JP2002091917A - Network security system and connection managing method utilizing the same - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a simple and effective network security system which improves security against illegal intrusion conducted by 'pretense to be someone else' and which can immediately detect the illegal intrusion in the case that the illegal intrusion has been made. SOLUTION: A user authenticating part 2 performs user authentication and a user notifying part 3 also notifies a user of it that access is made, when the access is made to an access requesting part 1.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a network security system and a connection management method using the same, and more particularly, to a network security system for executing protection against an intruder from the outside by using user authentication and a connection using the same. Regarding management methods.

[0002]

2. Description of the Related Art User authentication is a basic defense against unauthorized intrusion into a computer via a network. As basic user authentication, there is a type that requires a user ID and a password at the time of access. That is, the user is required to input a user ID and a password at the time of user access, and only a pre-registered user is permitted access, and if not, access is rejected.

[0003] In a dial-up connection in which a network is directly connected from the outside via a public telephone network, a remote access server (RAS) performs user authentication at the time of a connection request.

When a network is connected to another network (for example, the Internet), a firewall is provided at an interconnection point of the network in order to prevent unauthorized access from an external network to a computer (server or the like) of the internal network. Have been.

In general, a firewall protects an internal network by allowing access from the internal network to the external network but denying access from the external to the internal in the opposite direction. However, with the widespread use of the Internet and portable computers, there is a growing need for users of the internal network to access computers on the internal network from the external network when going out. In some cases, a function of passing a user or a predetermined user through a firewall may be provided. In this case, user authentication is also performed in the firewall.

[0006] Now, a network security system based on user authentication is designed to prevent "spoofing" in which a third party impersonates a legitimate user using a correct user ID and password obtained or guessed by some means to intrude. Is helpless.

Therefore, conventionally, (1) a user is requested to use a password consisting of a meaningless and random character string, so that it is difficult for a third party to guess. (2) Encrypt the communication path so that the password is not sniffed on the network. (3) The password is changed every moment using a disposable one-time password system. Security against the leakage of passwords such as passwords has been strengthened. However, even with these methods, human leakage is inevitable.

By the way, in a network security system such as a firewall, access log information is recorded so that an administrator can detect an unauthorized intrusion later by analyzing the log. However, in this method, when the network scale becomes large, the analysis takes a long time, and it is difficult to detect “spoofing”.

Further, when the system finds a sign of an unauthorized intrusion or the like, the system automatically performs protective measures such as disconnecting a session or stopping a service, and also displays a screen, a pager ( An intrusion detection system that issues an alarm through a registered trademark has been put to practical use. As a very simple example, there is a system in which if a password is incorrectly entered more than a preset number of times, it is assumed that an intrusion has been attempted and access thereafter is rejected. However, even in this case, it is not possible to detect an intrusion by "spoofing" unless the intruder behaves suspiciously inside the network after the intrusion.

On the other hand, enhancement of security has a trade-off relationship with user convenience, and it is desirable that security is enhanced simply and effectively. Furthermore, the required security level is determined by the trade-off between the cost of defense and the loss in case of a breach, and usually depends on the computer and network.

[0011]

As described above, in the conventional network security system, when a user ID and a password are leaked for some reason,
Although there is a possibility that an unauthorized intrusion may be performed by "spoofing", if the data or the system is not destroyed merely by intrusion, the unauthorized intrusion may not be noticed or may be delayed. For this reason, there has been a problem that there is a risk that information in the network will be leaked in large amounts due to continuous intrusion, and that another network may be illegally invaded through the network. .

Accordingly, the present invention enhances security against unauthorized intrusion due to "spoofing" and, if an unauthorized intrusion occurs, can detect the fact immediately and provides a simple and effective network security system and the use thereof. The purpose of the present invention is to provide a connection management method.

[0013]

In order to achieve the above-mentioned object, a first aspect of the present invention is a user authentication unit for authenticating a user who attempts to access a network from outside, and an authentication by the user authentication unit. A network security system comprising: an access control unit that controls external access based on a result. When authentication is performed by the user authentication unit, a user authenticated to the network is sent to the network. A user notifying unit for notifying that the user has been accessed.

Further, the invention of claim 2 is characterized in that, in the invention of claim 1, the apparatus further comprises user response means for receiving a response from the user to the notification by the user notification means.

