CN101160876B - Network security control method and system - Google Patents

Abstract

The present invention is suitable for the network safety field, provides a method for controlling the network safety and the system. In the invention the local safety information which is collected and reported by the receiving terminal equipment of the server end at the network side does analyzing to the received a plurality of safety information and confirms the safety strategy according to theanalyzing result. As the safety linkage between the network side and the terminal side is realized and the safety strategy is established according to the information from the terminal equipment, thesafety intimidation from the terminal equipment can be antagonized at the source. The invention also can consider more information sources in confirming the safety strategy and leads to the confirmedsafety strategy more reasonable and accurate. On the strength of this the differentiated safety service are further provided aiming at the terminal equipment with different user grades. Besides, the invention also provides a method for preventing the junk mails basing on the thought of linkage between the terminal and the server and the system.

Description

A kind of network safety control method and system

Technical field

The present invention relates to network security technology, relate in particular to the method for controlling security and the system of radio data network.

Background technology

Application along with wireless data network, increasing people brings into use the service of mobile terminal device enjoy network, existing 3GPP (3rd Generation Partnership Project, 3G (Third Generation) Moblie standardization body), WLAN (Wireless Local Area Network, WLAN (wireless local area network)), WiMAX (Worldwide Interoperability Microwave Access, micro-wave access to global intercommunication) security mechanism in can be access authentication of user, professional transmission security provides safeguard, but because application service provider and IP (Internet Protocol, Internet protocol) opening of network itself and security breaches, cause security threat from application (as virus, assault, user profile is usurped etc.) emerge in an endless stream, the security mechanism in the existing wireless data network is difficult to deal with these security threats.

Existing network security mechanism adopts safe auxiliary equipment such as fire compartment wall, system for monitoring intrusion, threats such as assault, poisoning intrusion are carried out security response by the mode of network traffics filtration, application protocol analysis or security incident early warning, thereby reach the purpose of network being carried out security protection.For example, when poisoning intrusion or worm propagation took place, the general means of taking were to cut off the server apparatus of infective virus or provide limited service to all users.Because prior art mainly is based on network side and carries out security protection, when portable terminal infective virus, terminal system have security breaches or terminal system security configuration information and are altered, network can not in time be made response, for example can not carry out suitable security control based on the situation of aforementioned mobile terminal side, not only terminal can't in time be revised, and can have influence on the security performance of whole network.

Summary of the invention

The invention provides a kind of network safety control method and system, can respond the security information of end side to improve the security performance of system.

On this basis, the present invention can realize different terminals user's differential safeguard protection.

According to an aspect of the present invention, a kind of network safety control method comprises:

Terminal equipment is collected local security information and is reported to server end;

Described server end is resolved after receiving described security information, and the security service grade of the security service of ordering in advance in conjunction with the user is determined each terminal equipment corresponding security strategy;

Described server end adopts described security strategy by network access equipment terminal equipment to be carried out network insertion control and/or service access control.

Alternatively, this method also comprises: the security information that described server end reports terminal equipment sends to the safety means in the network, and safety means are carried out security response according to the security information that receives, and network is carried out security protection.

Alternatively, described security information of collecting this locality is: collect local security configuration information and/or security event information.

Alternatively, when comprising security event information in the security information that described terminal equipment is collected, terminal equipment filters the security event information of collecting according to predefined filtering rule, and remaining security event information reports server end after will filtering.

Alternatively, comprise system safety configuration information and application safety configuration information in the described security configuration information; Comprise virus event information, attack information and illegal scanning information in the described security event information.

Alternatively, to receive the mode that described security information adopts be interrupt mode or inquiry mode to described server end.

Alternatively, this method also comprises: described server end provides security service based on described security strategy to terminal equipment.

Alternatively, describedly provide security service to comprise: to carry out security attack and handle, carry out security configuration and upgrade or safety message is provided.

Alternatively, described server end is resolved after receiving described security information, for: the security information that at least two terminal equipments that receive report is carried out analysis-by-synthesis.

According to a further aspect in the invention, a kind of network security control system comprises terminal equipment and connected network access equipment, and the Security Policy Server with linking to each other with described network access equipment also comprises:

The TSM Security Agent unit is arranged on terminal equipment side, is used for the security information of collection terminal equipment and reports Security Policy Server;

Described Security Policy Server is used to receive and resolve the security information that described TSM Security Agent unit reports, obtain and the analysis result corresponding security strategy, adopt this security strategy terminal equipment to be carried out network insertion control and/or application service access control by network access equipment;

Safety means are connected with described Security Policy Server, are used for obtaining security information from Security Policy Server, carry out corresponding security response, and network is carried out security protection.

Alternatively, described Security Policy Server is resolved the security information that described TSM Security Agent unit reports and is: the security information that the TSM Security Agent unit of at least two terminal equipments of analysis-by-synthesis reports.

Alternatively, described TSM Security Agent unit comprises:

Configuration information obtains subelement, is used for the security configuration information of collection terminal equipment and sends to Security Policy Server.

Alternatively, described configuration information obtains the security configuration information that subelement collects and comprises system safety configuration information and application safety configuration information.

Alternatively, described TSM Security Agent unit also comprises:

Event information obtains subelement, is used for the security event information of collection terminal equipment;

Event information filters subelement, obtains subelement with described event information and is connected, and according to predefined filtering rule the security event information of collecting is filtered, and will filter the remaining security event information in back and send to Security Policy Server.

Alternatively, described TSM Security Agent unit comprises:

Event information obtains subelement, is used for the security event information of collection terminal equipment;

Event information filters subelement, obtains subelement with described event information and is connected, and according to predefined filtering rule the security event information of collecting is filtered, and will filter the remaining security event information in back and send to Security Policy Server.

Alternatively, described event information obtains the security event information that subelement collects and comprises virus event information, attack information and illegal scanning information.

Alternatively, described TSM Security Agent unit is the functional module that is arranged in the terminal equipment, perhaps is the standalone feature entity in the system.

Alternatively, described Security Policy Server comprises database, the security service grade of the security service that recording user is ordered; When described Security Policy Server obtained with the analysis result corresponding security strategy, the security service grade of the security service of ordering in advance in conjunction with the user was determined each terminal equipment corresponding security strategy.

Alternatively, described Security Policy Server and TSM Security Agent unit provide security service based on described each terminal equipment corresponding security strategy for terminal equipment.

Alternatively, described security service comprises security attack processing, security configuration renewal or safety message.

In accordance with a further aspect of the present invention, a kind of Anti-Spam comprises that mail server reaches at least one client that is connected with mail server by network access equipment, also comprises:

The configuration information acquiring unit is arranged in the client, is used to obtain the configuration information of the spam that client receives and sends;

Security Policy Server, be connected with network access equipment, be used to receive the also configuration information of store configuration information acquiring unit transmission, and, utilize this filtering policy Control Network access device to filter out the spam that mail server receives from network according to this configuration information formulation or renewal Spam filtering strategy;

Described Security Policy Server comprises:

The configuration information memory cell is used to receive and the configuration information that sends of store configuration information acquiring unit;

The configuration information processing unit, be connected with the configuration information memory cell, from the configuration information memory cell, obtain configuration information, cough up according to this configuration information formulation or renewal Spam filtering plan, utilize this filtering policy Control Network access device to filter out the spam that mail server receives from network.

