JP2013246474A - Relay server and proxy access method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To appropriately limit access by quickly determining whether or not a vicious site is accessed.SOLUTION: A proxy server 10 retrieves whether or not an address for performing access to the Internet is included in electronic mail to a user terminal 30, and when the address is included in the electronic mail, extracts the address, and registers the address in a storage unit 13. When receiving an access request to the Internet 90 from the user terminal 30, the proxy server 10 retrieves whether or not the address stored in the storage unit 13 is included in the access request, and when the address is included, transfers the address to a secure proxy server 20, and makes the secure proxy server 20 execute the access using the address information. Then, the proxy server 10 receives a screen image obtained as a result of the execution of the access using the address from the secure proxy server 20, and transmits the screen image to the user terminal 30.

Description

  The present invention relates to a relay server and a proxy access method.

  Conventionally, in order to prevent access to a malicious site, a method of restricting access to a malicious site using a predefined access denial list on a network is known. There is also known a technique for preventing incoming of a malicious electronic mail or a computer virus from entering a user terminal by a mail filtering function or an anti-virus function on a network or a user terminal.

  Suspicious e-mail with seemingly correct features is designed to bypass the access denial list on the network, the anti-virus function and spam mail filtering function on the user terminal. For this reason, for such malicious emails, measures are taken to visually determine the email address of the email sender and the URL described in the email, and to prevent access to those determined to be malicious emails. Has also been done.

"IPA Technical Watch Report on Targeted Attack Email Analysis", [online], [Search May 18, 2012], Internet <http://www.ipa.go.jp/about/technicalwatch/pdf/111003report .pdf> “Access Control”, [online], [Search May 18, 2012], Internet <http://squid.robata.org/faq_10.html> “Targeted Attack [Japan IT Week Spring] Macnica exhibits zero-day attack detection device, and also works with proxies for defense”, [online], [Search May 18, 2012], Internet <http: // itpro. nikkeibp.co.jp/article/NEWS/20110513/360315/> "Emails MPS (entrance measures)", [online], [searched on May 18, 2012], Internet <http://www.macnica.net/fireeye/emailmps.html/>

  However, the conventional technology for preventing access to a malignant site has a problem that it cannot quickly determine whether the site is a malignant site and cannot restrict access appropriately. That is, in the access denial list, the anti-virus function, and the spam mail filtering function, it is necessary to collect addresses and files determined to be malignant in advance and create a definition file from the features. For this reason, it may take an enormous amount of time to create an access denial list or a malicious list for filtering malicious information, and it is possible to quickly determine whether the site is a malicious site and restrict access appropriately. could not.

  Suspicious e-mails with seemingly correct features can be used to send e-mails to user terminals using addresses that are not registered in the access denial list, spam e-mail filtering and anti-virus function definitions in order to bypass these functions. It is designed to send and download computer viruses and the like from malicious sites, and there are many cases that cannot be prevented by a predefined defense function in a network or user terminal. For this reason, it was impossible to quickly determine whether the site is a malignant site and to restrict access appropriately.

  In addition, in the method of visually identifying suspicious emails and access destinations, malicious emails are designed to confuse users by giving them seemingly correct characteristics, so users are guided to malicious sites with a certain probability. In some cases, an external site is automatically accessed in a location that is not confirmed by the user in the e-mail. For this reason, it is not possible to quickly determine whether the site is a malignant site by visual judgment alone, and it is not possible to restrict access appropriately.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and an object thereof is to quickly determine whether the site is a malignant site and appropriately limit access.

  In order to solve the above-described problems and achieve the object, the relay server searches whether the e-mail to the user terminal includes address information for accessing the Internet, and the e-mail contains the address information. If included, an extraction unit for extracting the address information, a registration unit for registering the address information extracted by the extraction unit in a storage unit, and an access request to the Internet from the user terminal If the address information stored in the storage unit is included in the access request, and the address information is included, the address information is transferred to an external device, and the address information is A transfer unit that causes the external device to execute the used access; and an image obtained as a result of executing the access using the address information from the external device. Receiving the image, characterized in that it comprises a transmitter which transmits the said screen image to the user terminal.