According to a third aspect of the present invention, in the second aspect of the invention, the access control means permits the corresponding access after the user response means receives a response from the user. .

According to a fourth aspect of the present invention, in the first aspect of the present invention, the user notification means performs the notification by a predetermined notification method.

According to a fifth aspect of the present invention, in the first aspect of the present invention, the user notification means is provided in a firewall which is a connection point between the network and another network.

According to a sixth aspect of the present invention, in the first aspect of the invention, the user notifying means is provided in a remote access server which is a connection point of the network by a telephone line.

Further, the invention of claim 7 uses a network security system which provides a service using a computer in a network, performs user authentication when accessing the computer, and manages connection for each user. In the connection management method, when an access is made to the computer, a notification of confirmation of the access is sent to a corresponding user based on a result of the user authentication.

According to an eighth aspect of the present invention, in the seventh aspect of the invention, the service is provided after the user responds to the notification of the confirmation.

The invention of claim 9 is characterized in that, in the invention of claim 7, the notification of the confirmation includes a countermeasure in a case where the access to the computer is an unauthorized access.

In a tenth aspect of the present invention, in the seventh aspect of the present invention, the notification of the confirmation is a voice message using a telephone line.

The invention of claim 11 is characterized in that, in the invention of claim 7, the notification of the confirmation is a text message using a telephone line.

According to a twelfth aspect of the present invention, in the seventh aspect of the present invention, the notification of the confirmation is performed by e-mail using the Internet.

[0025]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of a network security system and a connection management method using the same according to the present invention will be described below in detail with reference to the accompanying drawings. If there is an unauthorized intrusion into the network by "spoofing", there is a legitimate user corresponding to the user ID or the like in the organization. Therefore, it is possible to inquire of the user whether the user is really accessing. That is, when an access request from a user is received via a network, the user is notified of the request, whereby an unauthorized intrusion can be detected in real time.

For example, as shown in FIG. 1, when an access request is made to the access control unit 1, the access control unit 1
Requests the user authentication unit 2 to authenticate the user.
When the user authentication unit 2 authenticates the user, the access control unit 1 responds to the access request based on the result. At this time, the user authentication unit 2 requests the user notification unit 3 to notify the user of the access. In response to this request, the user notification unit 3 notifies the user of the access.

In addition to this configuration, by processing the access request in accordance with the presence or absence of a response to the access notification from the user and the content of the response, unauthorized intrusion can be prevented.

For example, as shown in FIG. 2, a user response unit 4 is added to the access control unit 1, the user authentication unit 2, and the user notification unit 3, and the user response to the access notification by the user notification unit 3 is transmitted to the user response unit 4. And the access control unit 1 responds to the access request based on the result.

A specific embodiment will be described below.

[0030]

FIG. 3 is a block diagram showing a configuration of a network to which the present invention is applied.

As shown in FIG. 1, an internal network 10 to which the present invention is applied includes a firewall 11 serving as a connection point with the Internet 20, a RAS (remote access server) 12, an e-mail server 13, and a computer 14.
(14-1 to 14-4) are connected. Also,
The Internet 20 has an e-mail gateway 21
And the computer 22 (22-1, 22-2) and the like. A computer 31 may be connected to a public telephone network 30 (including a mobile telephone network and a pager network) connected to the RAS 12 or the like.

The firewall 11 is not necessary when the connection with the Internet 20 is not performed.
S12 is not necessary when access via the public telephone network 30 is not accepted.

When the present invention is applied to the internal network 30, the configuration shown in FIG. 1 is provided in the firewall 11 and the RAS 12. Hereinafter, a configuration in a case where the present invention is applied to the firewall 11 will be described.

FIG. 4 is a block diagram showing the configuration of the firewall 11. The firewall 11 includes an access control unit 111, a user authentication unit 112, and a user notification unit 1.
13. It comprises a user information storage unit 115.

The access control unit 111 inputs predetermined authentication information such as an authentication user ID and an authentication password in response to an access request via the Internet 20, for example, an access request from the computer 22-1. Asked,
The authentication information input in response to this is transmitted to the user authentication unit 112.
To make an authentication request.