Alternatively, described configuration information memory cell adopts interrupt mode or inquiry mode to receive the spam configuration information from the configuration information acquiring unit;

Described configuration information processing unit adopts interrupt mode or inquiry mode to read the spam configuration information from the configuration information memory cell.

Alternatively, described system also comprises:

The mail detecting unit is connected with the configuration information acquiring unit, is used for the mail that client receives is detected, and identifies spam wherein.

Alternatively, described mail detecting unit is arranged in the described client, perhaps is the independent community in the described system.

According to a further aspect of the invention, a kind of Anti-Spam comprises that mail server reaches at least one client that is connected with mail server by network access equipment, also comprises:

The configuration information acquiring unit is arranged in the client, is used to obtain the configuration information of the spam that client receives and sends;

Security Policy Server is connected with network access equipment, is used to receive the also spam configuration information of store configuration information acquiring unit transmission;

The filtrating mail unit is connected with Security Policy Server, is used for formulating or renewal Spam filtering strategy according to the spam configuration information of Security Policy Server output, utilizes this filtering policy to filter out the spam that receives from network;

Described client comprises:

The mail detecting unit is connected with the configuration information acquiring unit, is used for the mail that client receives is detected, and identifies spam wherein.

Alternatively, described filtrating mail unit is arranged in the mail server or by communication interface and is connected with mail server.

Alternatively, described filtrating mail unit is connected between mail server and the Internet Router.

Alternatively, described mail detecting unit is arranged in the described client, perhaps is the independent community in the described system.

Alternatively, described Security Policy Server adopts interrupt mode or inquiry mode to receive the spam configuration information from the configuration information acquiring unit;

Described filtrating mail unit adopts interrupt mode or inquiry mode to obtain the spam configuration information from Security Policy Server.

Network safety control method of the present invention and system collect local security information and report related server end by terminal equipment, the corresponding security strategy of safety information acquisition of server end analysing terminal equipment, utilize this security strategy terminal equipment to be carried out network insertion control and application service access control by network access equipment, owing to adopt safety interaction mechanism, formulate security strategy according to security information from terminal equipment side, therefore can respond timely, improve the security performance of network.

In preferred version of the present invention, the process that server end obtains security strategy is to carry out on the basis of the security information of at least two terminal to report of analysis-by-synthesis, that is to say, the security strategy analysis-by-synthesis of being formulated the security information that report of a plurality of terminal equipments, therefore the security strategy that obtains is comparatively perfect aspect reasonability.

The spam configuration information that junk-mail preventing method of the present invention and system utilize client to upload to the server of association is formulated the Spam filtering rule, utilizes this filtering rule that the mail that receives is filtered, and filters out spam wherein.Owing to realized the interlock of server end and client, and the spam configuration information is directed to vast client, guaranteed the authentic and valid of configuration information and enough samples have been arranged, thereby can make server end make rational Spam filtering rule, utilize the propagation of the defence spam that this filtering rule can be more comprehensive and accurate.

Further, except security configuration information, can also comprise security event information in the security information that terminal equipment of the present invention is collected, thereby make server end can from each terminal equipment, obtain more effective information, therefore can make more accurate and rational security strategy.

In addition, by the present invention, the mobile network can provide differentiated application safety service to portable terminal, order the user of high security service grade, can obtain faster security response, more high-quality and application service more preferably provides and Internet resources to finish safety upgrade, when guaranteeing mobile network's fail safe, can guarantee the quality of user's application service.

Description of drawings

Fig. 1 is the networking structure schematic diagram of the execution mode of network safety system of the present invention;

Fig. 2 is the safety interaction system shown in Fig. 1 and the schematic diagram of external interface thereof;

Fig. 3 is the networking structure schematic diagram of the embodiment of the invention one;

Fig. 4 carries out the flow chart of network security control for the embodiment of the invention one;

The networking structure schematic diagram of Fig. 5 embodiment of the invention two;

Fig. 6 carries out the flow chart of network security control for the embodiment of the invention two;

The networking structure schematic diagram of Fig. 7 embodiment of the invention three;

Fig. 8 carries out the flow chart of network security control for the embodiment of the invention three;

The networking structure schematic diagram of Fig. 9 embodiment of the invention four;

Figure 10 carries out the flow chart of network security control for the embodiment of the invention four;

The networking structure schematic diagram of Figure 11 embodiment of the invention five;

Figure 12 carries out the flow chart of network security control for the embodiment of the invention five;

Figure 13 is the networking structure schematic diagram of the embodiment of the invention six;

Figure 14 carries out the flow chart of network security control for the embodiment of the invention six.

Figure 15 among the present invention according to the flow chart of the full implementation of strategies example in user security social estate system Dingan County;

Figure 16 is the networking structure schematic diagram of the embodiment one of Anti-Spam of the present invention;

Figure 17 is the flow chart of the embodiment one of junk-mail preventing method of the present invention;

Figure 18 is the networking structure schematic diagram of the embodiment two of Anti-Spam of the present invention;

Figure 19 is the flow chart of the embodiment two of junk-mail preventing method of the present invention;

Figure 20 is the networking structure schematic diagram of the embodiment three of Anti-Spam of the present invention;

Figure 21 is the flow chart of the embodiment three of junk-mail preventing method of the present invention.

Embodiment

The safety interaction system (CRS, Correlative ReactingSystem) that the present invention is based on wireless data network realizes network security control.

The safety interaction system be a kind of by control dangerous portable terminal (promptly do not meet the portable terminal of the security strategy of network settings, for example have security breaches or infective virus portable terminal) access, to reduce the system of the security threat that radio data network was suffered, its essence is safety interaction by portable terminal and network side, network insertion to portable terminal is controlled, application service access to portable terminal limits, thereby the ability of security threats such as resisting virus, network attack is provided for network.

Figure 1 shows that the networking structure schematic diagram of safety interaction system, this system mainly comprises the TSM Security Agent unit 110 of mobile terminal side, the Security Policy Server 120 of network side, the network access equipment (as network insertion controller 131 and application service access controller 132) related with Security Policy Server.Carry out information interaction by linkage protocol between TSM Security Agent unit 110 and the Security Policy Server 120, constitute the core of safety interaction system.

Wherein, TSM Security Agent unit 110 the security information that is used to collect from portable terminal 10, preliminary treatment and organize above-mentioned information reports Security Policy Server 120 with it.TSM Security Agent unit 110 also receives the security update order and the indication of Security Policy Server 120, one side is to the security information of user report portable terminal, submit necessary information and cooperate for portable terminal 10 on the other hand, help to repair unsafe portable terminal.

Security Policy Server 120 is used for getting access to from TSM Security Agent unit 110 security information of portable terminal 10, adopt the network insertion and the application service of corresponding default security strategy control portable terminal 10 to insert according to security information from portable terminal 10, and cooperate with related network device, assist portable terminal 10 to carry out security update.

So-called security strategy be the safety interaction system according to the network in general demand for security, threaten the summation of the precautionary measures of definition at various particular safety, mainly comprise network insertion control strategy and application service Access Control Policy.

