CN104038409A - Method and device for email security management - Google Patents
Method and device for email security management Download PDFInfo
- Publication number
- CN104038409A CN104038409A CN201410238449.1A CN201410238449A CN104038409A CN 104038409 A CN104038409 A CN 104038409A CN 201410238449 A CN201410238449 A CN 201410238449A CN 104038409 A CN104038409 A CN 104038409A
- Authority
- CN
- China
- Prior art keywords
- flow
- mail flow
- security management
- shunting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method and a device for email security management. The method comprises the steps of receiving email traffic and shunting the email traffic, analyzing and safely filtering the shunted email traffic to obtain secure email traffic, and receiving and transmitting the secure email traffic. The method is capable of shunting and filtering the received email traffic and re-injecting and transmitting the shunt email traffic after processing is completed by use of an application-based shunting and reinjection technology, and therefore, the bottleneck of a security gateway is eliminated, and the risk that slow operation or collapse of the security gateway can be caused by DDOS (Distributed Denial of Service) attacks easily.
Description
Technical field
The present invention relates to Internet technical field, relate in particular to a kind of mail security management method and device.
Background technology
It is that current business is applied maximum a kind of business attacks that Email is attacked, and be a kind of attack that allows a lot of netizens all be sick of, such as often filling up spam in subscriber mailbox, consume a large amount of space resourcess and stored, and need lose time to delete.Too much junk mail also will cause the journal file of system to become very large, and even likely spill file system brings danger can to like this systems such as Unix, Windows.Except system has the possibility of collapse, a large amount of junk mails also can take a large amount of CPU times and the network bandwidth, causes proper network access speed slack-off.Further, if in mail with virus, that consequence is more serious, now a lot of competition among enterprises all can adopt the mode that mail is attacked, to steal rival's trade secret.
Existed at present some safety means to defend this attack, but the equipment such as current PAA, anti-rubbish, content auditing all connect, once an equipment is attacked, whole environment all will collapse, and this problem is also the problem of the headache of network manager.As shown in Figure 1,1 is remote hacker main frame, and 2 is corpse controller, and 3 is security gateway, and 4 is router, and 5 is local area network (LAN).Attack by DDOS, can control many corpse equipment and send a large amount of spams to an enterprise site or large-scale military website, final result can cause the collapse of this website security gateway and the interruption of whole network simultaneously.This is because these safety means will overhaul the content in message, higher to the resource consumption of equipment, and a large amount of attack traffics can consume all available resources of security gateway equipment, causes equipment collapse.The real content of paying close attention to of this safety means is only the specific contents of some of them in fact, if a large amount of performances of consumption safety means that will be in vain while there is a large amount of and content that safety means focus is irrelevant in circuit.Backward, even if suffered attack traffic is not enough to allow security gateway equipment collapse, also can cause the low problem of performance of whole system, and therefore, security gateway can become the bottleneck of whole system, very easily causes system operation slowly or the consequence of collapse.
Summary of the invention
(1) technical problem that will solve
The invention provides a kind of mail security management method and device, in the time being subject to mail attack, easily cause system operation slowly or the technical problem of collapse to solve in prior art.
(2) technical scheme
For solving the problems of the technologies described above, the invention provides a kind of mail security management method, comprising:
Receive mail flow, described mail flow is shunted;
Mail flow after shunting is analyzed and safety filtering, obtained secure e-mail flow;
Receive described secure e-mail flow and send.
Further, described reception mail flow also comprises:
Receive customer flow, identify mail flow through deep packet filtering detection technique.
Further, described described mail flow shunted and comprised:
Described mail flow is shunted by mirror image dividing technology.
Further, described mail flow after shunting analyzed and also comprised with safety filtering:
By being set, one or more restrictive conditions in blacklist, white list, linking number restriction and transmission frequency restriction mail flow after to described shunting carries out spam filtering and filtration.
On the other hand, the present invention also provides a kind of mail security management devices, comprising:
Security gateway, for receiving mail flow, shunts described mail flow; Also for receiving secure e-mail flow and sending.
One or more intelligent message flow management apparatus, for the mail flow after described security gateway shunting is analyzed and safety filtering, obtain secure e-mail flow, and are back to described security gateway.
Further, described security gateway also for:
Receive customer flow, identify mail flow through deep packet filtering detection technique.
Further, described security gateway also for:
Described mail flow is shunted by mirror image dividing technology.
Further,
Described security gateway is long-range connection of local loopback interface with described intelligent message flow management apparatus by FW interface.
Further, described intelligent message flow management apparatus also comprises:
Limiting unit, the mail flow for the one or more restrictive conditions by blacklist, white list, linking number restriction and transmission frequency restriction are set after to described shunting carries out spam filtering and filtration.
(3) beneficial effect
Visible, in the mail security management method providing in the embodiment of the present invention and device, adopt shunting re-injection technology based on application, the mail flow receiving can be carried out to shunt filtering, re-injection transmission again after pending, eliminate the bottleneck of security gateway, while having avoided DDOS to attack, easily caused security gateway operation slowly or the risk of collapse.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is security gateway schematic diagram of the prior art;
Fig. 2 is the mail security management method basic procedure schematic diagram of the embodiment of the present invention;
Fig. 3 is the mail security management devices structural representation of the embodiment of the present invention.
Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
First the embodiment of the present invention provides a kind of mail security management method, referring to Fig. 2, comprising:
Step 201: receive mail flow, described mail flow is shunted;
Step 202: the mail flow after shunting is analyzed and safety filtering, obtained secure e-mail flow;
Step 203: receive described secure e-mail flow and send.
Visible, in the mail security management method providing in the embodiment of the present invention, adopt shunting re-injection technology based on application, the mail flow receiving can be carried out to shunt filtering, re-injection transmission again after pending, eliminate the bottleneck of security gateway, while having avoided DDOS to attack, easily caused security gateway operation slowly or the risk of collapse.
In embodiments of the present invention, preferably, while receiving mail flow, can detect by deep packet filtering (Deep Packet Inspection, DPI) technology identifies mail flow, DPI technology is a kind of flow detection and control technology based on application layer, when IP packet, TCP or UDP message circulation are out-of-date, can carry out traffic identification and restructuring to the application layer message in OSI seven layer protocols by the content that deeply reads IP payload package, thereby obtain the content of whole application program, in the present embodiment, the customer flow that can identify and distinguish which process is mail flow.
In the time of shunting mail flow, preferably, can shunt according to mirror image dividing technology.
The mail flow after shunting is analyzed in the process with safety filtering, preferably, the filtering policy of mail flow can be set, for example can carry out rubbish identification and filtration to the mail flow after shunting by the spam filtering methods such as blacklist, white list, linking number restriction and transmission frequency restriction are set, interception suspicious data bag, the safe mail flow of letting pass, then the mail flow of safety after treatment can be received and send.
The present invention also provides a kind of mail security management devices, referring to Fig. 3, comprising:
Security gateway 3, for receiving mail flow, shunts described mail flow; Also for receiving secure e-mail flow and sending.
One or more intelligent message flow management apparatus 6, for the mail flow after described security gateway shunting is analyzed and safety filtering, obtain secure e-mail flow, and are back to described security gateway.
Preferably, security gateway 3 can also be used for: receive customer flow, identify mail flow through deep packet filtering detection technique.
Preferably, security gateway 3 can also be used for: mail flow is shunted by mirror image dividing technology.
Preferably, security gateway 3 can be by local loopback (loopback) the interface virtual link of FW interface and intelligent message flow management apparatus 6, FW interface and local loopback (loopback) interface is in same network, to ensure proper communication between the two.
Preferably, intelligent message flow management apparatus 6 can also comprise: limiting unit, and for the mail flow after shunting being carried out to spam filtering and filtration by one or more restrictive conditions that blacklist, white list, linking number restriction and transmission frequency restriction are set.
Visible, the embodiment of the present invention at least has following beneficial effect:
In the mail security management method providing in the embodiment of the present invention and device, adopt shunting re-injection technology based on application, the mail flow receiving can be carried out to shunt filtering, re-injection transmission again after pending, eliminate the bottleneck of security gateway, while having avoided DDOS to attack, easily caused security gateway operation slowly or the risk of collapse.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these amendments or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (9)
1. a mail security management method, is characterized in that, comprising:
Receive mail flow, described mail flow is shunted;
Mail flow after shunting is analyzed and safety filtering, obtained secure e-mail flow;
Receive described secure e-mail flow and send.
2. mail security management method according to claim 1, is characterized in that, described reception mail flow also comprises:
Receive customer flow, identify mail flow through deep packet filtering detection technique.
3. mail security management method according to claim 1, is characterized in that, described described mail flow is shunted and comprised:
Described mail flow is shunted by mirror image dividing technology.
4. according to the mail security management method described in any one in claims 1 to 3, it is characterized in that, described mail flow after shunting is analyzed and also comprised with safety filtering:
By being set, one or more restrictive conditions in blacklist, white list, linking number restriction and transmission frequency restriction mail flow after to described shunting carries out spam filtering and filtration.
5. a mail security management devices, is characterized in that, comprising:
Security gateway, for receiving mail flow, shunts described mail flow; Also for receiving secure e-mail flow and sending.
One or more intelligent message flow management apparatus, for the mail flow after described security gateway shunting is analyzed and safety filtering, obtain secure e-mail flow, and are back to described security gateway.
6. mail security management devices according to claim 5, is characterized in that, described security gateway also for:
Receive customer flow, identify mail flow through deep packet filtering detection technique.
7. mail security management devices according to claim 5, is characterized in that, described security gateway also for:
Described mail flow is shunted by mirror image dividing technology.
8. mail security management devices according to claim 5, is characterized in that:
Described security gateway is long-range connection of local loopback interface with described intelligent message flow management apparatus by FW interface.