  Further, the proxy access method searches for an address information for accessing the Internet in an e-mail to the user terminal, and if the e-mail contains address information, the address is An extraction step of extracting information; a registration step of registering address information extracted by the extraction step in a storage unit; and when the access request to the Internet is received from the user terminal, the storage is included in the access request If the address information is included, the address information is transferred to the external device and the access using the address information is executed by the external device. Receiving the screen image obtained as a result of executing the transfer process and the access using the address information from the external device; Characterized in that it includes a transmission step of transmitting a face image to the user terminal.

  The relay server and the proxy access method disclosed in the present application have an effect that it is possible to quickly determine whether the site is a malignant site and appropriately limit access.

FIG. 1 is a diagram for explaining an example of the overall configuration of a communication system according to the first embodiment. FIG. 2 is a block diagram illustrating an example of the configuration of the proxy server according to the first embodiment. FIG. 3 is a diagram illustrating an example of an e-mail format. FIG. 4 is a diagram illustrating an example of an access transfer list. FIG. 5 is a diagram illustrating an example of a URL pattern description that should be restricted or permitted. FIG. 6 is a diagram illustrating an example of addresses that can be extracted from an electronic mail. FIG. 7 is a diagram illustrating an example of a place where an address can be extracted from an e-mail. FIG. 8 is a sequence diagram illustrating an example of a processing flow in the communication system according to the first embodiment. FIG. 9 is a sequence diagram showing an example of the flow of processing in a conventional communication system. FIG. 10 is a flowchart for explaining an example of the flow of extraction processing by the proxy server according to the first embodiment. FIG. 11 is a flowchart for explaining an example of the flow of registration processing by the proxy server according to the first embodiment. FIG. 12 is a flowchart for explaining an example of the flow of relay processing by the proxy server according to the first embodiment. FIG. 13 is a diagram illustrating a computer that executes a proxy access program.

  Hereinafter, embodiments of a relay server and a proxy access method according to the present application will be described in detail with reference to the drawings. The relay server and the proxy access method according to the present application are not limited by this embodiment.

[First embodiment]
In the following embodiment, the configuration of the communication system, the configuration of the proxy server, and the flow of processing according to the first embodiment will be described in order, and finally the effects of the first embodiment will be described.

[Configuration of Communication System According to First Embodiment]
First, a communication system 100 according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram for explaining an example of the overall configuration of a communication system 100 according to the first embodiment. In the communication system 100, the proxy server 10, the secure proxy server 20, the user terminal 30, and the mail server 40 are connected to the local area network 80, and the malicious mail transmission terminal 50 and the malicious Web server 60 exist on the Internet 90. A local area network 80 is connected to the Internet 90 via a firewall 70.

  The proxy server 10 is a server that relays Web access from the user terminal 30 to the Internet 90, and includes a communication processing unit 11, a control unit 12, and a storage unit 13. The detailed configuration and processing of the proxy server 10 will be described in detail later using FIG.

  The secure proxy server 20 substitutes the access of the user terminal 30 to the Internet 90, thereby separating the access to the Internet 90 from the user terminal 30 and realizing a safe access process of the user terminal 30. The secure proxy server 20 includes a communication processing unit 21, a VM (Virtual Machine) 22, a Web browser 23, and a VM control unit 24.

  The communication processing unit 21 controls communication processing performed with the proxy server 10. The VM 22 includes a web browser 23 that operates in conjunction with the web browser 32 in the user terminal 30. The VM control unit 24 controls generation and deletion of the VM 22.

  The user terminal 30 is a terminal capable of receiving electronic mail and accessing the Web, and includes a communication processing unit 31, a Web browser 32, and a mail receiving unit 33. The communication processing unit 31 controls communication processing performed with the proxy server 10. The web browser 32 is application software for browsing web pages. The mail receiving unit 33 receives mail transferred from the mail server 40.