The network insertion control strategy be meant Security Policy Server 120 by with the interlock of network insertion controller 131, utilize flow control, limiting access, QoS (Quality of Service, quality of service) technological means such as reshuffles, realization is to the restriction of the data total flow of portable terminal 10 access networks, to prevent that unsafe portable terminal (portable terminal that security breaches or infective virus are for example arranged) from taking the unreasonable of Internet resources, stop malice virus in network, to be propagated.In addition, for from outside ASP (Application Service Provider, the application service provider) dangerous ISP's access, Security Policy Server 120 also can by with the interlock of network insertion controller 131 (for example network boundary gateway etc.), the flow shielding of layer Network Based is provided.

Wherein, current limliting be meant with on unsafe portable terminal or the ASP/downlink traffic is limited within certain predetermined value.According to the ability of network side interlocking equipment, can also provide expansion control methods such as accurate bandwidth shaping.Though the limited flow mode can not stop virus to the network wide-scale distribution, can prevent viral large-scale outbreak, avoids the very fast paralysis of Operation Network.

Blocking-up is meant directly to be blocked unsafe portable terminal or ASP, forbids its access network.

In addition, can also carry out re-orientation processes.Be redirected the particular flow rate that is meant dangerous portable terminal or ASP, be redirected to other special Network Security Devices by network insertion controller 131 and do further processing.For example normally surf the Net in order not influence the user, the uplink traffic that the user is all is redirected to an Anti Virus Gateway, removes the message that the user has infected worm-type virus, transmits the normal message of user then.According to the ability of network side interlocking equipment, can also provide redirection function based on the flow flow analysis of agreement and state.

The application service Access Control Policy be meant Security Policy Server 120 by with the interlock of application service access controller 132, portable terminal 10 is carried out service access control based on application layer.The application service access control mainly is the available service of limiting mobile terminal, guarantees that portable terminal and system only move necessary service.Dissimilar based on what serve, the method for service implementation access control also should be different.

In addition, can cooperatively interact with portable terminal 10, guarantee that the terminal use can not initiate disabled service, with further conserve network resources in the TSM Security Agent unit 110 of end side.

In order to resist the network security threats of bringing by dangerous portable terminal, provide the multi-level safety control device that controls to application service control from network insertion to be very important and useful.Network insertion control can replenish mutually with application service control, remedies the limitation of application service control simultaneously, and effectively Control Network worm, assault etc. are based on the security risk of complex mechanism.And by application service control, the network traffics that can stop the attack at special services to bring from the source are impacted, and effectively stop the propagation of virus at network.

On this basis, among the embodiment of safety interaction of the present invention system, when determining security strategy, not only carry out security control according to the security information of single terminal equipment, but take all factors into consideration the security information of a plurality of terminal equipments in the network, can obtain more amount of information and information source variation, terminal equipment is carried out network insertion control to the security strategy that adopts this kind mode to determine and application service inserts restriction, and its accuracy and reasonability are comparatively perfect.

The present invention in the specific implementation, radio data network can but be not limited to WCDMA (Wideband Code Division Multiple Access, Wideband Code Division Multiple Access (WCDMA)) or CDMA2000 etc., portable terminal can but be not limited to mobile phone or the PDA (Personal Digital Assistant, personal digital assistant) etc. that is connected communication by air interface with network.

See also Fig. 2, the safety interaction system communicates by safety interaction service interface and external module, comprises the TSM Security Agent external interface 111 of end side TSM Security Agent unit 110 and the security service external interface 121 of network side safety strategic server 120.

TSM Security Agent unit 110 links to each other by the operating system 101 and the SAS-A (Security Application Software Agent, Secure Application ageng) 102 of TSM Security Agent external interface 111 with terminal.Security Policy Server 120 is by security service external interface 121 and SAS-S (SecurityApplication Software Server, the Secure Application software server) 141 and TOS-S (Terminal Operating System Vulnerabilty Server, mobile terminal operating system attack server) 142 link to each other.

Security Policy Server 120 also is connected communication with ASP 151, SAS-S 152 and the TOS-S153 of external network.

In Security Policy Server 120, have database 122, preserve user's safety interaction information and select service describing etc., and provide safety interaction to serve necessary fixed-line subscriber information, and information such as some dynamic user security states, service scenario.

In order to make the present invention be convenient to more understand, below the present invention is further elaborated.

Embodiment one:

Figure 3 shows that the networking structure schematic diagram of the embodiment of the invention one.The safety interaction system comprises the TSM Security Agent unit 110 that is arranged on terminal equipment side, and is arranged on the Security Policy Server 120 that network side is connected with terminal equipment by network access equipment 130.

TSM Security Agent unit 110 can also can be the independent function entity in the system for being arranged on the functional module in the terminal equipment.Comprise in the TSM Security Agent unit 110 that configuration information obtains subelement 112, is used for the security configuration information of collection terminal equipment.

Security Policy Server 120 stores the security configuration information and the corresponding relation of security strategy of customization in advance, and security strategy is determined by taking all factors into consideration in the network security configuration information of a plurality of terminal equipments.Security Policy Server 120 adopts interrupt mode or inquiry mode to receive the security configuration information that TSM Security Agent unit 110 sends, analysis-by-synthesis and judgement by security configuration information that at least two terminal equipments are reported, determine the security strategy of coupling, utilize this security strategy to carry out network insertion control and/or application service access control by 130 pairs of terminal equipments of network access equipment.

The flow chart that Fig. 4 carries out network security control for the embodiment of the invention one, as seen from the figure, its main implementation procedure is as follows:

Step S10, the corresponding relation of security configuration information and security strategy is set on Security Policy Server;

For example: Security Policy Server might be found to have reported the security configuration information of being distorted more than or equal to the terminal equipment of setting number, and this distorting is that terminal equipment is caused by illegal scan event.Other-end in network suffers identical illegal scan event, what be provided with on the Security Policy Server with aforementioned security configuration information corresponding security strategy be: all terminal equipments provide the operating system patch at this illegal scan event in network, the terminal equipment that security configuration information is distorted is blocked simultaneously, requires it could insert after patch is installed.

The security configuration information of step S11, collection terminal equipment;

Be arranged on the security configuration information that configuration information in the TSM Security Agent unit of terminal equipment side obtains the communication interface collection terminal equipment between subelement utilization and terminal equipment operating system and the conventional application software, mainly comprise system configuration information and application configuration information.

Step S12, Security Policy Server adopt interrupt mode or inquiry mode to receive at least two security configuration information that terminal equipment sends.

Step S13, Security Policy Server carry out analysis-by-synthesis to the security configuration information of a plurality of terminal equipments of receiving, determine corresponding security strategy according to the corresponding relation of security configuration information that is provided with among the step S10 and security strategy, comprise network insertion strategy and/or application service access strategy in the security strategy.

The network insertion strategy comprises following aspect:

Current limliting: with on the dangerous terminal equipment/downlink traffic is limited within certain predetermined value;

Blocking-up: dangerous terminal equipment is directly blocked, forbidden its access network;

Be redirected: by network access equipment the particular flow rate of dangerous terminal equipment is redirected to other special Network Security Devices and does further processing, for example, normally surf the Net for not influencing terminal equipment, all uplink traffics of terminal equipment are redirected to an Anti Virus Gateway, remove the message that terminal equipment has infected worm-type virus, transmit the normal message of user then.

