related to communication restrictions between segments and to the outside.
[0019]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. FIG. 1 is a block diagram showing an entire system according to an embodiment of the present invention. In this embodiment, the present invention is applied in order to prevent information leakage from the inside of a system in a certain company or organization (in-house system).
As shown in FIG. 1, this in-house system has a plurality of segments 12-1, 12-2,. In each segment (for example, segment 12-1), a router 14, client machines 16-1, 16-2,..., A server 18 and the like are provided. The client machine and the server are connected to each other via a LAN 20 in the segment. In addition, data communication with other segments and the outside is also possible via a router connected to the LAN 20.
[0020]
Each segment 12 is provided with a segment controller 22 that monitors the communication status in the segment and executes processing such as termination of data communication (disconnection between machines) when necessary. The segment controller 22 mainly monitors data (packets) transmitted on the LAN 20 in the installed segment 12. The segments 12-1, 12-2,... Are connected via the LAN 21 and can perform data communication with each other.
[0021]
In addition, in a certain segment 12-n, in addition to the client machine 16-m, the segment controller 22-n, the entire system to be monitored, such as an in-house system or other in-house system (not shown), is centrally located. A monitoring console 24 for controlling data transmission / reception with the monitoring center to be monitored and a router 26 arranged at the boundary with an external network (for example, the Internet) are provided.
[0022]
FIG. 2 is a block diagram showing the configuration of the segment controller 22. As shown in FIG. 2, the segment controller 22 takes in signals (packets) on the LAN 20 and monitors the signals, and based on the signals taken in by the communication monitor 32, between the client machines, client machines An access right management unit 34 that determines whether there is an access right between the server and the server, an access right database (DB) 36 that stores various information related to the access right, and the machine that sent the signal to the LAN 20 A machine identification unit 38 that performs transmission, a character string / address identification unit 40 that identifies a destination address and a character string included in the signal based on a signal transmitted on the LAN 20, and a transmission destination and communication whose transmission should be restricted The transmission restriction information DB 42 in which the character string in the sentence is stored, and the agent program in the client machine to be described later A key input receiving unit 44 for receiving data indicating key input by the user to the client machine, a key input DB 46 storing key input by the user, a key input analyzing unit 48 for analyzing the key input, and when necessary In addition, a communication disconnection processing unit 50 that requests communication disconnection between machines to be accessed, a warning soil processing unit 52 that executes processing for notifying an administrator or the like of unauthorized access, and an access log And an access log DB 54 to be stored.
[0023]
In the present embodiment, the following monitoring is realized using the segment controller configured as described above.
(1) Access restriction setting, access prohibition without access right, notification
(2) Informal PC (unregistered PC) connection prohibition on the network
(3) Block unnecessary email transmission
(4) Key input monitoring and analysis
These will be explained below.
[0024]
(1) Access restriction settings, etc.
3 and 4 are flowcharts showing a processing procedure related to access restriction according to the present embodiment. Here, a case where a certain client machine 16 accesses the server 18 in the same segment 12 will be described. However, the present invention is not limited to this. Access between client machines and each machine outside the segment are also described. The same processing is executed for the access.
[0025]
As shown in FIG. 3, an access request is sent from the client machine 16 (in this case, the client machine “a” 16-1) to the server 18 (in this case, the server “A” 18-1) via the LAN 20. When transmitted (step 301), the communication monitoring unit 32 of the segment controller 22 acquires this access request sent on the LAN 20 (step 301-b), and specifies the access source and access destination machines (step 301-b). Step 302). Next, the access right management unit 34 refers to the access right DB 36 to determine whether or not there is an access right from the access source to the access destination (step 303). If there is an access right, the segment controller 22 creates an access log including the access from the access source to the access destination and the date and time thereof, and stores this in the access log DB 54 (step 304). .
In this case, the server “A” 18-1 that is the access destination executes processing in response to the access (step 305), and returns a response including necessary data to the client machine “a” 16-1. (Step 306).
[0026]
On the other hand, the case where there is no access right will be described with reference to FIG. Here, a case where the client machine 16 (client machine “a” 16-1) makes an access request to the server 18 (in this case, the server “B” 18-2) without access authority will be described.
[0027]
In FIG. 4, steps 401 to 403 are the same as steps 301 to 303 in FIG. When it is determined that there is no access right (see step 403), the communication disconnection processing unit 50 of the segment controller 22 performs the access source machine (client machine “a” 16-1) and the access destination machine (server “ B "18-2), a communication disconnection request is transmitted (steps 404 and 405). The communication disconnection request is preferably interpreted as a disconnection request from the access source for the access destination machine and as a disconnection request from the access destination for the access source machine.