  The mail server 40 is a server that transfers an electronic mail from the Internet 90 to the user terminal 30, and includes a communication processing unit 41 and a mail relay unit 42. The communication processing unit 41 controls communication processing performed with the user terminal 30. The mail relay unit 42 transfers an electronic mail from the Internet 90 to the user terminal 30 and transfers the electronic mail to the proxy server 10.

  The malicious mail transmitting terminal 50 is a terminal that transmits malicious mail. For example, the malicious mail transmitting terminal 50 transmits a targeted attack mail, which is a suspicious electronic mail having seemingly correct characteristics, to the user terminal 30. The malicious Web server 60 is a server that manages a malicious site that is guided by an electronic mail transmitted by the malicious mail transmission terminal 50.

[Configuration of proxy server according to the first embodiment]
Next, the configuration of the proxy server 10 shown in FIG. 1 will be described with reference to FIG. FIG. 2 is a block diagram showing a configuration of the proxy server according to the first embodiment. As shown in FIG. 2, the proxy server 10 includes a communication processing unit 11, a control unit 12, and a storage unit 13, and is connected to a local area network 80 (not shown). The processing of each of these units will be described below.

  The communication processing unit 11 controls communication related to various types of information exchanged with the connected secure proxy server 20, user terminal 30, and mail server 40. For example, the communication processing unit 11 receives an e-mail from the mail server 40, receives a web access request from the user terminal 30, and transmits an access destination URL to be accessed on behalf of the user terminal 30 to the secure proxy server 20. Then, the Web screen image is received from the secure proxy server 20, and the Web screen image is transmitted to the user terminal 30.

  Here, the configuration of the e-mail will be described with reference to the example of FIG. FIG. 3 is a diagram illustrating an example of an e-mail format. As illustrated in FIG. 3, one e-mail 301 is composed of one file, and is composed of an e-mail header portion 302, an e-mail body 303, and an attached file 304. The extraction unit 12b described later extracts the URL 305 by using a character pattern for the e-mail body and the attached file.

  The storage unit 13 stores data and programs necessary for various types of processing by the control unit 12, and particularly those closely related to the present invention include an access transfer list storage unit 13a, an access restriction URL pattern storage unit 13b, and an access. It has an allowable URL pattern storage unit 13c.

  The access transfer list storage unit 13 a stores address information that should be restricted from access among address information for accessing the Internet 90 included in the e-mail to the user terminal 30. For example, as illustrated in FIG. 4, the access transfer list storage unit 13 a includes the URL format of the URL or connection destination address extracted from the e-mail, the URL or connection destination extraction location extracted from the e-mail, and the access transfer. The registration date in the list is recorded. FIG. 4 is a diagram illustrating an example of an access transfer list.

  Specifically, the access transfer list storage unit 13a uses “http://www.aaa.bbb.co.jp/” as the URL extracted from the e-mail or the URL of the connection destination address. “ccc.php? page = ddd.html” is stored, “POINT = PDF” is stored as the extraction location, and “DATE = 2012/03/16” is stored as the registration date in the access transfer list. That is, in this example, the URL “http://www.aaa.bbb.co.jp/ccc.php?page=ddd.html” is extracted from the PDF data, and the above URL is added to “2012/03/16”. It means that it is registered in the access transfer list storage unit 13a.

  The access restriction URL pattern storage unit 13b stores in advance a URL pattern of an access destination to which access is not permitted. Such a URL pattern for which access control is to be performed is registered in advance by a system administrator, for example.

  The access-permitted URL pattern storage unit 13c stores in advance a URL pattern of an access destination that is permitted to be accessed. Such URL patterns that should be permitted to access are registered upon receiving a prior application from the user, for example.

  The access restriction URL pattern storage unit 13b and the access-permitted URL pattern storage unit 13c may store all descriptions of URLs that should be restricted or permitted to access, or may store a partial description of URLs. Also good.