The application service access strategy limits or forbids for the available service to portable terminal.

The security strategy that step S14, Security Policy Server utilization are determined is carried out network insertion control and/or application service access control by network access equipment to terminal equipment.

In the present embodiment, the security configuration information that a plurality of terminal equipments of analysis-by-synthesis report when determining security strategy in Security Policy Server, definite security strategy is comparatively perfect aspect reasonability.

Embodiment two:

Figure 5 shows that the networking structure schematic diagram of the embodiment of the invention two.Compare with embodiment one, present embodiment has increased the safety means 150 that are connected with Security Policy Server 120 at network side.

In the present embodiment, the security configuration information that Security Policy Server 120 can report terminal equipment sends to the safety means 150 in the network, as fire compartment wall, inbreak testing apparatus, operation management center etc., these safety means 150 carry out corresponding security response according to the security information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, thereby reach the purpose of the mobile network being carried out security protection.

In the present embodiment, safety means 150 reach the purpose of the mobile network being carried out security protection by control router one 60.

The flow chart that Fig. 6 carries out network security control for the embodiment of the invention two, its main implementation procedure is as follows:

Step S20 to S22, similar to the step S10 to S12 in the foregoing description one.

Behind step S22, Security Policy Server is execution in step S23 and step S24 respectively.

The security configuration information that step S23, Security Policy Server report terminal equipment sends to the safety means in the network, as fire compartment wall, inbreak testing apparatus, operation management center etc., goes to step S25.

Safety means in step S25, the network carry out corresponding security response according to the security configuration information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, and the mobile network is carried out security protection.

Step S24, Security Policy Server carry out analysis-by-synthesis to the security configuration information of a plurality of terminal equipments of receiving, determine corresponding security strategy according to the corresponding relation of security configuration information that is provided with among the step S20 and security strategy, comprise network insertion strategy and/or application service access strategy in the security strategy, go to step S26.

The security strategy that step S26, Security Policy Server utilization are determined is carried out network insertion control and/or application service access control by network access equipment to terminal equipment.

Compare with embodiment one, present embodiment has increased safety means at network side, these safety means can receive the security configuration information that Security Policy Server sends, carry out corresponding security response according to the security configuration information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, can carry out more effective security protection the mobile network.

Embodiment three:

Figure 7 shows that the networking structure schematic diagram of the embodiment of the invention three.System comprises the TSM Security Agent unit 110 that is arranged on terminal equipment side, and is arranged on the Security Policy Server 120 that network side is connected with terminal equipment by network access equipment 130.

Comprise in the TSM Security Agent unit 110 that event information obtains subelement 113, event information filters subelement 114 and configuration information obtains subelement 112, wherein event information obtains the security event information that subelement 113 is used for collection terminal equipment; Event information filtration subelement 114 obtains subelement 113 with event information and is connected, be used for the security event information of collecting being filtered, will filter the remaining security event information in back and send to Security Policy Server 120 by network access equipment 130 according to the filtering rule of predefined event information; Configuration information obtains subelement 112 and is used for the security configuration information of collection terminal equipment and sends to Security Policy Server 120.

The corresponding relation of the security strategy that stores security event information, security configuration information in the Security Policy Server 120 and customize in advance.Security Policy Server 120 adopts interrupt mode or inquiry mode to receive security event information and the security configuration information that TSM Security Agent unit 110 sends, by the security event information that at least two terminal equipments are reported and the analysis-by-synthesis and the judgement of security configuration information, determine the security strategy of coupling, utilize this security strategy to carry out network insertion control and application service access control by 130 pairs of terminal equipments of network access equipment.

Figure 8 shows that embodiment three carries out the flow chart of network security control, its main implementation procedure is as follows:

The corresponding relation of step S30, the security configuration information that terminal is set on Security Policy Server and security event information and security strategy;

For example: if Security Policy Server is received when reporting same or analogous security event information (as virus event, illegal scan event etc.) more than or equal to the terminal equipment of setting number, because a plurality of terminal equipments suffer same or analogous security incident may cause the paralysis of network, therefore set security strategy is: the terminal equipment that reports security event information is blocked, check the security configuration information that terminal equipment reports simultaneously, carry out security update wherein reporting the terminal equipment of not installing at the security patch of above-mentioned security incident.

The security configuration information of step S31, collection terminal equipment and security event information;

Be arranged on the security configuration information that configuration information in the TSM Security Agent unit of terminal equipment side obtains the communication interface collection terminal equipment between subelement utilization and terminal equipment operating system and the conventional application software, mainly comprise system configuration information and application configuration information;

Event information in the TSM Security Agent unit obtains the security event information of the communication interface collection terminal equipment between the Secure Application software on subelement utilization and the terminal equipment (as firewall software, antivirus software, vulnerability scanning software and invader-inspecting software etc.), mainly comprises virus event, attack and illegal scan event etc.

Event information in step S32, the TSM Security Agent unit filters subelement and according to predefined filtering rule the security event information of collecting is filtered, and will filter the remaining key safety event information in back and send to Security Policy Server by network access equipment; Configuration information obtains subelement security configuration information is sent to Security Policy Server.

Because the number of the security event information of terminal equipment is more, if do not filter, its transmission amount of information can be very big, therefore event information should be set in the TSM Security Agent unit filter subelement, according to predefined filtering rule the security event information of collecting is filtered, to form important and the little key safety event information of transmission amount of information; For example, at illegal scan event information, the port number thresholding of scanning is set, if the port number of scanning, thinks then that this scanning is the key safety incident greater than 5, this is one of filtering rule, at different Secure Application software different filtering rules can be set.

Key safety event information and configuration information that step S33, Security Policy Server adopt interrupt mode or inquiry mode reception event information filtration subelement to send obtain the security configuration information that subelement sends.

Step S34, Security Policy Server carry out analysis-by-synthesis to the security configuration information and the security event information of a plurality of terminal equipments of receiving, corresponding relation according to the security configuration information that is provided with among the step S30 and security event information and security strategy is determined corresponding security strategy, comprises network insertion strategy and/or application service access strategy in the security strategy.

The security strategy that step S35, Security Policy Server utilization are determined is carried out network insertion control and/or application service access control by network access equipment to terminal equipment.

Terminal equipment provides key safety event information and security configuration information to Security Policy Server simultaneously in the present embodiment, compare with embodiment one, Security Policy Server can obtain more effective information from each terminal equipment, therefore can determine more accurate and rational security strategy.

Embodiment four:

Figure 9 shows that the networking structure schematic diagram of the embodiment of the invention four, compare that present embodiment has increased the safety means 150 that are connected with Security Policy Server 120 at network side with embodiment three.

In the present embodiment, security configuration information that Security Policy Server 120 can report terminal equipment and security event information send to the safety means 150 in the network, as fire compartment wall, inbreak testing apparatus, operation management center etc., these safety means 150 carry out corresponding security response according to the security information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, thereby reach the purpose of the mobile network being carried out security protection.

In the present embodiment, safety means 150 reach the purpose of the mobile network being carried out security protection by control router one 60.

Figure 10 is the flow chart of the embodiment of the invention four, and its main implementation procedure is as follows:

Step S40 to S43, similar to above-mentioned steps S30 to S33.