[0028]
As a result, communication disconnection processing is executed in the client machine “a” 16-1 and the server “B” 18-2 (steps 407 and 408). This prevents access from machines without access rights. Next, the access log is stored in the access log DB 54 (step 408). In addition, a warning report indicating that access from a machine without access right or a warning report indicating that access to a machine without access right is not permitted is issued by the warning notification processing unit 52 as necessary. Created and sent (step 409). For example, the notification report may be transmitted to the monitoring console 24. The warning report is sent to a machine that has requested access to an access destination without access right.
[0029]
FIG. 5 is a diagram showing an example of data stored in the access right DB 36 in the present embodiment. As shown in FIG. 5, in the access right DB 36, access right information 500 defining access rights related to the machines in the segment 12, and in-system access right information 510 defining access rights in the system including inside and outside the segment, Is provided. The intra-segment access information 500 is unique to each segment 12 and is held by each segment controller 22 arranged in each segment. On the other hand, the in-system access right information 510 is commonly held by all the segment controllers 22.
[0030]
For example, the intra-segment access right information 500 includes source machine information (see reference numeral 501) consisting of the IP address and port number of the source machine (access source), and addressing consisting of the IP address and port number of the destination machine (access destination). It includes a data set including destination machine information (see reference numeral 502) and restriction information (see reference numeral 503) indicating the contents of access restriction from the source machine to the destination machine. The access restriction includes, for example, disconnection of communication, notification to an administrator or an access source user, and / or log recording. The access right DB 36 accommodates a necessary combination of data sets. This can be updated by the access right management unit 34 as necessary.
[0031]
The intra-system access right information 510 also includes information having the same configuration as the data set of the intra-segment access information 500. Therefore, by referring to this, it is possible to determine whether or not there is an access right related to access outside the segment, for example, access outside the system via the Internet.
[0032]
In the process of determining whether or not there is an access right (step 303 in FIG. 3 and step 403 in FIG. 4), the access right management unit 34 searches the access right DB 36 and sends the destination for the source machine (access source). You just need to identify what the machine and access restrictions are like.
[0033]
In this way, in this embodiment, the segment controller monitors signals passing over the LAN in the segment for access within the segment, access between segments, and access outside the system, and if necessary, Performs processing such as disconnection of communication according to the access restriction. Therefore, unauthorized access can be prevented.
[0034]
(2) Access prohibition of unofficial PC
Further, in the present embodiment, access to other machines by machines other than previously registered machines can be prohibited. For example, a user may bring a personal machine and connect to the LAN 20. In such a case, if an individual machine is infected with a virus or some trouble occurs, there is a possibility that other machines may also fail due to access by the individual machine. In addition, there is a possibility that information that should be kept secret, such as confidential information, may be taken out by downloading information to a personal machine. In the present embodiment, such access is restricted to appropriately prevent troubles and information from being taken out to other machines.
[0035]
For this purpose, for example, the segment controller 22 preferably stores the MAC addresses of the client machines 16 and the servers 18 arranged in the segment 12 and connected to the LAN 20 in the access right DB 36. FIG. 6 is a flowchart showing processing executed when accessing by a client machine (unofficial client machine) not registered in advance.
As shown in FIG. 6, when an access request is transmitted from an unofficial client machine to, for example, a certain server 18 (in this case, server “A” 18-1) via the LAN 20 (step 601), The communication management unit 32 of the segment controller 22 acquires this access request transmitted on the LAN 20 (step 601-b).
[0036]
Next, the machine specifying unit 38 specifies the MAC address of the access source, searches the access right DB 36, and determines whether the MAC address is registered, that is, whether the access source is an official machine. (Step 602). If the MAC address is registered (Yes in step 602), processing substantially similar to step 304 in FIG. 3 is executed. On the other hand, if NO is determined in step 602, a communication disconnection request is transmitted to both the unofficial client machine that is the access source and the access destination machine (server “A” 18-1). (Steps 603 and 604). Accordingly, the communication disconnection process is executed in the unofficial client machine and the server “B” 18-2 (steps 605 and 606). This prevents access from unofficial machines.
[0037]
Next, the access log is stored in the access log DB 54 (step 607). In addition, a warning report indicating that access from the informal machine or a warning report indicating that access to the informal machine is not permitted is created by the warning notification processing unit 52 as necessary. It is transmitted (step 608).
[0038]
(3) Block unnecessary email transmission
Furthermore, in the present embodiment, processing for preventing unauthorized mail transmission can be executed. This is realized by monitoring mail sent on the LAN. FIG. 7 is a flowchart showing the mail transmission blocking process. As shown in FIG. 7, when a mail (mail packet) is transmitted from a certain client machine (in this case, client machine “a” 16-1), the communication management unit 32 of the segment controller 22 (Step 701-b), and the character string / address specifying unit 40 determines whether or not the mail should be transmitted to the destination via the mail server (step 701-b). 702).