  Here, an example of a description of a URL pattern that should be restricted or allowed to be accessed will be described with reference to FIG. FIG. 5 is a diagram illustrating an example of a URL pattern description that should be restricted or permitted. As shown in FIG. 5, in addition to the method of describing all URLs, it is also possible to allow matching of parts other than * by using *. The URL pattern that should allow access is described so that the number of matching URLs decreases, and the URL pattern that should restrict access is described so that the number of matching URLs increases, so that the malicious URL is unknown to the world. Even so, it is possible to prevent access.

  For example, referring to the example of FIG. 5, “http://www.aaa.bbb.co.jp” is an example in which all descriptions of URLs are stored. “Http: //*.aaa.bbb.co.jp” is an example in which a description of a part of the URL is stored. In this case, even if other than * of “http: //*.aaa.bbb.co.jp” matches, it is treated as a match.

  The control unit 12 has an internal memory for storing a program that defines various processing procedures and necessary data, and performs various processes using them, and particularly as closely related to the present invention, It has a relay unit 12a, an extraction unit 12b, a registration unit 12c, an erasure unit 12d, a transfer unit 12e, and a transmission unit 12f.

  When the secure proxy server 20 or the user terminal 30 accesses the Internet 90 from the Web browsers 23 and 32, the relay unit 12a performs a process of relaying the access.

  The extraction unit 12b searches for an address (for example, a URL or a connection destination address) for accessing the Internet 90 in the e-mail to the user terminal 30, and includes address information in the e-mail. If yes, the address information is extracted.

  Specifically, when the e-mail is received from the mail server 40, the extraction unit 12b determines whether the e-mail is received from the outside by the mail server 40. As a result, when the e-mail is received from the outside, the extraction unit 12b extracts the URL or the connection destination address referred to by the e-mail in the e-mail body, the attached file, and the script in the attached file. .

  Here, with reference to FIGS. 6 and 7, addresses that can be extracted from an e-mail and locations where addresses can be extracted from the e-mail will be described. FIG. 6 is a diagram illustrating an example of addresses that can be extracted from an electronic mail. FIG. 7 is a diagram illustrating an example of a place where an address can be extracted from an e-mail. As shown in FIG. 6, as an address that can be extracted from an e-mail, there is an address in a URL format or a connection destination coded as a script. In the example of FIG. 6, “http://www2.xxx.yyy.com/zzz.php?page=aaa.html” is described as an example of the URL format address. , “Www2.xxx.yyy.com” and “192.168.100.123” are described.

  In addition, as shown in FIG. 7, the addresses that can be extracted from the above-mentioned mail are the body of the email, the part described in the HTML of the email, the word file of the attached file, the Excel file of the attached file, the PDF file of the attached file From the script portion of the PDF file in the attached file.

  The registration unit 12 c registers the address extracted by the extraction unit 12 b in the access transfer list storage unit 13 a of the storage unit 13. Specifically, the registration unit 12c determines whether the extracted address matches the URL pattern (non-transfer target URL pattern) that should be allowed to be stored, which is stored in the access-permitted URL pattern storage unit 13c. As a result, if the extracted address does not match the URL pattern that is not to be transferred, the registration unit 12c includes the URL pattern (transfer target URL pattern) that should be restricted in access stored in the access restriction URL pattern storage unit 13b. Determine if they match. As a result, when the extracted address matches the transfer target URL pattern, the registration unit 12c registers the extracted address in the access transfer list storage unit 13a.

  The erasing unit 12d erases the address from the access transfer list storage unit 13a when a predetermined time has elapsed since the address information was stored in the access transfer list storage unit 13a of the storage unit 13.

  When the transfer unit 12e receives an access request to the Internet 90 from the user terminal 30, the transfer unit 12e searches whether the access request includes an address stored in the access transfer list storage unit 13a of the storage unit 13, If the address is included, the address is transferred to the secure proxy server 20, and the secure proxy server 20 is made to access using the address.

