Summary of the invention
For the defect of above-mentioned prior art, the present invention proposes a kind of network safety system, addresses how to improve the technical problem of IP Security performance.
According to an aspect of the invention, it is provided a kind of network safety system, including: monitoring modular, for received Email is carried out safety monitoring;Processing module, for by described E-mail enciphered;Deciphering module, for by the Email deciphering through encryption;And check module, for checking the Email through deciphering.
In described network safety system, described monitoring modular farther includes: virus monitor submodule, for monitoring whether received Email is infected;And junk mail watch submodule, for monitoring whether received Email is the unauthorized Email of malice.
In described network safety system, described monitoring modular is additionally operable to received information is performed intrusion detection, and wherein, described monitoring modular also includes: intrusion detection submodule, for monitoring whether received information comprises intrusion behavior.
In described network safety system, described monitoring modular also includes: vulnerability scanning submodule, for reporting to the police when finding and having leak in described network safety system.
In described network safety system, if detecting that received Email is infected by described virus monitor submodule, monitor received Email by described junk mail watch submodule to be spam and/or comprise intrusion behavior by the information received by described intrusion detection submodule, then received Email and/or received information are abandoned.
In described network safety system, described processing module is additionally operable to encapsulate described Email with predetermined encapsulation format.
In described network safety system, described processing module farther includes: encapsulation submodule, for by the mail head of received Email carrying out name translation and/or encapsulating described Email by the beginning of the mail body of received Email mark is carried out conversion;And encryption submodule, for received Email not landed encryption.
In described network safety system, the Email deciphered through described deciphering module is still the form after described encapsulation submodule encapsulates.
In described network safety system, described processing module is connected with described deciphering module by the first unidirectional device, with described, described deciphering module checks that module is connected by the second unidirectional device.
In described network safety system, also including: sending module, be used for sending Email, described sending module is independent of described monitoring modular, described processing module, described deciphering module and described checks module.
IP Security performance is improved by network safety system described in the invention.
Detailed description of the invention
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are illustrated, it will be appreciated that preferred embodiment described herein is merely to illustrate and explains the present invention, is not intended to limit the present invention.
Fig. 1 is the schematic diagram of the embodiment of the network according to the invention security system 100.In FIG, network safety system 100 includes monitoring modular 102, processing module 104, deciphering module 106 and checks module 108.Wherein, monitoring modular 102 is for carrying out safety monitoring to the Email received from external network.Processing module 104 is for being encrypted the Email received.Deciphering module 106 is for by the Email deciphering through encryption.Check that module 108 is for checking the Email through deciphering.
Specifically, virus and spam can be monitored by monitoring modular, and it can specifically include for monitoring virus monitor submodule that whether received Email be infected and for monitoring the junk mail watch submodule whether received Email is the unauthorized Email of malice.Whether virus monitor submodule can contain virus document in the adnexa in Email and monitor whether this Email is infected by mail by monitoring, and whether junk mail watch submodule can have the content in corresponding authority and Email and whether contain preset keyword and judge whether this Email belongs to maliciously unauthorized mail by monitoring the addresser of Email.The unauthorized mail of this malice includes but not limited to advertisement matter, swindle mail etc..
Except the monitoring carried out at software view above, monitoring modular 102 can also be monitored at hardware view.Specifically, monitoring modular can be also used for received information is performed intrusion detection, and monitoring modular can also include: for monitoring whether received information comprises intrusion behavior intrusion detection submodule.Such as, can be tackled by above-mentioned monitoring modular network can occur by frequently to same target send a large amount of invalid packets the attack of " corpse machine "." corpse machine " can by frequently taking a large amount of system resources of this object in the short time to the same target a large amount of invalid packets of transmission, thus causing that object is paralysed, monitoring modular can tackle this situation by intrusion detection submodule.
Additionally, above-mentioned monitoring modular 102 could be included for the vulnerability scanning submodule carrying out reporting to the police when finding and having leak in described network safety system.