Behind step S43, Security Policy Server is execution in step S44 and S45 respectively.

Step S44, Security Policy Server carry out analysis-by-synthesis to the security configuration information and the security event information of a plurality of terminal equipments of receiving, corresponding relation according to the security configuration information that is provided with among the step S40 and security event information and security strategy is determined corresponding security strategy, comprise network insertion strategy and/or application service access strategy in the security strategy, go to step S46.

The security strategy that step S46, Security Policy Server utilization are determined is carried out network insertion control and/or application service access control by network access equipment to terminal equipment.

Security configuration information that step S45, Security Policy Server report terminal equipment and security event information send to the safety means in the network, as fire compartment wall, inbreak testing apparatus, operation management center etc., go to step S47.

Safety means in step S47, the network carry out corresponding security response according to security configuration information that receives and security event information by modes such as network traffics filtration, application protocol analysis or security incident early warning, and the mobile network is carried out security protection.

Compare with embodiment three, present embodiment has increased safety means at network side, these safety means can receive security configuration information and the security event information that Security Policy Server sends, carry out corresponding security response according to security configuration information that receives and security event information by modes such as network traffics filtration, application protocol analysis or security incident early warning, can carry out more effective security protection the mobile network.

Embodiment five:

Figure 11 shows that the networking structure schematic diagram of the embodiment of the invention five.System comprises the TSM Security Agent unit 110 that is arranged on terminal equipment side, and is arranged on the Security Policy Server 120 that network side is connected with terminal equipment by network access equipment 130.

TSM Security Agent unit 110 can also can be the independent function entity in the system for being arranged on the functional module in the terminal equipment.Comprise in the TSM Security Agent unit 110 that event information obtains subelement 113 and event information filters subelement 114.Wherein event information obtains the security event information that subelement 113 is used for collection terminal equipment; Event information filtration subelement 114 obtains subelement 113 with event information and is connected, be used for the security event information of collecting being filtered, will filter the remaining security event information in back and send to Security Policy Server 120 by network access equipment 130 according to predefined filtering rule.

Security Policy Server 120 stores the security event information and the corresponding relation of security strategy of customization in advance.Security Policy Server 120 adopts interrupt mode or inquiry mode to receive the security event information that TSM Security Agent unit 110 sends, analysis-by-synthesis and judgement by security event information that at least two terminal equipments are reported, determine the security strategy of coupling, utilize this security strategy terminal equipment to be carried out network insertion control and application service access control by network access equipment.

The flow chart that Figure 12 carries out network security control for the embodiment of the invention five, its main implementation procedure is as follows:

Step S50, the corresponding relation of security event information and security strategy is set on Security Policy Server;

For example: if Security Policy Server is received when reporting same or analogous security event information (as virus event, illegal scan event etc.) more than or equal to the terminal equipment of setting number, because a plurality of terminal equipments suffer same or analogous security incident may cause the paralysis of network, therefore set security strategy is: when reporting same or analogous security incident more than or equal to the terminal equipment of setting number, the terminal equipment that reports security event information is blocked, simultaneously the other-end equipment in the network is carried out flow control.

The security event information of step S51, collection terminal equipment;

Be arranged on the security event information that event information in the TSM Security Agent unit of terminal equipment side obtains the communication interface collection terminal equipment between the Secure Application software on subelement utilization and the terminal equipment (as firewall software, antivirus software, vulnerability scanning software and invader-inspecting software etc.), mainly comprise virus event, attack and illegal scan event etc.

Event information in step S52, the TSM Security Agent module filters subelement and according to predefined filtering rule the security event information of collecting is filtered, and will filter the remaining key safety event information in back and send to Security Policy Server by network access equipment.

Adopt interrupt mode or inquiry mode to receive at least two security event informations that terminal equipment sends in step S53, the Security Policy Server.

Step S54, Security Policy Server carry out analysis-by-synthesis to the security event information of a plurality of terminal equipments of receiving, determine corresponding security strategy according to the corresponding relation of security event information that is provided with among the step S50 and security strategy, comprise network insertion strategy and/or application service access strategy in the security strategy.

The security strategy that step S55, Security Policy Server utilization are determined is carried out network insertion control and/or application service access control by network access equipment to terminal equipment.

Embodiment six:

Figure 13 shows that the networking structure schematic diagram of the embodiment of the invention six, compare that present embodiment has increased the safety means 150 that are connected with Security Policy Server 120 at network side with embodiment five.

In the present embodiment, the security event information that Security Policy Server 120 can report terminal equipment sends to the safety means 150 in the network, as fire compartment wall, inbreak testing apparatus, operation management center etc., these safety means 150 carry out corresponding security response according to the security event information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, thereby reach the purpose of the mobile network being carried out security protection.

Safety means 150 reach the purpose of the mobile network being carried out security protection by control router one 60 in the present embodiment.

The flow chart that Figure 14 carries out network security control for the embodiment of the invention six, its main implementation procedure is as follows:

Step S60 to S63, similar to above-mentioned steps S50 to S53.

Behind the step S63, Security Policy Server is execution in step S64 and step S65 respectively.

Step S64, Security Policy Server carry out analysis-by-synthesis to the security event information of a plurality of terminal equipments of receiving, determine corresponding security strategy according to the corresponding relation of security event information that is provided with among the step S60 and security strategy, comprise network insertion strategy and/or application service access strategy in the security strategy, go to step S66.

The security strategy that step S66, Security Policy Server utilization are determined is carried out network insertion control and/or application service access control by network access equipment to terminal equipment.

The security event information that step S65, Security Policy Server report terminal equipment sends to the safety means in the network, as fire compartment wall, inbreak testing apparatus, operation management center etc., goes to step S67.

Safety means in step S67, the network carry out corresponding security response according to the security event information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, and the mobile network is carried out security protection.

Compare with embodiment five, present embodiment has increased safety means at network side, these safety means can receive the security event information that Security Policy Server sends, carry out corresponding security response according to the security event information that receives by modes such as network traffics filtration, application protocol analysis or security incident early warning, can carry out more effective security protection the mobile network.

On this basis, can provide differentiated application safety service to the user, be the user and set different security service grades, user for high security service grade service, can obtain security response faster, more high-quality and application service more preferably and more Internet resources are to finish safety upgrade.Specifically, in the formulation and enforcement of security strategy, further distinguish the security service of different stage and order the user, this differentiation is necessary when Internet resources reply flow attack.

Among the present invention, when presetting security strategy, the safety interaction system is according to the overall safety strategy of network, and the different security strategy of security service class user customization for different comprises network insertion strategy and application service control strategy.When determining and implementing concrete security strategy, carry out different disposal at the safe condition of Internet resources and portable terminal.Criterion is that the user orders a certain security service grade to network; when other conditions are identical; the quality of the security service that the high more network of grade provides is high more; for example ordered the user of high security service grade; when access service, can be subjected to the restriction of network insertion still less, and the security mechanism that can obtain appropriate level is protected its safer communication.

When security incident occurring, the safety interaction system is according to the security service grade corresponding security strategy of ordering with the user, in conjunction with portable terminal safe condition and network resource status, in security strategy content map to a security strategy group, for example the user of same services grade, identical portable terminal safe condition corresponds to same security strategy group, and the safety interaction system finishes security control according to the content of this security strategy group.