  The transmission unit 12 f receives a screen image obtained as a result of executing an access using an address from the secure proxy server 20, and transmits the screen image to the user terminal 30. The user terminal 30 that has received the screen image displays the screen image so that the user can view it. As a result, even if malicious software that is unknown to the world is installed in the connected Web server, the secure proxy server 20 acts as an access to the user terminal 30, so that the user terminal 30 is infected. Internet use can be realized without doing.

[Processing by Communication System According to First Embodiment]
Next, processing by the communication system 100 according to the first embodiment will be described with reference to FIG. FIG. 8 is a sequence diagram illustrating an example of a process flow in the communication system 100 according to the first embodiment.

  As shown in FIG. 8, in the communication system 100, the malicious mail transmission terminal 50 transmits a target-type attack mail, which is a suspicious electronic mail having seemingly correct characteristics, to the user terminal 30 (step S1). Then, when the mail relay unit 42 of the mail server 40 receives the targeted attack mail addressed to the user terminal 30, it transfers the received mail to the proxy server 10 (step S2).

  Subsequently, when receiving the electronic mail, the extraction unit 12b of the proxy server 10 extracts the URL included in the mail, analyzes the extracted URL, and reflects it in the access transfer list storage unit 13a (step S3). That is, when the proxy server 10 determines that access should be restricted from the characteristics of the URL, the proxy server 10 adds the URL to the access transfer list storage unit 13a. At the same time, the VM control unit 24 of the secure proxy server 20 activates the VM 22 and the Web browser 23 in the VM 22 in advance to prepare for access from the user.

  Further, the mail relay unit 42 of the mail server 40 transfers the electronic mail to the user terminal 30 (step S4). In the user terminal 30, the Web browser 32 in the user terminal 30 accesses a malicious website on the Internet 90 by accessing the URL in the received electronic mail or opening the attached file (step S5).

  Then, in the transfer unit 12e of the proxy server 10 that relays the Web access of the user terminal 30, if the access destination address matches the address stored in the access transfer list storage unit 13a, the address is sent to the secure proxy server 20. Is transferred (step S6).

  Then, the secure proxy server 20 relays the proxy server 10 to allow the VM 22 that has been activated in advance and the Web browser 23 in the VM to perform access from the user terminal 30 (step S7). Then, the secure proxy server 20 acquires a Web screen and downloads malware (step S8). Then, the secure proxy server 20 returns only the accessed Web screen image to the proxy server 10 (step S9). Here, although the secure proxy server 20 downloaded the malicious program, the malware stays in the VM 22 and separates it from the user terminal 30.

  Thereafter, when the transmission unit 12f of the proxy server 10 receives the image of the Web screen from the secure proxy server 20, the transmission unit 12f transmits the received image of the Web screen to the user terminal 30 (Step S10). Then, the VM control unit 24 of the secure proxy server 20 deletes the Web browser 23 together with the VM 22 when a predetermined time has elapsed after the end of the access (step S11). Thereby, the user terminal 30 can prevent infection by downloading a malicious program.

  Here, in order to compare the present application with the conventional processing, an example of the flow of processing in the conventional communication system will be described with reference to FIG. FIG. 9 is a sequence diagram showing an example of the flow of processing in a conventional communication system.

  As shown in FIG. 9, conventionally, a malicious mail transmission terminal transmits a targeted attack mail to a user terminal (step S21). When the mail server receives the targeted attack mail addressed to the user terminal, the mail server transfers the received mail to the user terminal (step S22).

  In the user terminal, the Web browser in the user terminal accesses a malicious Web site on the Internet by accessing the URL in the received e-mail or opening the attached file (step S23). As a result, the user terminal acquires the Web screen and downloads the malware via the proxy server (step S24). As a result, a targeted attack email, which is a suspicious email with seemingly correct features, is sent to the user terminal, and the user terminal is guided to a malicious website by opening the body of the email or an attached file. Is downloaded and infected (step S25).