The user authentication unit 112 performs user authentication in response to the authentication request. At this time, the user authentication unit 112 acquires necessary user information for authentication from the user information storage unit 115. When the user is authenticated, the authentication result is transmitted to the access control unit 11.
2 and sends the authenticated user ID to the user notification unit 113 to make a notification request.

The user notifying section 113 includes a user authentication section 11
2, a notification method corresponding to the user ID is acquired from the user information storage unit 115 based on the notification request received from the user information storage unit 115. Corresponding user).

The user information storage unit 115 stores user information for authentication and a notification method. For example, as shown in FIG. 5, for each user (ID), authentication user information such as an authentication user ID and an authentication password, a notification method such as a medium type for notification and an address of a notification destination, and a notification to each resource. The information such as the presence or absence of the access right is stored.

Next, a method of notifying the user of an access notification by the user notifying unit 113 will be described. The notification method of the access notification may be any method as long as the notification to the user can be performed. For example, as shown in FIG. 6, e-mail, instant messaging, pager, mobile phone mail, mobile phone, telephone, etc. There is a method using a medium.

When an access notification is made by using an electronic mail, the notification destination address is a mail address. Then, the access notification is sent as character information to a computer (for example, 22-1) used by the user via an e-mail server (not shown) connected to the Internet 20. If the e-mail address is for a mobile phone capable of sending and receiving e-mail, the access notification is sent to the mobile phone owned by the user via the e-mail gateway 21.

When an access notification is performed using instant messaging, the notification destination address is a computer address, for example, an IP address. And
The access notification is sent via the Internet 20 directly to a computer (for example, 22-1) used by the user as character information, and is displayed on a display of the computer by a pop-up or the like.

When an access notification is performed using a pager, the notification destination address is a pager number.
The access notification is delivered as character information to the pager owned by the user via the public telephone network 30 and the pager network.

When an access notification is made using a mobile phone mail, the notification destination address is a mobile phone mail address (in some cases, a mobile phone number). The access notification is sent from the public telephone network 30 to a mobile phone used by the user via a mail center (not shown) (operated by a mobile phone operator) as text information.

When an access notification is made using a mobile phone, the notification destination address is a mobile phone number.
Then, the access notification is delivered as voice information to the mobile phone used by the user via the public telephone network 30 and the mobile phone network.

When making an access notification using a telephone, the notification destination address is a telephone number. And
The access notification is delivered as voice information to a telephone used by the user via the public telephone network 30.

Next, the flow from the reception of an access request to the notification of access to a user will be described with reference to FIG. FIG. 7 is a diagram showing a flow from receiving an access request to notifying an access to a user.

First, when the access control unit 111 receives an access request (step 201), it issues an authentication request including an authentication user ID and an authentication password included in the access request (step 202), and authenticates the user. It is passed to the unit 112 (step 203).

Upon receiving the authentication request, the user authentication section 112
The authentication user information that matches the passed authentication user ID is acquired from the user information storage unit 115 (step 20).
4). The acquired authentication user information includes a user ID, an authentication user ID, an authentication password, and an access right. Based on these information, the user authentication unit 112
Makes an authentication decision (step 205). In the certification decision,
If the authentication password passed from the access control unit 111 matches the password acquired from the user information storage unit 115 and the user has access to the corresponding authentication user ID, the result is affirmative, and the passwords match. However, if there is no access right or the passwords do not match, or if the authentication ID is not registered, it is denied, and this is notified to the access control unit 111 as an authentication result (steps 206 and 207).

Access control section 111 having received the authentication result
Performs an access process that permits access when the authentication result is positive and denies access when the authentication result is negative (step 208).

If the authentication result is affirmative, the user authentication section 112 issues a notification request including the user ID to the user notification section 113 (steps 209 and 21).
0). Upon receiving the notification request, the user notification unit 113 acquires a notification method including the medium type and the notification destination address from the user information storage unit 115 based on the user ID included in the notification request (Step 211). Then, an access notification is performed to the user according to the obtained notification method (step 212). This access notification includes the notification time. The notification time serves as information for determining whether or not there is a fraud when the user cannot immediately confirm the access notification.

In the above description, the access control unit 111, the user authentication unit 112, the user notification unit 11
3. The configuration in which the user information storage unit 115 is provided in the firewall 11 has been described.
May be provided, and in this case, the same operation can be performed. However, access to the RAS 12 is performed via the public telephone network 30.
1 (see FIG. 3) is to be controlled.