Seeing also Figure 15, is the flow chart that the embodiment of differentiation security service is provided to the user among the present invention.

Step S910, the user orders the security service of certain security service grade to network, and the security service grade is high more, and the quality of the security service that network provides is high more.

Step S920, according to the overall safety strategy of network, the safety interaction system is the security strategy that its security service grade is satisfied in customization, comprises network insertion strategy and application service control strategy.

The network insertion strategy comprises following content:

Flow control: different network bandwidth resources is provided; For the customer flow of possibility malice, the network element that preferentially is redirected to superior performance is handled, and the user data package after the removing virus obtains transmitting with higher priority; Necessary, for the user provides the network-specific escape way; Block the security service grade setting of user's threshold according to the user, the threshold of high security service grade is higher, and the possibility of the flow that gets clogged is lower; User to the security service grade provides higher safety credit amount.

Qos parameter is reshuffled: it is high more to order the security service grade, and reshuffling service that qos parameter causes, to reduce degree more little, preferentially guarantees the QoS demand of high security service class user.

Limiting access: the safe network segment that promptly only allows the specific Security Target address of user capture or isolate with proper network.The addressable Security Target of high security service class user address is more, and the safe network segment is more.

The influence that also is subjected to high security service class user for the setting of other network insertion control strategies is littler to be criterion.

The application service control strategy comprises: the application service of ordering is not necessarily disabled, still can offer high security service class user; Limit for the service that has security risk, as flow upper limit of qos parameter, special services etc.In addition, can not limit the service of its peak period to high security service class user provides.For the service that third party ASP provides, limit the downlink traffic of its networking.

Step S930 in the implementation process of security strategy, implements differentiated security service according to the security service grade that the user orders for the user.

Below describe at aspects such as the renewal of security configurations such as security attack processing, virus base upgrading, system vulnerability upgrading, the renewal of TSM Security Agent unit and safety messages respectively.

When carrying out the security attack processing, virus is found in the TSM Security Agent unit, form message and send to Security Policy Server, Security Policy Server is judged when portable terminal is dangerous portable terminal, formulate and implement corresponding security strategy, the security service grade that this security strategy is ordered corresponding to the user simultaneously according to user's security service rank, is carried out the security log of different detailed degree.Security Policy Server progressively carries out distinguishing strategy and implements according to the doscrimination security strategy of its formulation.For example:

(1) according to virus or attack type, judge whether attack into particular type of service, carry out various flow controls.Doscrimination is embodied in the enforcement to the various control measure of difference strategy, for example for the user who orders high security service grade, except general being redirected, redirection function based on the flow flow analysis of agreement and state can also be provided, find and removing work to help the user to finish quick virus, and guarantee that as far as possible the service that does not influence the user normally carries out.

(2) judge whether to handle proper,, only use network insertion control can't control threat fully, then start service access control measure, comprise forbidding service, restriction service etc. if according to assessment result to the portable terminal security information.

When security update was carried out in virus base upgrading, system vulnerability upgrading, system safety configuration etc., the TSM Security Agent unit need to find upgrading to upgrade, and then forms secure status of mobile terminal message, sends to the network side safety strategic server; Formulate and implement corresponding security strategy, the security service grade that this security strategy is ordered corresponding to the user simultaneously according to the user class of service, is carried out the security log of different detailed degree.Security Policy Server progressively carries out distinguishing strategy and implements according to the doscrimination security strategy of its formulation, for example:

(1) according to the Internet resources situation, giving priority in arranging for is renewals such as advanced level user's enforcement virus base upgrading.Comprise that Security Policy Server and antivirus server etc. link, help the user to finish simultaneously and upgrade or configuration; If the Internet resources deficiency then may delay to implement security update to rudimentary user;

(2) if necessary, Security Policy Server starts corresponding network access control process and application service control procedure simultaneously.Equally, this implementation process security service grade of also ordering according to the user is carried out difference provides.The security strategy of Security Policy Server for this customization deferred in concrete enforcement.If the Internet resources deficiency then may be implemented strict access control and service restriction to rudimentary user.

In the time of need upgrading the TSM Security Agent unit in the security strategy period of service,, from senior to rudimentary, progressively implement the version updating process of TSM Security Agent unit according to user gradation and Internet resources situation.User than the lower security grade of service may be delayed the enjoyment update service, also might therefore cause its applied business service quality to reduce simultaneously.

Aspect safety message,,, then provide the detailed report of a relevant information by network side if it is asked for the user who has ordered high security service grade service.

Another concrete application of the thought that terminal of the present invention and server link is the defence spam.Junk-mail preventing method of the present invention and system utilize the spam configuration information that user end to server uploads to formulate the Spam filtering rule, utilize the defence spam that this filtering rule can be more comprehensive and accurate.

The present invention reports the server end related with it in client with the configuration information of the spam that receives, formulate the Spam filtering strategy by server end according to the spam configuration information, when server end receives Email from network, can filter out the spam in the Email according to the filtering policy of formulation.

Application example one:

Figure 16 shows that the networking structure schematic diagram of application example one of the present invention.Anti-Spam comprises:

Mail server 870 is used for receiving Email from network, and the Email that receives is kept in.

Network access equipment 830, the e-mail forward that is used for client 810 is sent is given mail server 870, and the e-mail forward that mail server 870 receives is given the client of appointment, this network access equipment 830 can be the broadband access equipment in the wired communication system, also can be the wireless data support node in the wireless communication system.

At least one client 810, be connected with mail server 870 by network access equipment 830, this client 810 can be mobile client, also can be fixed clients, and the present invention is provided with mail detecting unit 880 and configuration information acquiring unit 813 at client-side;

Security Policy Server 820, be connected with network access equipment 830, comprise configuration information memory cell 822 and configuration information processing unit 823, be used to receive the also configuration information of store configuration information acquiring unit 813 transmissions, and, utilize this filtering policy Control Network access device 830 to filter out the spam that mail server 870 receives from network according to this configuration information formulation Spam filtering strategy.

The mail detecting unit 880 of client-side can also can be the independent community in the system for being arranged on the functional module in the client, is used for the mail that client 810 receives is detected, and identifies spam wherein; Configuration information acquiring unit 813 is connected with mail detecting unit 880 by communication interface, is arranged on usually in the client 810, is used to obtain the configuration information of mail detecting unit 880 detected spams, and sends to network access equipment 830.

Configuration information memory cell 822 in the Security Policy Server 820 adopts interrupt mode or inquiry mode to receive the configuration information that configuration information acquiring unit 813 sends, and it is stored; Configuration information processing unit 823 adopts interrupt mode or inquiry mode to read the spam configuration information from configuration information memory cell 822, formulate or real-time update Spam filtering strategy according to this spam configuration information, and utilize this filtering policy Control Network access device 830 to filter out the spam that mail server 870 receives from network.

Figure 17 utilizes system shown in Figure 16 to carry out the flow chart of spam prevention, and its main implementation procedure is as follows:

Step S100, client detect by the mail detecting unit whether the Email that receives is spam, if execution in step S110 is designated spam with this mail; Execution in step S120 subsequently; Otherwise, disregard;

On the mail detecting unit, filtering rule is set, the Email that receives is checked and mated, can formulate filtering rule according to the items of information such as keyword in source address, mail matter topics, the body matter, for example can fall the filtrating mail that comprises keyword " sales promotion " in the body matter.