  Thus, conventionally, a user terminal is guided to a malicious website by opening an email body or an attached file, and has been infected by downloading malware such as a computer virus. However, in the communication system 100 according to the first embodiment, URLs or connection destination addresses included in e-mails transmitted from outside the organization are extracted, and URLs for which access should be restricted are listed. Then, it is better to restrict access to the access transfer list storage unit 13a of the proxy server 10 in the organization before the user terminal 30 receives the e-mail and accesses the Web site described in the corresponding e-mail. When the access from the user terminal 30 to the URL occurs, the proxy server 10 transfers the URL to the secure proxy server 20, and the secure proxy server 20 uses a virtual terminal environment different from the user terminal 30. The proxy Web browser 32 is activated, the URL is accessed from the Web browser 32, and the access result is transferred to the user terminal 30 as a screen image. As a result, when a series of accesses from the user terminal 30 is completed, by deleting the proxy Web browser 23 and the VM 22, the user terminal 30 is infected even when malicious software is downloaded during the series of accesses. Without using the Internet.

[Processing by Proxy Server According to First Embodiment]
Next, processing performed by the proxy server 10 according to the first embodiment will be described with reference to FIGS. FIG. 10 is a flowchart for explaining an example of the flow of extraction processing by the proxy server according to the first embodiment. FIG. 11 is a flowchart for explaining an example of the flow of registration processing by the proxy server according to the first embodiment. FIG. 12 is a flowchart for explaining an example of the flow of relay processing by the proxy server according to the first embodiment.

  As shown in FIG. 10, when the relay unit 12b of the proxy server 10 receives an e-mail from the mail server 40 (step S101), it determines whether the mail server 40 is an e-mail received from the outside (step S102). As a result, if the mail server 40 is not an electronic mail received from the outside (No at Step S102), the process is terminated. On the other hand, when the e-mail is received from the outside (Yes at Step S102), the extraction unit 12b inspects the text and extracts a URL for accessing the Internet 90 (Step S103).

  Subsequently, the extracting unit 12b determines whether there is an attached file (step S104). If there is an attached file (Yes at step S104), the extracting unit 12b extracts the attached file (step S105) and inspects the inside of the attached file. The connection destination address in the URL or script is extracted (step S106), and the process proceeds to step S107. In step S104, if there is no attached file (No in step S104), the extraction unit 12b proceeds to step S107 as it is.

  Subsequently, the extraction unit 12b determines whether the URL or the connection address has been extracted (step S107). If the URL or the connection address has not been extracted (No at step S107), the process ends. On the other hand, when extracting the URL or the connection address (Yes at Step S107), the extraction unit 12b performs a registration process described later using FIG. 11 (Step S108) and ends the process.

  Next, the flow of registration processing by the proxy server 10 will be described with reference to FIG. As shown in FIG. 11, the registration unit 12c of the proxy server 10 matches the extracted address with the URL pattern (non-transfer target URL pattern) that should be allowed to be stored, which is stored in the access-permitted URL pattern storage unit 13c. (Step S201). As a result, when the extracted address matches the URL pattern that is not to be transferred (Yes at Step S201), the registration unit 12c terminates the process without registration because access is permitted.

  Further, when the extracted address does not match the URL pattern not to be transferred (No at Step S201), the registration unit 12c determines the URL pattern (transfer target to be transferred) stored in the access restriction URL pattern storage unit 13b. It is determined whether or not it matches (URL pattern) (step S202). As a result, if the extracted address does not match the transfer target URL pattern (No at Step S202), the access is not restricted, and the process ends without registering. If the extracted address matches the transfer target URL pattern (Yes at Step S202), the registration unit 12c registers the extracted address in the access transfer list storage unit 13a (Step S203).

  Next, the flow of relay processing by the proxy server 10 will be described with reference to FIG. As shown in FIG. 12, when the proxy server 10 receives the URL to be relayed from the user terminal 20 (step S301), the proxy server 10 determines whether or not the received URL is registered in the access transfer list storage unit 13a (step S302). ).

  As a result, when the received URL is not registered in the access transfer list storage unit 13a (No at Step S302), the proxy server 10 performs normal relay processing (Step S303). That is, the proxy server 10 relays access to the Internet 90 by the user terminal 30 using the received URL.

