CN111818061A - Method, system, computer equipment and readable storage medium for preventing mail terminal from leakage - Google Patents
Method, system, computer equipment and readable storage medium for preventing mail terminal from leakage Download PDFInfo
- Publication number
- CN111818061A CN111818061A CN202010663240.5A CN202010663240A CN111818061A CN 111818061 A CN111818061 A CN 111818061A CN 202010663240 A CN202010663240 A CN 202010663240A CN 111818061 A CN111818061 A CN 111818061A
- Authority
- CN
- China
- Prior art keywords
- data
- analyzed data
- sender
- intercepting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000007405 data analysis Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 10
- 238000001914 filtration Methods 0.000 claims description 7
- 230000002265 prevention Effects 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a system, computer equipment and a readable storage medium for preventing a mail terminal from leaking, which relate to the technical field of electronic mails and comprise the following steps: intercepting and analyzing the transmitted and received data, and intercepting or releasing the mail according to the analyzed data. The method provided by the invention can be adapted to different mail terminal application programs.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of e-mails, in particular to a method and a system for preventing a mail terminal from leaking, computer equipment and a readable storage medium.
[ background of the invention ]
The leakage prevention of the mail terminal is a function for data security, and confidential information is prevented from being leaked by means of mails.
The method of blacklisting the mail terminal application is usually adopted in the prior art to disable the mail terminal software or the controlled mail terminal application to acquire, analyze, warn/block the mail data. However, the mail terminal software is endless, and the black list is difficult to be exhausted, and meanwhile, the complex logic inside the mail terminal application program needs to be analyzed in a controlled manner, and different versions and internal structures may be different, and the adaptation needs to be analyzed again.
[ summary of the invention ]
In order to solve the foregoing problems, the present invention provides a method for preventing leakage of a mail terminal, which is adaptable to different mail terminal applications.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of preventing leakage of a mail terminal, comprising the steps of:
an interception step: intercepting transmitted and received data;
and (3) analyzing: analyzing the intercepted data, wherein the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments;
a judging step: and intercepting or releasing the mail according to the analyzed data.
Optionally, intercepting or releasing the email according to the parsed data includes:
if the mail sender belongs to the white list, the mail corresponding to the analyzed data is released;
if the sender does not belong to the white list, the mail content is checked, if the mail content has confidential information, a warning is sent to a local mail terminal, and meanwhile, the mail sending is blocked;
and if the mail content does not have the confidential information, the mail corresponding to the analyzed data is released.
Optionally, the intercepting step is implemented by a network filtering driver module, and the analyzing step and the determining step are implemented by a network data analysis service module.
Optionally, in the parsing step, the network filtering driver module intercepts the transmitted and received data at a network transport layer.
The method provided by the invention has the following beneficial effects:
in the monitoring method in the prior art, with the version of the mail terminal application program being updated continuously, if the internal logic of the mail terminal application program is changed, the controlled way of preventing the mail terminal application program from leaking needs to analyze the internal logic continuously and update the configuration simultaneously. The method provided by the invention only needs to pay attention to the mail port data without configuring a mail terminal application program blacklist, smtp/smtps is a general protocol, monitoring and intercepting can be carried out as long as the smtp/smtps mail terminal application program is used, complex logics in different mail terminal application programs do not need to be researched, and the situation that monitoring cannot be carried out due to the fact that some mail terminal programs cannot be injected does not exist.
In addition, the present invention also provides a system for preventing leakage of a mail terminal, comprising:
the network filtering driving module is used for intercepting the sent and received data;
the network data analysis service module comprises a ssl/tls analysis module of smtps data and is used for analyzing the intercepted data and intercepting or releasing the mail according to the analyzed data, wherein the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments;
or the mail terminal leakage-proof system comprises a mail gateway, the mail gateway is used for intercepting and analyzing the sent and received data, and the mail is intercepted or released according to the analyzed data, and the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments.
Optionally, if the sender of the mail belongs to the white list, the network data analysis service module passes the mail corresponding to the analyzed data, if the sender does not belong to the white list, the network data analysis service module checks the content of the mail, and if the content of the mail has confidential information, the network data analysis service module sends a warning to the local mail terminal and simultaneously blocks the sending of the mail; if the mail content does not have confidential information, the network data analysis service module passes the mail corresponding to the analyzed data;
or, if the mail sender belongs to the white list, the mail gateway passes the mail corresponding to the analyzed data, if the sender does not belong to the white list, the mail gateway checks the mail content, and if the mail content has confidential information, the mail gateway records the analyzed data and the mail corresponding to the analyzed data; and if the mail content does not have confidential information, the mail gateway passes the mail corresponding to the analyzed data.
The beneficial effect of the mail terminal leakage prevention system provided by the invention is similar to the beneficial effect reasoning process of the mail terminal leakage prevention method, and the description is omitted here.
Meanwhile, the invention also provides computer equipment which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the method of any one of the above items when executing the computer program.
Meanwhile, the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the method of any one of the above.