Step S120, configuration information acquiring unit obtain the configuration information of the mail with spam sign, and this configuration information is sent to configuration information memory cell in the Security Policy Server by network access equipment;

The configuration information of described spam comprises in the source address/destination address, subject key words, content keyword of mail at least.

Step S130, configuration information memory cell adopt interrupt mode or inquiry mode to receive the spam configuration information that the configuration information acquiring unit is exported, and the spam configuration information that receives is stored;

Step S140, configuration information processing unit employing interrupt mode or inquiry mode read the spam configuration information in the configuration information memory cell, formulate or real-time update Spam filtering strategy according to this spam configuration information;

For example, because spam is normally mass-sended, so in the configuration information processing unit, can set the sealing grade of spam according to the quantity of the client that reports same source address, the lowest class is the delivery of mail of this address of a shutoff to this client, and highest ranking is the delivery of mail of this address of shutoff to all clients.

Step S150, configuration information processing unit filter out the spam that mail server receives according to described Spam filtering policy control network access equipment from network;

Network access equipment is carried out respective handling according to the Spam filtering strategy to the source address or the port of spam under the control of configuration information processing unit, filter out the spam that mail server receives from network.

Application example two:

Figure 18 shows that the networking structure schematic diagram of Anti-Spam application example two of the present invention.Anti-Spam mainly comprises:

Mail server 870 is used for receiving Email from network, and the Email that receives is kept in;

Network access equipment 830, the e-mail forward that is used for client 810 is sent is given mail server 870, and the e-mail forward that mail server 870 receives is given the client of appointment;

At least one client 810 is connected with mail server 870 by network access equipment 810, and the present invention is provided with mail detecting unit 880 and configuration information acquiring unit 813 at client-side;

Security Policy Server 820 is connected with network access equipment 830, and its inside has configuration information memory cell 822, is used to receive the also configuration information of store configuration information acquiring unit 813 transmissions;

Filtrating mail unit 871, be connected with Security Policy Server 820, be arranged in the mail server 870 or and be connected with mail server 870 by communication interface, be used for formulating or renewal Spam filtering strategy, utilize this filtering policy to filter out the spam that from network, receives according to the spam configuration information of Security Policy Server 820 outputs.

The mail detecting unit 880 of client-side can be arranged in the client, also can be the independent community in the system, is used for the mail that client 810 receives is detected, and identifies spam wherein; Configuration information acquiring unit 813 is connected with mail detecting unit 880 by communication interface, is arranged on usually in the client 810, is used to obtain the configuration information of the detected spam of mail detecting unit, and sends to network access equipment 830.

Figure 19 utilizes system shown in Figure 180 to carry out the flow chart of spam prevention, and its main implementation procedure is as follows:

Step S200, client detect by the mail detecting unit whether the Email that receives is spam, if execution in step S210 is designated spam with this mail; Execution in step S220 subsequently, otherwise, disregard;

On the mail detecting unit, filtering rule is set, the Email that receives is checked and mate that filtering rule can be formulated according to the items of information such as keyword in source address, mail matter topics, the body matter.

Step S220, configuration information acquiring unit obtain the configuration information of the mail with spam sign, and this configuration information is sent to the configuration information memory cell by network access equipment;

The configuration information of described spam comprises in source address/destination address of comprising mail at least, subject key words, the content keyword.

Step S230, configuration information memory cell adopt interruption or inquiry mode to receive the spam configuration information of configuration information acquiring unit output, and it is stored.

Step S240, the employing interruption of filtrating mail unit or inquiry mode read the spam configuration information in the configuration information memory cell, and formulate or real-time update Spam filtering strategy according to this configuration information;

For example, the spam source address that the filtrating mail unit can report client adds in the blacklist, and perhaps the subject key words with spam increases to filtering rule.

Step S250, filtrating mail unit are discerned the Email that mail server receives from network according to described Spam filtering strategy, and the Spam filtering that identifies is fallen.

Application example three:

Figure 20 shows that the networking structure schematic diagram of Anti-Spam application example three of the present invention.Anti-Spam comprises:

Mail server 870 is used for receiving Email from network, and the Email that receives is kept in;

Network access equipment 830, the e-mail forward that is used for client 810 is sent is given mail server 870, and the e-mail forward that mail server 870 receives is given the client of appointment;

At least one client 810 is connected with mail server 870 by network access equipment 830, and the present invention is provided with mail detecting unit 880 and configuration information acquiring unit 813 at client-side;

Security Policy Server 820 is connected with network access equipment 830, and its inside has configuration information memory cell 822, is used to receive the also configuration information of store configuration information acquiring unit 813 transmissions;

Filtrating mail unit 890, possesses conventional filtrating mail ability, be connected between mail server 870 and the Internet Router 860, and be connected with Security Policy Server 820, be used for formulating or renewal Spam filtering strategy, utilize this filtering policy to filter out the spam that from network, receives according to the spam configuration information of Security Policy Server 820 outputs.

The mail detecting unit 880 of client-side can be arranged in the client, also can be the independent community in the system, is used for the mail that client 810 receives is detected, and identifies spam wherein; Configuration information acquiring unit 813 is connected with mail detecting unit 880 by communication interface, is arranged on usually in the client, is used to obtain the configuration information of mail detecting unit 880 detected spams, and sends to network access equipment 830.

Figure 21 utilizes system shown in Figure 20 to carry out the flow chart of spam prevention, and its main implementation procedure is as follows:

Step S300, client detect by the mail detecting unit whether the Email that receives is spam, if execution in step S310 is designated spam with this mail; Continue execution in step S320, otherwise, disregard;

On the mail detecting unit, filtering rule is set, the Email that receives is checked and mate that filtering rule is formulated according to the items of information such as keyword in source address, mail matter topics, the body matter.

Step S320, configuration information acquiring unit obtain the configuration information of the mail with spam sign, and this configuration information is sent to the configuration information memory cell by network access equipment;

The configuration information of described spam comprises in source address/destination address of comprising mail at least, subject key words, the content keyword.

Step S330, configuration information memory cell adopt interrupt mode or inquiry mode to receive the spam configuration information of configuration information acquiring unit output, and it is stored.

Step S340, filtrating mail unit employing interrupt mode or inquiry mode read the spam configuration information in the configuration information memory cell, formulate or renewal Spam filtering strategy according to this configuration information.

Step S350, filtrating mail unit fall the spam that receives according to described Spam filtering policy filtering from network.

The method and system of Anti-Spam of the present invention can with any combination of the mode of other Anti-Spams in the prior art, thereby can make whole Anti-Spam system in more accurate reception normal email, prevent the transmission of spam to a greater extent.

The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.

Claims (29)

1. a network safety control method is characterized in that, comprising:

Terminal equipment is collected local security information and is reported to server end;

Described server end is resolved after receiving described security information, and the security service grade of the security service of ordering in advance in conjunction with the user is determined each terminal equipment corresponding security strategy;

Described server end adopts described security strategy by network access equipment terminal equipment to be carried out network insertion control and/or service access control.