  In addition, when the received URL is registered in the access transfer list storage unit 13a (Yes in step S302), the proxy server 10 transfers the URL to the secure proxy server 20 and performs access using the URL as a secure proxy. Relay processing for causing the server 20 to execute is performed (step S303).

[Effects of First Embodiment]
As described above, the proxy server 10 searches whether an e-mail addressed to the user terminal 30 includes an address for accessing the Internet, and when an e-mail address is included, The address is extracted. Then, the proxy server 10 registers the extracted address in the storage unit 13. When the proxy server 10 receives an access request to the Internet 90 from the user terminal 30, the proxy server 10 searches whether the address stored in the storage unit 13 is included in the access request and includes the address. If the address is present, the address is transferred to the secure proxy server 20, and the secure proxy server 20 is caused to execute access using the address information. Then, the proxy server 10 receives the screen image obtained as a result of executing the access using the address from the secure proxy server 20, and transmits the screen image to the user terminal 30. As a result, it is possible to quickly determine whether the site is a malignant site and appropriately limit access.

  That is, the proxy server 10 extracts URLs or connection destination addresses included in e-mails transmitted from outside the organization, determines URLs for which access should be restricted based on the extracted URLs or connection destination addresses, and lists Up. Then, the proxy server 10 registers a list of URLs for restricting access in the access transfer list storage unit 13a in a short time from when the e-mail is received until the user terminal 30 accesses the website based on the content of the e-mail. Therefore, it is possible to quickly determine whether the site is a malignant site.

  When the user terminal 30 accesses using the URL that restricts access registered in the access transfer list storage unit 13a, the Web browser 23 is activated on the VM 22 of the secure proxy server 20, and the Web browser 23 is connected to the Internet. By substituting the use of 90, it becomes possible to use the Internet 90 without infecting the user terminal 30 even if malicious software that is not known in the world is installed in the connection destination Web server. As a result of being able to protect the user from threats directed to the site, it is possible to quickly determine whether the site is a malicious site and to restrict access appropriately.

  In addition, according to the first embodiment, an access destination address pattern in which access is not permitted is stored in advance, and the extracted address is stored in the storage unit 13. Access destination address information pattern in which access is not permitted. If it is true, the extracted address information is registered in the access transfer list storage unit 13a. Thereby, when the URL pattern of the malicious site is known in advance, it is possible to appropriately prevent access to the malicious site.

  Further, according to the first embodiment, the proxy server 10 stores in advance an access destination address pattern in which access is permitted, and access in which the extracted address information is stored in the storage unit 13 is permitted. If it does not correspond to the address pattern of the access destination, the extracted address is registered in the storage unit. As a result, if the URL of a site that has no problem even if accessed in advance is known, it is possible to prevent access to a site that does not have a problem even if accessed by registering in advance. It becomes possible.

  Further, according to the first embodiment, when a predetermined time elapses after the address information is stored in the access transfer list storage unit 13a, the proxy server 10 stores the address information in the access transfer list storage unit 13a. Erase from For this reason, it is possible to delete an address that has passed for a long time since registration, and to prevent an excessive increase in the data amount of the access transfer list storage unit 13a.

[System configuration]
In addition, among the processes described in the above embodiment, all or part of the processes described as being automatically performed can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. In addition, the processing procedures, specific names, and information including various data and parameters shown in the document and drawings can be arbitrarily changed unless otherwise specified.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.

[program]
In addition, it is possible to create a program in which processing executed by the proxy server 10 described in the above embodiment is described in a language that can be executed by a computer. For example, it is possible to create a proxy access program in which processing executed by the proxy server 10 according to the first embodiment is described in a language that can be executed by a computer. In this case, when the computer executes the proxy access program, the same effect as in the above embodiment can be obtained. Further, the proxy access program is recorded on a computer-readable recording medium, and the proxy access program recorded on the recording medium is read and executed by the computer to execute the same processing as in the first embodiment. May be. Hereinafter, an example of a computer that executes a proxy access program that implements the same function as that of the proxy server 10 illustrated in FIG. 2 will be described.