If detecting that received Email is infected by virus monitor submodule, monitor received Email by junk mail watch submodule to be spam and/or comprise intrusion behavior by the information received by intrusion detection submodule, then received Email and/or received information are abandoned.
By the network safety system in the present embodiment, it is possible to improve safety, specifically comprehensively, it is possible to from two aspects of hardware and software, system is carried out full protection.
In a preferred embodiment, processing module is except being encrypted, it is also possible to for encapsulating Email with predetermined encapsulation format.In other words, processing module may further include encapsulation submodule and encryption submodule, this encapsulation submodule for by carrying out name translation and/or encapsulating Email by the beginning of the mail body of received Email mark is carried out conversion to the mail head of received Email, and this encryption submodule for not landing encryption to received Email.Wherein, Email can be encapsulated as predetermined encapsulation format by above-mentioned conversion by encapsulation submodule, such that make this Email be trapped or obtained by other people, it also cannot check the particular content of this envelope Email.Preferably, above-mentioned do not land encryption and refer to and be arranged in internal memory at Email and just this Email be encrypted without when storing in a hard disk.
Preferably, can no longer carry out decapsulation behavior after being packaged, have been used up packaged form and be read out, the operation such as check, say, that the Email through deciphering module deciphering be still the form after encapsulation submodule encapsulates.
Above preferred embodiment strengthens the safety of system in encapsulation and encryption two.
In a further advantageous embodiment, processing module can be connected with deciphering module by the first unidirectional device, and deciphering module can pass through the second unidirectional device and check that module is connected.Unidirectional device is a kind of hardware device, it is ensured that data can only flow to another direction from a direction, and can not be reversed.
In above preferred embodiment, by use unidirectional device can to processing module 104, deciphering module 106 with check that module 108 is isolated with external network further, thus improve security of system.
Additionally, network safety system 100 could be included for sending Email sending module.This sending module is independent of monitoring modular, processing module, deciphering module and checks module.
Fig. 2 is the schematic diagram of the example of the network according to the invention security system.
Present invention achieves a kind of Secure E-Mail System for solving above-mentioned safety problem, native system thoroughly solves the safety problem that existing mailing system exists.The present invention includes two parts, mail reception service end and mail and sends service end.Part receives the safety that service end certified mail receives and stores, and mail sends service end to be only responsible for sending mail, is completely independent with mail reception service end.Mail sends service end and includes a mail sending module, is responsible for sending to mail reception service end mail.Mail reception service end includes three submodules: safety protection module, mail treatment module, mail deciphering module and mail check module.
Mail reception process comprises the following steps, such as Fig. 2:
1) mail enters safety protection module by outer net, the safety protection module mail to receiving carries out the safety monitoring of series, including: intrusion detection, virus monitor, junk mail watch, if there being arbitrary detection to pinpoint the problems, then this envelope mail is then dropped;
2) after mail is by all of safety monitoring, entering mail treatment module, this module is by the form mail received carried out again encapsulation and encryption of not landing, it is ensured that even if having unauthorized user to obtain mail also cannot check the content of mail;
3) mail deciphering module is entered at mail after encapsulation and encryption by a unidirectional device, owing to this module is isolated in external network through unidirectional device, so network environment is perfectly safe, this module is responsible for the mail received is decrypted, recover the plaintext of mail, but at this moment mail is still the form after encapsulation, even if unauthorized user obtains this envelope mail and general Mail Clients still cannot be used to check Mail Contents;
4) enter mail through the mail of deciphering again by a unidirectional device and check module, this module is responsible for specially and the mail of form after this encapsulation is checked, owing to this module employs again unidirectional device and the isolation of mail deciphering module, further ensure safety.
The present invention achieves IP Security protection requirements by safety protection module, it is ensured that the mail entering mail reception service end is safe and reliable;It is packaged and does not land encrypting the safety that ensure that mail in next transmission and storing process to mail by mail treatment module;Pass through unidirectional device, it is ensured that data stream can only flow into from outer net and can not flow out, it is ensured that the mail received cannot illegally be sent to outer net.Check that the operation of mail carries out at internal network completely, it is ensured that user identity, email storage safety.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.