[0039]
FIG. 8 is a flowchart showing the mail transmission permission determination process in step 702 in the present embodiment. As shown in FIG. 8, the character string / address specifying unit 40 of the segment controller 22 first specifies a mail transmission source and transmission destination (step 801). In the present embodiment, the transmission restriction information DB 42 stores information related to transmission destination restrictions, information indicating whether or not to send an attached file, and the like. For example, the restriction on the mail transmission destination and the approval / rejection of the attached file may be set for each machine, and the information may be stored. For example, this makes it possible to prohibit mail transmissions other than destinations registered in advance for each machine or prohibit mail transmissions to a predetermined transmission destination.
Alternatively, an e-mail transmission destination that is not permitted to be collectively transmitted may be set, or an attachment may not be permitted.
[0040]
Furthermore, in the present embodiment, it is possible to detect an unrecognized character string by scanning a mail transmission sentence. When the transmission source machine is specified, the character string / address specifying unit 40 determines whether or not the transmission destination of the mail is permitted (step 802), whether or not there is an attached file (step 803), and prohibited. It is determined whether or not the character string is included in the transmitted text (step 804). If these conditions are met (No in all steps), mail transmission is permitted (in step 702). Yes). If the mail transmission is permitted, the processing after step 304 in FIG. 3 is executed.
[0041]
On the other hand, if it is determined as Yes in any of Steps 802 to 804, it is determined that transmission should not be permitted (No in Step 702), and as a result, a mail non-transmission request is created. This is transmitted to the mail server (step 703). As a result, the mail server stops the mail transmission (step 704).
[0042]
In addition, an access log is stored in the access log DB 54 (step 705), and a notification report indicating that a mail has been transmitted to a transmission destination that is not permitted to transmit, and a warning report for a transmission source machine, The warning notification processing unit 52 creates the information and transmits it to the administrator and the transmission source machine (step 706).
For example, in the case of a short transmission sentence, there is a possibility that it has already been transmitted to the transmission destination via the mail server. Therefore, it is desirable here to create a notification report and notify the administrator.
[0043]
(4) Key input monitoring and analysis
As described above, in this embodiment, the character string included in the mail transmission sentence is scanned to determine whether or not the prohibited character string is included. However, when the mail body is encrypted and transmitted, it is difficult to decrypt this and prevent troublesome mail transmission. Therefore, in this embodiment, an agent program is installed in each client machine 16 in advance, and the agent program accumulates user keystrokes. The accumulated keystroke data is analyzed by the segment controller 22 to check whether there is a problematic input. This makes it possible to know whether or not there has been leakage of information that should be kept secret, although it is a posteriori.
[0044]
FIG. 9 is a flowchart showing keystroke analysis processing according to the present embodiment. The agent program of the client machine 16 accumulates the user keystroke (step 901). The keystroke information accumulated only for a predetermined period (for example, one day) is transmitted to the segment controller 22 in the segment 12 in which the client machine 16 is arranged at a predetermined timing (step 902).
[0045]
When the segment controller 22 receives the key stroke information, the key input receiving unit 44 stores it in the key input DB 46 in association with the user (step 403). Next, the key input analysis unit 48 reads the key stroke information in the key input DB 46 and analyzes it (step 904). In this analysis, for example, it is determined whether or not a prohibited character string is included from the pressed key combination (step 905). If any problem occurs as a result of the analysis based on the keystroke (Yes in Step 905), a notification report is created and transmitted to the administrator of the monitoring console 24 (Step 906). This notification report only needs to describe the client machine name, user name, and problems that may have occurred as a result of the analysis. Thereby, it is possible to know a problematic key input by the user of the client machine later.
[0046]
In the monitoring console 24 according to the present embodiment, a notification report or the like from the segment controller 22 is received and can be displayed on the screen of the display device. FIG. 10 is a diagram illustrating an example of an image displayed on the screen of the display device of the monitoring console 24. As shown in FIG. 10A, on the screen of the display device of the monitoring console 24, the machines in the system (client machine 16, server 18, etc.) and the connection form of the LAN are displayed. In FIG. 10A, for example, a reference numeral 1002 represents a machine, and a reference numeral 1003 represents a LAN. Here, the problem described in (1) to (4) on the machines in a segment by the segment controller 22 (access to a machine without access right, access by an unofficial machine, prohibited mail transmission, key When a notification report is given to the monitoring console 24, the machine in which the problem has occurred is displayed separately from other machines, for example, blinking. Reference numeral 1004).