The access control unit 111 is provided in the firewall 11 and the RAS 12, the user authentication unit 112 and the user notification unit 113, and the user information storage unit 115 are provided in a computer (for example, 14-1) of the internal network 10. The user notification unit 113 and the user information storage unit 115 may be configured to be shared.

As described above, since the firewall 11 is connected to the public telephone network 30, the RAS
Twelve functions can be realized by the firewall 11, and the firewall 11 can control access from both the Internet 20 and the public network 30.

[0054]

Second Embodiment A second embodiment is an example in which the configuration shown in FIG. 2 is applied, and the network configuration is as shown in FIG. 3 as in the first embodiment. However, since the configuration of the RAS is different from that of the firewall to which the configuration shown in FIG. 2 is applied, the following description will be given by taking the firewall (reference numeral 11 ′) as an example.

FIG. 8 is a block diagram showing the configuration of the firewall 11 '. The firewall 11 'includes an access control unit 111', a user authentication unit 112 ', a user notification unit 113', a user response unit 114 ', and a user information storage unit 115'.

The access control unit 111 ′ requests access via the Internet 20, for example, the computer 22-1.
Requests for input of predetermined authentication information such as an authentication user ID and an authentication password in response to an access request from the user, and authenticates the input authentication information in response to the request.
12 'to request an authentication.

The user authentication section 112 'performs user authentication in response to the authentication request. At this time, the user authentication section 112' obtains necessary user information for authentication from the user information storage section 115 '. When the user is authenticated, the authentication result is returned to the access control unit 112 ', and the authenticated user ID is passed to the user notifying unit 113' to make a notification request.

The user notifying unit 113 ′
Based on the notification request received from 12 ′, a notification method corresponding to the user ID is obtained from the user information storage unit 115 ′,
According to the acquired notification method, the corresponding user (user corresponding to the user ID) is notified that the internal network 10 has been accessed. At the same time, notification information indicating that the access notification has been performed is passed to the user response unit 114 '.

The user response unit 114 ′ is
An access response, which is a user response to the access notification issued by 13 ', is received, and the result is passed to the access control unit 111' as a communication result. Then, the access control unit 111 ′ controls access based on the communication result.

The user information storage unit 115 'stores authentication user information and a notification method. For example, as shown in FIG. 9, for each user (ID), authentication user information such as an authentication user ID and an authentication password, a type of a medium for notification, an address of a notification destination, and waiting for a response from the user. A notification method such as a response waiting time, and information such as whether or not there is an access right to each resource are stored. In addition,
Since the medium type and the notification destination address of the notification method are the same as those in the first embodiment, the description is omitted.

Next, the flow from the reception of an access request to the notification of access to a user will be described with reference to FIGS. FIGS. 10 and 11 are diagrams showing the flow from the reception of an access request to the notification of access to a user.

First, when the access control unit 111 'receives an access request (step 301), it issues an authentication request including an authentication user ID and an authentication password included in the access request (step 302). The information is passed to the authentication unit 112 '(step 303).

User authentication section 112 ′ receiving the authentication request
Acquires from the user information storage unit 115 ′ authentication user information that matches the passed authentication user ID (step 304). The obtained authentication user information includes the user I
D, an authentication user ID, an authentication password, and an access right, and the user authentication unit 112 'makes an authentication determination based on these information (step 305). In the authentication determination, if the authentication password passed from the access control unit 111 ′ matches the password acquired from the user information storage unit 115 ′ and there is an access right to the corresponding authentication user ID, the judgment is affirmative. If there is no access right even if the password matches, or if the password does not match, or if the authentication ID has not been registered, the result is negative, and this is notified to the access control unit 111 ′ as the authentication result (step 306). , 307).

Access control section 111 ′ receiving the authentication result
Performs an access process for permitting access when the authentication result is positive and denying access when the authentication result is negative (step 308).

If the authentication result is affirmative, the user authentication section 112 'issues a notification request including the user ID to the user notification section 113' (steps 309 and 31).
0). The user notifying unit 113 'that has received the notification request acquires a notification method including the medium type, the notification destination address, and the response waiting time from the user information storage unit 115' based on the user ID included in the notification request (Step 311). ). Then, an access notification is performed to the user according to the obtained notification method (step 312). This access notification includes the notification time. In addition, the user notification unit 113 ′
The notification information including the user ID, the notification time, and the response waiting time is transmitted to the user response unit 114 ′ (Steps 313, 3
14).