These features and advantages of the present invention will be disclosed in more detail in the following detailed description and the accompanying drawings. The best mode or means of the present invention will be described in detail with reference to the accompanying drawings, but the present invention is not limited thereto. In addition, the features, elements and components appearing in each of the following and in the drawings are plural and different symbols or numerals are labeled for convenience of representation, but all represent components of the same or similar construction or function.
[ description of the drawings ]
The invention will be further described with reference to the accompanying drawings in which:
fig. 1 is a flowchart of a first embodiment of the present invention.
[ detailed description ] embodiments
The technical solutions of the embodiments of the present invention are explained and illustrated below with reference to the drawings of the embodiments of the present invention, but the following embodiments are only preferred embodiments of the present invention, and not all embodiments. Based on the embodiments in the implementation, other embodiments obtained by those skilled in the art without any creative effort belong to the protection scope of the present invention.
Reference in the specification to "one embodiment" or "an example" means that a particular feature, structure or characteristic described in connection with the embodiment itself may be included in at least one embodiment of the patent disclosure. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment.
The first embodiment is as follows:
as shown in fig. 1, the present embodiment provides a method for preventing leakage of a mail terminal, comprising the steps of:
an interception step: the network filtering driving module intercepts data sent and received by a local mail terminal at a network protocol layer;
and (3) analyzing: the network data analysis service module analyzes the intercepted data, and the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments;
a judging step: the network data analysis service module intercepts or releases the mail according to the analyzed data, and specifically, the method comprises the following steps:
if the mail sender belongs to the white list, the mail corresponding to the analyzed data is released;
if the sender does not belong to the white list, the mail content is checked, if the mail content has confidential information, a warning is sent to a local mail terminal, and meanwhile, the mail sending is blocked;
and if the mail content does not have the confidential information, the mail corresponding to the analyzed data is released.
The method provided by the embodiment does not need to configure a blacklist of the mail terminal application program, only needs to pay attention to the mail port data, smtp/smtps is a general protocol, monitoring and intercepting can be performed as long as the smtp/smtps mail terminal application program is used, complex logics in different mail terminal application programs do not need to be researched, and the situation that monitoring cannot be performed due to the fact that some mail terminal programs cannot be injected does not exist.
Example two
The present embodiment provides a system for preventing leakage of a mail terminal, which is used to implement the method for preventing leakage of a mail terminal in the first embodiment, and the system for preventing leakage of a mail terminal provided in the present embodiment includes:
the network filtering driving module is used for intercepting the sent and received data at a network protocol layer;
the network data analysis service module comprises a ssl/tls analysis module of smtps data and is used for analyzing the intercepted data and intercepting or releasing the mail according to the analyzed data, wherein the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments; if the mail sender belongs to the white list, the network data analysis service module passes the mail corresponding to the analyzed data, if the mail sender does not belong to the white list, the network data analysis service module checks the mail content, and if the mail content has confidential information, the network data analysis service module sends a warning to a local mail terminal and simultaneously blocks the mail from being sent; if the mail content does not have confidential information, the network data analysis service module passes the mail corresponding to the analyzed data.
EXAMPLE III
The present embodiment provides a computer device comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the method of any of the embodiments as described above when executing the computer program. It will be understood by those skilled in the art that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program instructing associated hardware. Accordingly, the computer program can be stored in a non-volatile computer readable storage medium, and when executed, can implement the method according to any one of the above embodiments. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and bus dynamic RAM (RDRAM).
While the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Any modification which does not depart from the functional and structural principles of the present invention is intended to be included within the scope of the claims.
Claims (8)
1. A method for preventing leakage of a mail terminal, comprising the steps of:
an interception step: intercepting transmitted and received data;
and (3) analyzing: analyzing the intercepted data, wherein the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments;
a judging step: and intercepting or releasing the mail according to the analyzed data.
2. A method for preventing leakage of a mail terminal according to claim 1, wherein intercepting or releasing the mail according to the analyzed data comprises:
if the mail sender belongs to the white list, the mail corresponding to the analyzed data is released;
if the sender does not belong to the white list, the mail content is checked, if the mail content has confidential information, a warning is sent to a local mail terminal, and meanwhile, the mail sending is blocked;
and if the mail content does not have the confidential information, the mail corresponding to the analyzed data is released.
3. A leakage prevention method for a mail terminal according to claim 1 or 2, wherein said intercepting step is implemented by a network filtering driver module, and said analyzing step and said deciding step are implemented by a network data analysis service module.
4. A leakage prevention method for a mail terminal according to claim 3, wherein in said parsing step, the network filter driver module intercepts transmitted and received data at a network transport layer.
5. A mail terminal leakage prevention system, comprising:
the network filtering driving module is used for intercepting the sent and received data;
the network data analysis service module comprises a ssl/tls analysis module of smtps data and is used for analyzing the intercepted data and intercepting or releasing the mail according to the analyzed data, wherein the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments;
or the mail terminal leakage-proof system comprises a mail gateway, the mail gateway is used for intercepting and analyzing the sent and received data, and the mail is intercepted or released according to the analyzed data, and the analyzed data comprises a mail sender, a mail receiver, mail contents and mail attachments.