[0047]
An operator (administrator) of the monitoring console 24 operates an input device such as a mouse to designate a machine in which the problem in the image of FIG. 10A occurs, as shown in FIG. In addition, an image generated from information included in the notification report can be displayed on the screen of the display device. This image includes, for example, the machine name, the user name, the date and time when the problem occurred, its type and content, and the action for the problem. Thereby, the administrator can grasp in real time which machine in the system has a problem.
[0048]
Further, by operating the input device to designate a machine and inputting a log display command, the log of the machine can be displayed. This log may be sent as needed from the segment controller in the segment where the machine is located. Alternatively, the segment controller may transmit the log of the machine in the segment to the monitoring console at a predetermined timing, and the monitoring console may store the log in the DB and read the DB as necessary. good.
[0049]
Furthermore, the monitoring console 24 can also send necessary reports (for example, monthly reports) to the monitoring center via the external network. Also, if it is particularly necessary (for example, not only to detect problematic access but also to take some special measures), send a report on the problematic access to the monitoring center to take action. It is also possible to ask.
[0050]
The present invention is not limited to the above embodiments, and various modifications can be made within the scope of the invention described in the claims, and these are also included in the scope of the present invention. Needless to say.
For example, in the above-described embodiment, the system is divided into a plurality of segments, and a segment controller is arranged for each segment. Basically, the segment controller monitors and takes necessary actions regarding the access of the machines in the segment. However, the present invention is not limited to this, and the system may be composed of a single segment, and a single segment controller may monitor the machine or the like. In this case, it is desirable to integrally form the segment controller and the monitoring console.
[0051]
Further, in the above-described embodiment, the process of disconnecting communication and creating a notification report is executed for some problematic access (access without access right, access by an unofficial machine, problematic mail transmission). It is not limited to this. For these measures, necessary measures may be set for each machine and for each IP address, and necessary processing may be executed in accordance with the set conditions.
[0052]
Further, in the embodiment, the character string / address specifying unit 40 analyzes a signal related to mail transmission and determines whether or not a prohibited character string is included in the character string specified by the signal. Although it is judged, it is not limited to this. For example, a configuration may be adopted in which packets transmitted on the LAN are acquired and it is determined whether or not prohibited characters are included in these packets. That is, for all operations such as WEB browsing, FTP file transfer, and TELNET, it is possible to monitor the operation and the character string therefor to prevent prohibited operations and transmission of the character string.
In the present specification, the function of one means may be realized by two or more physical means, or the function of two or more means may be realized by one physical means.
[0053]
【The invention's effect】
According to the present invention, it is possible to provide a system for preventing the outflow and leakage of data from the inside.
[Brief description of the drawings]
FIG. 1 is a block diagram showing an entire system according to an embodiment of the present invention.
FIG. 2 is a block diagram showing a configuration of a segment controller according to the present embodiment.
FIG. 3 is a flowchart of a process procedure related to access restriction according to the present embodiment.
FIG. 4 is a flowchart of a process procedure related to access restriction according to the present embodiment.
FIG. 5 is a diagram illustrating an example of data stored in an access right DB according to the present embodiment.
FIG. 6 is a flowchart showing a process executed when accessing by an unofficial client machine in the present embodiment.
FIG. 7 is a flowchart showing a mail transmission blocking process according to the present embodiment.
FIG. 8 is a flowchart showing mail transmission permission determination processing in the present embodiment.
FIG. 9 is a flowchart showing keystroke analysis processing according to the present embodiment.
FIG. 10 is a diagram illustrating an example of an image displayed on the screen of the display device of the monitoring console according to the present embodiment.
[Explanation of symbols]
12 segments
14 routers
16 Client machine
18 servers
20 LAN
22 segment controller
24 Monitoring console
32 Communication Manager
34 Access Rights Management Department
36 Access Rights DB
38 Machine specific part
40 Character string / address identification part
42 Transmission restriction information DB
44 Key input receiving part
46 Key input DB
48 Key input analyzer
50 Communication disconnection processing unit
52 Warning communication processor

Claims (1)

This is a management method for managing communication between machines and from the machine to the outside in a system in which the outside is defined by a router, a plurality of machines are connected via a local network, and a segment controller is arranged. And
Installing in each machine an agent program that accumulates at least keystrokes by users of each machine over a predetermined period;
Storing the user's key input by the agent program for a predetermined period;
Transmitting the stored key input information to the segment controller at a predetermined timing by the agent program ;
The segment controller accepting the accumulated key input and storing the information in association with the user;
The segment controller reading the stored information and analyzing it;
A step of determining whether or not a prohibited character string is included in a character string by a combination of key inputs as a result of the analysis by the segment controller ;
When the segment controller includes a prohibited character string in the character string by the key input combination, a report to be transmitted to the system administrator is generated and / or transmitted to the transmission source via the network. Creating a warning report to do ,
A management method characterized by comprising:

Images