The user response unit 114 'waits for an access response from the user during the response waiting time included in the notification information (step 315), and thereafter determines the communication result (step 316). In the communication result determination, an access response is received within the response waiting time, and the access response is affirmative if the access response is positive, and negative if the access response is other than affirmative or there is no access response within the response time. And Then, this notification result is transmitted to the access control unit 111 '(step 317).

The access control unit 111 'receiving the notification result
Allows access if the notification result is positive (continue)
Access is denied (disconnected) if the notification result is negative
An access process is performed (step 318).

In step 308, only the access process in step 318 is performed without performing the access process. That is, when the access response from the user is affirmative, the access may be permitted for the first time. it can.

In the configuration of the second embodiment, similarly to the first embodiment, the access control unit 111 ', the user authentication unit 112', the user notification unit 113 ', the user response unit 114', and the user information storage unit 115 ′ may be provided in the RAS 12 in addition to the firewall 11 ′. The function of the RAS 12 may be realized by the firewall 11 ′, and the firewall 11 ′ may control access from both the Internet 20 and the public network 30. Can also.

[0070]

Third Embodiment In a third embodiment, a case will be described in which the present invention is applied to a task of providing a service using a network such as the Internet.

The present invention is applied to a case where user authentication is required when a service is provided or the like, and a fee is charged from a relatively expensive transaction such as online banking or online trading. Includes those that involve relatively low-cost money transfers, such as browsing sites. Of course, the present invention can also be applied to a service that involves user authentication in connecting to a network itself, such as an Internet connection service.

One form of such a business is shown in FIG.
As shown in FIG. 7, in order to access (log in) to the information providing server 415 connected to the corporate network 410, the Internet 42 is used like the customer terminal 451.
0, via the firewall 411, or via the RAS 412, like the customer terminal 452.

In any case, in the first embodiment described above,
Using the security system described in the second embodiment or the second embodiment, an access notification is issued from the firewall 411 or the RAS 412 to the customer.

The contents of the access notification include, for example,
"This is the XX Bank online service. Mr. XX has started using the service at Y: Z." In addition, a method of coping with an untrusted access may be notified at the same time. For example, if the service is not actually used, the service center (至
Please contact △△-△△△△). And so on.
Such notification can be made by any of voice information and character information.

In the case of giving an access notification by voice information using a telephone or a mobile phone, "This is the XX Bank online service.
Has started using the service. Please press the number 1 if it is actually used, or the number 3 if it is not used. "Or the like.

Such access confirmation is performed by a mobile phone (packet communication type) which can be connected to the Internet.
Thus, the burden on the customer can be reduced.

Here, the operation by the customer will be described with reference to FIG. FIG. 13 is a flowchart showing a flow of operation of a terminal or the like by a customer using the system of FIG.

First, the customer performs user registration before using the service (step 501). Then, following the user registration, the notification method of the access notification is designated (step 502). The type of the notification method is as described in the first embodiment.

In the case of the system to which the invention of the first embodiment is applied, when the customer accesses (logs in) (step 511), the access notification is received thereafter. In this case, the service is used continuously because the service is authorized.

In the case of the system to which the invention of the second embodiment is applied, the customer accesses (logs in) (step 521) and receives the access notification (step 52).
If a confirmation response is issued in response to the access notification (YES in step 2) (step 523), the service can be used thereafter and the use of the service is started (step 5).
24).

In any of the first and second embodiments, when an unauthorized intrusion by “spoofing” is performed, the customer may suddenly receive an access notification. (YES in step 531), and inform the trader that the unauthorized use has been made (step 532), thereby preventing the damage of the unauthorized intrusion by "spoofing".

[0082]

As described above, according to the present invention, when an access is made to a network, a versatile device is used to notify the user of the access. With this configuration, if the user does not need to carry a special device, it can quickly detect the fact that an intrusion by impersonation has occurred,
Security against unauthorized entry can be increased.

Also, by limiting the notification destination address to that on the internal network or limiting the notification medium to that carried by the user such as a mobile phone, the notification to the intruder performing the impersonation is made. Can be prevented.