9. according to the mail security management devices described in any one in claim 5 to 8, it is characterized in that, described intelligent message flow management apparatus also comprises:
Limiting unit, the mail flow for the one or more restrictive conditions by blacklist, white list, linking number restriction and transmission frequency restriction are set after to described shunting carries out spam filtering and filtration.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410238449.1A CN104038409A (en) | 2014-05-30 | 2014-05-30 | Method and device for email security management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410238449.1A CN104038409A (en) | 2014-05-30 | 2014-05-30 | Method and device for email security management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104038409A true CN104038409A (en) | 2014-09-10 |
Family
ID=51469003
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410238449.1A Pending CN104038409A (en) | 2014-05-30 | 2014-05-30 | Method and device for email security management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104038409A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209745A (en) * | 2015-05-07 | 2016-12-07 | 阿里巴巴集团控股有限公司 | The shunt method of a kind of flow and equipment |
| CN108712324A (en) * | 2018-05-22 | 2018-10-26 | 中国联合网络通信集团有限公司 | The method and apparatus for handling mail |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7124438B2 (en) * | 2002-03-08 | 2006-10-17 | Ciphertrust, Inc. | Systems and methods for anomaly detection in patterns of monitored communications |
| CN101018156A (en) * | 2007-02-16 | 2007-08-15 | 华为技术有限公司 | Method, device and system for preventing the broadband rejection service attack |
| CN101123589A (en) * | 2006-08-10 | 2008-02-13 | 华为技术有限公司 | A method and device for preventing from spam |
| CN101505219A (en) * | 2009-03-18 | 2009-08-12 | 杭州华三通信技术有限公司 | Method and protecting apparatus for defending denial of service attack |
| CN103746996A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | Packet filtering method for firewall |
-
2014
- 2014-05-30 CN CN201410238449.1A patent/CN104038409A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7124438B2 (en) * | 2002-03-08 | 2006-10-17 | Ciphertrust, Inc. | Systems and methods for anomaly detection in patterns of monitored communications |
| CN101123589A (en) * | 2006-08-10 | 2008-02-13 | 华为技术有限公司 | A method and device for preventing from spam |
| CN101018156A (en) * | 2007-02-16 | 2007-08-15 | 华为技术有限公司 | Method, device and system for preventing the broadband rejection service attack |
| CN101505219A (en) * | 2009-03-18 | 2009-08-12 | 杭州华三通信技术有限公司 | Method and protecting apparatus for defending denial of service attack |
| CN103746996A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | Packet filtering method for firewall |
Non-Patent Citations (2)
| Title |
|---|
| 吴潇: "《基于流量牵引和History过滤的DRDoS防御技术研究》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王冠: "《电子邮件系统的安全过滤设计》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209745A (en) * | 2015-05-07 | 2016-12-07 | 阿里巴巴集团控股有限公司 | The shunt method of a kind of flow and equipment |
| CN106209745B (en) * | 2015-05-07 | 2019-09-03 | 阿里巴巴集团控股有限公司 | A kind of shunt method and equipment of flow |
| CN108712324A (en) * | 2018-05-22 | 2018-10-26 | 中国联合网络通信集团有限公司 | The method and apparatus for handling mail |
| CN108712324B (en) * | 2018-05-22 | 2021-05-18 | 中国联合网络通信集团有限公司 | Method and device for processing mail |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230126426A1 (en) | Protecting Networks from Cyber Attacks and Overloading | |
| US8904514B2 (en) | Implementing a host security service by delegating enforcement to a network device | |
| US8495200B2 (en) | Computerized system and method for handling network traffic | |
| US9917849B2 (en) | Security system for physical or virtual environments | |
| EP2213045B1 (en) | Security state aware firewall | |
| US9531673B2 (en) | High availability security device | |
| RU2641233C2 (en) | Method, device, and computer-readable storage medium for application-dependent filtering of file transfer protocol packets | |
| US11552929B2 (en) | Cooperative adaptive network security protection | |
| EP2461524A1 (en) | Network proxy implementation method and apparatus | |
| US11329959B2 (en) | Virtual routing and forwarding (VRF)-aware socket | |
| WO2016177131A1 (en) | Method, apparatus, and system for preventing dos attacks | |
| Priyadharshini et al. | Prevention of DDOS attacks using new cracking algorithm | |
| CN101141396B (en) | Packet processing method and network appliance | |
| CN104038409A (en) | Method and device for email security management | |
| CN106209784B (en) | A kind of data filtering method and device | |
| Kumar et al. | Security and Privacy Preservation for Data Communication Network | |
| CN114465744A (en) | Safety access method and network firewall system | |
| JP2006023934A (en) | Method and system for protecting against denial-of-service attack | |
| JP2006050361A (en) | Communication system including flow control function and network apparatus therefor | |
| EP3257285B1 (en) | Mitigating the impact from internet attacks in a ran using internet transport | |
| SOON et al. | NEXT GENERATION SD-WAN WITH IDPS | |
| CN105306384A (en) | Message processing method and device, and line card | |
| Zhang | Security Snort Early Warning Assessment Program of Hazardous Sources | |
| Pandey et al. | Recent Algorithm for Prevention of DDoS Attacks | |
| JP2007068208A (en) | Device, method and program for band control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140910 |