6. A leakage prevention system for a mail terminal, according to claim 5, characterized in that said network data analysis service module passes through the mail corresponding to the analyzed data if the sender of the mail belongs to the white list, said network data analysis service module checks the content of the mail if the sender does not belong to the white list, and said network data analysis service module gives a warning to the local mail terminal if the content of the mail has confidential information, and simultaneously blocks the sending of the mail; if the mail content does not have confidential information, the network data analysis service module passes the mail corresponding to the analyzed data;
or, if the mail sender belongs to the white list, the mail gateway passes the mail corresponding to the analyzed data, if the sender does not belong to the white list, the mail gateway checks the mail content, and if the mail content has confidential information, the mail gateway records the analyzed data and the mail corresponding to the analyzed data; and if the mail content does not have confidential information, the mail gateway passes the mail corresponding to the analyzed data.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the method of any one of claims 1 to 4 when executing the computer program.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 4.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2020102589497 | 2020-04-03 | ||
| CN202010258949 | 2020-04-03 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111818061A true CN111818061A (en) | 2020-10-23 |
Family
ID=72843486
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010663240.5A Pending CN111818061A (en) | 2020-04-03 | 2020-07-10 | Method, system, computer equipment and readable storage medium for preventing mail terminal from leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111818061A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1707492A (en) * | 2004-06-05 | 2005-12-14 | 腾讯科技(深圳)有限公司 | Method for against refuse E-mail |
| CN103873348A (en) * | 2014-02-14 | 2014-06-18 | 新浪网技术(中国)有限公司 | E-mail filter method and system |
| CN104361097A (en) * | 2014-11-21 | 2015-02-18 | 国家电网公司 | Real-time detection method for electric power sensitive mail based on multimode matching |
| US20180198796A1 (en) * | 2013-08-14 | 2018-07-12 | Daniel Chien | Evaluating a questionable network communication |
| CN109523241A (en) * | 2018-12-13 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A kind of E-mail communication method for limiting and system |
-
2020
- 2020-07-10 CN CN202010663240.5A patent/CN111818061A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1707492A (en) * | 2004-06-05 | 2005-12-14 | 腾讯科技(深圳)有限公司 | Method for against refuse E-mail |
| US20180198796A1 (en) * | 2013-08-14 | 2018-07-12 | Daniel Chien | Evaluating a questionable network communication |
| CN103873348A (en) * | 2014-02-14 | 2014-06-18 | 新浪网技术(中国)有限公司 | E-mail filter method and system |
| CN104361097A (en) * | 2014-11-21 | 2015-02-18 | 国家电网公司 | Real-time detection method for electric power sensitive mail based on multimode matching |
| CN109523241A (en) * | 2018-12-13 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A kind of E-mail communication method for limiting and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11012451B2 (en) | Centralized controller management and anomaly detection | |
| US9306974B1 (en) | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits | |
| US10382460B2 (en) | Reporting and processing controller security information | |
| US8914882B2 (en) | Intrusion prevention system (IPS) mode for a malware detection system | |
| US7266845B2 (en) | Maintaining virus detection software | |
| US7716727B2 (en) | Network security device and method for protecting a computing device in a networked environment | |
| CN107634959B (en) | Protection method, device and system based on automobile | |
| US20150271138A1 (en) | Mobile Telephone Firewall and Compliance Enforcement System and Methods | |
| EP1749382A1 (en) | Filtering messages comprising spam and/or viruses in a wireless communication | |
| CN115174269B (en) | Linux host network communication security protection method and device | |
| CN110084038B (en) | Preventing third party JavaScript vulnerabilities | |
| CN104683313A (en) | Multimedia business processing device, multimedia business processing method and multimedia business processing system | |
| CN111818061A (en) | Method, system, computer equipment and readable storage medium for preventing mail terminal from leakage | |
| CN106325993A (en) | Freezing method of application program and terminal | |
| CN109831521B (en) | Cache instance management method and device, computer equipment and storage medium | |
| CN104461522A (en) | Auxiliary service implementation method based on scripts | |
| WO2024109270A1 (en) | Short message processing method and apparatus, device, and readable storage medium | |
| CN115510427B (en) | Cross-platform process running credible monitoring method and system | |
| CN114826790B (en) | Block chain monitoring method, device, equipment and storage medium | |
| CN115225394A (en) | Message interception method and system based on domain name | |
| CN114095210A (en) | Method, system and storage medium for defending external connection based on security gateway | |
| CN111431885A (en) | Method and system for switching network service channel through short message | |
| US11632376B2 (en) | Network resource access system and method, user portal and resource portal | |
| US7814540B1 (en) | Systems and methods for implementing source transparent email gateways | |
| CN113489770B (en) | Inter-container communication method, electronic device, and computer-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201023 |