Further, if the user can immediately receive the access notification, it is possible to detect an unauthorized intrusion in a relatively short time and to perform a defense such as notifying the firewall administrator. Even when the user cannot immediately receive the access notification, if the access notification remains in the e-mail, voice memo, or the like, unauthorized intrusion can be discovered later, and some countermeasure can be taken.

Therefore, by applying the present invention to an online service, anxiety about the online service can be eliminated, and the economic efficiency can be improved.

[Brief description of the drawings]

FIG. 1 is a diagram (1) showing an outline of the present invention.

FIG. 2 is a diagram (2) showing an outline of the present invention.

FIG. 3 is a block diagram showing a configuration of a network to which the present invention is applied.

FIG. 4 is a block diagram showing a configuration of a firewall 11;

FIG. 5 is a diagram showing storage contents of a user information storage unit 115;

FIG. 6 is a diagram illustrating a notification method of an access notification.

FIG. 7 is a diagram showing a flow from reception of an access request to notification of access to a user.

FIG. 8 is a block diagram showing a configuration of a firewall 11 '.

FIG. 9 is a diagram showing storage contents of a user information storage unit 115 ′.

FIG. 10 is a diagram (1) illustrating a flow from reception of an access request to notification of access to a user.

FIG. 11 is a diagram (2) illustrating a flow from accepting an access request to notifying an access to a user.

FIG. 12 is a diagram showing an embodiment of a service providing business to which the present invention is applied.

13 is a flowchart showing a flow of operation of a terminal or the like by a customer using the system of FIG.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Access control part 2 User authentication part 3 User notification part 4 User response part 10 Internal network 11, 11 'Firewall 12 RAS 13 E-mail server 14-1, 14-2, 14-3, 14-4 Computer 20 Internet 21 Electronics Mail gateway 22-1, 22-2 Computer 30 Public telephone network 31 Computer 111, 111 'Access control unit 112, 112' User authentication unit 113, 113 'User notification unit 114' User response unit 115, 115 'User information storage unit 410 Corporate network 411 Firewall 412 RAS 415 Information providing server 420 Internet 451 Customer terminal 452 Customer terminal

Continued on the front page (72) Inventor Katsuya Mitsutake 430 Border, Nakai-cho, Ashigara-gun, Kanagawa Prefecture Green Tech Inside Fuji Xerox Co., Ltd. F-term (reference) 5B085 AE02 AE23 5B089 GA25 GB02 JA40 JB22 KA17 KB13 5J104 AA07 AA11 BA01 KA01 MA01 NA05 PA08

Claims (12)

[Claims] 1. A network comprising: user authentication means for authenticating a user who intends to access a network from outside; and access control means for controlling external access based on an authentication result by the user authentication means. In the security system, when authentication is performed by the user authentication unit, a user notification unit that notifies the authenticated user that the network has been accessed is provided. Network security system. 2. The network security system according to claim 1, further comprising a user response unit that receives a response from a user to the notification by the user notification unit. 3. The network security system according to claim 2, wherein said access control means permits the corresponding access after said user response means receives a response from a user. 4. The network security system according to claim 1, wherein said user notification means performs said notification by a notification method designated in advance. 5. The network security system according to claim 1, wherein said user notification means is provided in a firewall which is a connection point between said network and another network. 6. The network security system according to claim 1, wherein said user notification means is provided in a remote access server serving as a connection point of said network by a telephone line. 7. A connection management method using a network security system that provides a service using a computer in a network, performs user authentication when accessing the computer, and manages connections for each user. A connection management method using a network security system, wherein when there is an access to the user, a notification of confirmation of the access is sent to a corresponding user based on a result of the user authentication. 8. The connection management method using a network security system according to claim 7, wherein the service is provided after the user responds to the notification of the confirmation. 9. The connection management method using a network security system according to claim 7, wherein the notification of the confirmation includes a countermeasure when an access to the computer is an unauthorized access. 10. The connection management method using a network security system according to claim 7, wherein the notification of the confirmation is a voice message using a telephone line. 11. The connection management method using a network security system according to claim 7, wherein the notification of the confirmation is a text message using a telephone line. 12. The connection management method using a network security system according to claim 7, wherein the notification of the confirmation is performed by e-mail using the Internet.