2. network safety control method as claimed in claim 1, it is characterized in that, also comprise: the security information that described server end reports terminal equipment sends to the safety means in the network, and safety means are carried out security response according to the security information that receives, and network is carried out security protection.

3. network safety control method as claimed in claim 1 is characterized in that, described security information of collecting this locality is: collect local security configuration information and/or security event information.

4. network safety control method as claimed in claim 3, it is characterized in that, when comprising security event information in the security information that described terminal equipment is collected, terminal equipment filters the security event information of collecting according to predefined filtering rule, and remaining security event information reports server end after will filtering.

5. network safety control method as claimed in claim 3 is characterized in that, comprises system safety configuration information and application safety configuration information in the described security configuration information; Comprise virus event information, attack information and illegal scanning information in the described security event information.

6. network safety control method as claimed in claim 1 is characterized in that, the mode that described server end receives described security information employing is interrupt mode or inquiry mode.

7. network safety control method as claimed in claim 1 is characterized in that, also comprises: described server end provides security service based on described security strategy to terminal equipment.

8. network safety control method as claimed in claim 7 is characterized in that, describedly provides security service to comprise: carry out security attack and handle, carry out security configuration and upgrade or safety message is provided.

9. as each described network safety control method of claim 1 to 8, it is characterized in that described server end is resolved after receiving described security information, for: the security information that at least two terminal equipments that receive report is carried out analysis-by-synthesis.

10. a network security control system comprises terminal equipment and connected network access equipment, and the Security Policy Server with linking to each other with described network access equipment is characterized in that, also comprises:

The TSM Security Agent unit is arranged on terminal equipment side, is used for the security information of collection terminal equipment and reports Security Policy Server;

Described Security Policy Server is used to receive and resolve the security information that described TSM Security Agent unit reports, obtain and the analysis result corresponding security strategy, adopt this security strategy terminal equipment to be carried out network insertion control and/or application service access control by network access equipment;

Safety means are connected with described Security Policy Server, are used for obtaining security information from Security Policy Server, carry out corresponding security response, and network is carried out security protection.

11. network security control system as claimed in claim 10 is characterized in that, described Security Policy Server is resolved the security information that described TSM Security Agent unit reports and is: the security information that the TSM Security Agent unit of at least two terminal equipments of analysis-by-synthesis reports.

12. network security control system as claimed in claim 10 is characterized in that, described TSM Security Agent unit comprises:

Configuration information obtains subelement, is used for the security configuration information of collection terminal equipment and sends to Security Policy Server.

13. network security control system as claimed in claim 12 is characterized in that, the security configuration information that described configuration information obtains the subelement collection comprises system safety configuration information and application safety configuration information.

14. network security control system as claimed in claim 12 is characterized in that, described TSM Security Agent unit also comprises:

Event information obtains subelement, is used for the security event information of collection terminal equipment;

Event information filters subelement, obtains subelement with described event information and is connected, and according to predefined filtering rule the security event information of collecting is filtered, and will filter the remaining security event information in back and send to Security Policy Server.

15. network security control system as claimed in claim 10 is characterized in that, described TSM Security Agent unit comprises:

Event information obtains subelement, is used for the security event information of collection terminal equipment;

Event information filters subelement, obtains subelement with described event information and is connected, and according to predefined filtering rule the security event information of collecting is filtered, and will filter the remaining security event information in back and send to Security Policy Server.

16., it is characterized in that the security event information that described event information obtains the subelement collection comprises virus event information, attack information and illegal scanning information as claim 14 or 15 described network security control system.

17. network security control system as claimed in claim 10 is characterized in that, described TSM Security Agent unit is the functional module that is arranged in the terminal equipment, perhaps is the standalone feature entity in the system.

18. network security control system as claimed in claim 10 is characterized in that described Security Policy Server comprises database, the security service grade of the security service that recording user is ordered; When described Security Policy Server obtained with the analysis result corresponding security strategy, the security service grade of the security service of ordering in advance in conjunction with the user was determined each terminal equipment corresponding security strategy.

19. network security control system as claimed in claim 18 is characterized in that, described Security Policy Server and TSM Security Agent unit provide security service based on described each terminal equipment corresponding security strategy for terminal equipment.

20., it is characterized in that described security service comprises security attack processing, security configuration renewal or safety message as claim 18 or 19 described network security control system.

21. an Anti-Spam comprises that mail server reaches at least one client that is connected with mail server by network access equipment, it is characterized in that, also comprises:

The configuration information acquiring unit is arranged in the client, is used to obtain the configuration information of the spam that client receives and sends;

Security Policy Server, be connected with network access equipment, be used to receive the also configuration information of store configuration information acquiring unit transmission, and, utilize this filtering policy Control Network access device to filter out the spam that mail server receives from network according to this configuration information formulation or renewal Spam filtering strategy;

Described Security Policy Server comprises:

The configuration information memory cell is used to receive and the configuration information that sends of store configuration information acquiring unit;

The configuration information processing unit, be connected with the configuration information memory cell, from the configuration information memory cell, obtain configuration information, formulate or renewal Spam filtering strategy according to this configuration information, utilize this filtering policy Control Network access device to filter out the spam that mail server receives from network.

22. Anti-Spam according to claim 21 is characterized in that,

Described configuration information memory cell adopts interrupt mode or inquiry mode to receive the spam configuration information from the configuration information acquiring unit;

Described configuration information processing unit adopts interrupt mode or inquiry mode to read the spam configuration information from the configuration information memory cell.

23. Anti-Spam according to claim 21 is characterized in that, described system also comprises:

The mail detecting unit is connected with the configuration information acquiring unit, is used for the mail that client receives is detected, and identifies spam wherein.

24. Anti-Spam according to claim 23 is characterized in that, described mail detecting unit is arranged in the described client, perhaps is the independent community in the described system.

25. an Anti-Spam comprises that mail server reaches at least one client that is connected with mail server by network access equipment, it is characterized in that, also comprises:

The configuration information acquiring unit is arranged in the client, is used to obtain the configuration information of the spam that client receives and sends;

Security Policy Server is connected with network access equipment, is used to receive the also spam configuration information of store configuration information acquiring unit transmission;

The filtrating mail unit is connected with Security Policy Server, is used for formulating or renewal Spam filtering strategy according to the spam configuration information of Security Policy Server output, utilizes this filtering policy to filter out the spam that receives from network;

Described client comprises:

The mail detecting unit is connected with the configuration information acquiring unit, is used for the mail that client receives is detected, and identifies spam wherein.

26. Anti-Spam according to claim 25 is characterized in that, described filtrating mail unit is arranged in the mail server or by communication interface and is connected with mail server.

27. Anti-Spam according to claim 25 is characterized in that, described filtrating mail unit is connected between mail server and the Internet Router.

28. Anti-Spam according to claim 25 is characterized in that, described mail detecting unit is arranged in the described client, perhaps is the independent community in the described system.

29. Anti-Spam according to claim 25 is characterized in that,

Described Security Policy Server adopts interrupt mode or inquiry mode to receive the spam configuration information from the configuration information acquiring unit;

Described filtrating mail unit adopts interrupt mode or inquiry mode to obtain the spam configuration information from Security Policy Server.

Images