  FIG. 13 is a diagram illustrating a computer 1000 that executes a proxy access program. As illustrated in FIG. 13, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012 as illustrated in FIG. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1031 as illustrated in FIG. The disk drive interface 1040 is connected to the disk drive 1041 as illustrated in FIG. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive. The serial port interface 1050 is connected to a mouse 1051 and a keyboard 1052, for example, as illustrated in FIG. The video adapter 1060 is connected to a display 1061, for example, as illustrated in FIG.

  Here, as illustrated in FIG. 13, the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the proxy access program is stored in, for example, the hard disk drive 1031 as a program module in which a command executed by the computer 1000 is described.

  The various data described in the above embodiment is stored as program data, for example, in the memory 1010 or the hard disk drive 1031. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary, and executes the extraction procedure, the registration procedure, the transfer procedure, and the transmission procedure.

  Note that the program module 1093 and the program data 1094 related to the proxy access program are not limited to being stored in the hard disk drive 1031, but are stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive or the like. Also good. Alternatively, the program module 1093 and the program data 1094 related to the proxy access program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 1070 is stored. Via the CPU 1020.

DESCRIPTION OF SYMBOLS 10 Proxy server 11 Communication processing part 12 Control part 12a Acquisition part 12b Extraction part 12c Registration part 12d Erasing part 12e Transfer part 12f Transmission part 13 Storage part 13a Access transfer list storage part 13b Access control URL pattern storage part 13c Access permissible URL pattern storage Unit 20 secure proxy server 21 communication processing unit 22 VM
DESCRIPTION OF SYMBOLS 23 Web browser 24 VM control part 30 User terminal 31 Communication processing part 32 Web browser 33 Mail receiving part 40 Mail server 41 Communication processing part 42 Mail relay part 50 Malicious mail transmission terminal 60 Malicious web server 70 Firewall 80 Local area network 90 Internet

Claims (5)

An e-mail to the user terminal that searches for address information for accessing the Internet, and if the e-mail contains address information, an extractor that extracts the address information; ,
A registration unit for registering the address information extracted by the extraction unit in a storage unit;
When an access request to the Internet is received from the user terminal, the access request is searched for whether the address information stored in the storage unit is included in the access request. A transfer unit that transfers address information to an external device, and causes the external device to execute access using the address information;
A transmission unit that receives a screen image obtained as a result of executing an access using the address information from the external device, and transmits the screen image to the user terminal;
A relay server comprising: The storage unit stores in advance a pattern of address information of an access destination to which access is not permitted,
The registration unit registers the extracted address information in the storage unit when the address information extracted by the extraction unit corresponds to the pattern of the address information of the access destination that is stored in the storage unit and is not allowed to be accessed. The relay server according to claim 1, wherein: The storage unit stores in advance a pattern of address information of an access destination to which access is permitted,
The registration unit stores the extracted address information in the storage unit when the address information extracted by the extraction unit does not correspond to the address information pattern of the access destination permitted to be stored in the storage unit. The relay server according to claim 1, wherein the relay server is registered.   4. The apparatus according to claim 1, further comprising: an erasing unit that erases the address information from the storage unit when a predetermined time has elapsed since the address information was stored in the storage unit. The relay server described in 1. A proxy access method executed on a relay server,
An e-mail for searching for whether the e-mail to the user terminal contains address information for accessing the Internet, and if the e-mail contains address information; ,
A registration step of registering the address information extracted by the extraction step in a storage unit;
When an access request to the Internet is received from the user terminal, the access request is searched for whether the address information stored in the storage unit is included in the access request. Transferring the address information to an external device, and causing the external device to execute an access using the address information;
Receiving a screen image obtained as a result of executing access using the address information from the external device, and transmitting the screen image to the user terminal;
A proxy access method characterized by including:

Images