JP5682650B2 - Information relay method and repeater - Google Patents

Description

  The present invention relates to network storage such as NAS (Network Attached Storage).

The use of network storage such as NAS is increasing.
The constant connection to the Internet in a computer has also become common.
For this reason, many computers are connected to the Internet even when the user is accessing the file with the NAS while the LAN is closed.

  As a result, there is a problem that malicious software (hereinafter referred to as malware) exposes data stored in the NAS to the Internet in a form unintended by the user.

  In addition, if the user misidentifies the actual public area on the Internet as a non-public work area and puts important data there, or leaves folders that should not be made public in the open state. There may also be problems due to careless or inappropriate operations such as when connecting to a network.

A simple solution to the above problem is to “unplug the LAN cable directly”, but it is troublesome to unplug the LAN cable such as a router.
There are the following patent documents relating to techniques for preventing information leakage in computers.

JP 2003-122615 A

(Problems to be solved by the invention)
An object of the present invention is to prevent leakage of information in a network storage due to mixing of malware in a computer.
(Means for solving the problem)

Relaying method according to this embodiment, in the relay method by the relay device is executed by connecting the network and an external network including a plurality of information processing apparatus and the information storage device, to said information holding device of said plurality of information processing apparatuses and access control procedures for managing the access situation, depending on the access status to manage in the access control procedures, among the plurality of information processing apparatuses, external network from information processing device is accessing to the information holding device characterized in that comprising the external access control procedure for selectively inhibiting the information transfer to.

  The relay method according to the present embodiment is characterized in that the access status is acquired from the information holding device in the access management procedure.

  The relay method according to the present embodiment is characterized in that, in the access management procedure, the time during which transfer of the information from the information processing apparatus to the external network is prohibited in the external access control procedure is managed. .

The relay method according to the present embodiment further includes an external access detection procedure for detecting a connection between the information processing apparatus and the external network.
(Effect of the invention)
An object of the present invention is to prevent information leakage in a network storage caused by mixing of malwares by prohibiting access to an external network during file access to the network storage.

1 is a configuration diagram of a network storage system 100 according to an embodiment. FIG. 1 is a schematic diagram of a router 103 and a NAS 104 according to the present embodiment. It is BadPCList203 which concerns on a present Example. 1 is a configuration diagram of a network storage system 400 according to an embodiment. FIG. 1 is a configuration diagram of a network storage system 500 according to an embodiment. FIG. 1 is a configuration diagram of a network storage system 600 according to an embodiment. FIG. 1 is a configuration diagram of a network storage system 700 according to an embodiment. FIG. 1 is a configuration diagram of a network storage system 800 according to an embodiment. FIG. It is a flowchart regarding the open process of NAS concerning a present Example. It is a flowchart regarding the close process of NAS104 concerning a present Example. It is a flowchart of the count process which the router 103 which concerns on a present Example performs. It is a flowchart of the packet transfer process which the router 103 which concerns on a present Example performs. It is a hardware block diagram of NAS104 concerning a present Example. 1 is a configuration diagram of a network storage system 100 according to an embodiment. FIG. 1 is a configuration diagram of a network storage system 100 according to an embodiment. FIG.

DESCRIPTION OF SYMBOLS 100 ... Network storage system 101 ... Personal computer 102 ... Personal computer 103 ... Router 104 ... NAS
DESCRIPTION OF SYMBOLS 105 ... External network 106 ... File access monitoring part 107 ... System control part 108 ... External access control part 201 ... Folder 202 ... Folder 203 ... BadPCList
(Best Mode for Carrying Out the Invention)
The network storage system in this embodiment is a system in which a plurality of personal computers and NAS are connected by a LAN, and a network outside the LAN and personal computers are connected through a router.
A personal computer accesses a file via a LAN or accesses the Internet via a router.
The NAS in this embodiment controls the data stored in the NAS so that it does not leak onto the Internet against the user's intention.

  A particular problem when data stored in the NAS leaks onto the Internet is due to malware.

The following is a possible route for data on the Internet to flow out of the user's intentions due to malware.
1. The folder that the malware should keep secret is made a public folder of the file sharing folder.
2. Files that should be kept secret by the malware are copied to a public folder.
3. Files that should be concealed by malware are transferred as e-mails at a timing not intended by the user.

Conventional measures against these problems are as follows.
1. The personal computer detects “malware” by using virus software.
2. The personal computer blocks the network connection from the outside to the personal computer by a software firewall.
3. A personal computer monitors important data for loss through a physical firewall.

However, the above 1. This measure delays the response to new viruses.
Personal computers infected with "malicious software" first or early are powerless.

2. As for the above countermeasure, when “malicious software” that has once started operating accesses the outside from the inside, it is difficult to detect this.

3. above. There are technologies that are used as measures against SPAM mail and monitoring Web access by employees.
This can be used when there is a word or expression that cannot be considered in the business, or when the source or relay point seems to be a suspicious person. It is regarded as invalid data.
If the important data to prevent leakage is fixed and the pattern is fixed, this technology can be used.
That is, if words and expressions that are considered important for business can be selected as a fixed pattern, the data transmission is prohibited when data including the words and expressions are to be transferred to the outside.

However, because it is difficult to determine whether the firewall is mechanically abnormal or normal only by words and expressions that are not considered in business, it is detected using words and expressions that trigger data transmission prohibition. It is also difficult.
Therefore, the user has no choice but to deal with the log data of the firewall at a later date.

The NAS in this embodiment is connected to a personal computer via a network.
The NAS includes a file access detection unit that detects file access from the personal computer to the network storage, and a system control unit that controls disconnection of the connection between the personal computer and the external network according to the detected file access. It consists of.
As a result, when the information processing apparatus is accessing a file to the NAS, it is possible to prevent the data stored in the NAS from being leaked to the external network by blocking the information processing apparatus and the external network.

[Network storage system 100]
Hereinafter, the network storage system 100 according to the present embodiment will be described with reference to FIG.
FIG. 1 is a configuration diagram of a network storage system 100 according to the present embodiment.

The network storage system 100 includes personal computers 101 and 102, a router 103, and a network storage (hereinafter referred to as NAS) 104.
The network storage system 100 is connected to the external network 105 via the router 103.
The NAS 104 includes a file access monitoring unit 106, a system control unit 107, and a file access control unit 110.
The file access monitoring unit 106, the system control unit 107, and the file access control unit 110 installed in the NAS 104 are new functions and are features of the NAS 104 of this embodiment.
The router 103 has an external access control unit 108 and an external access monitoring unit 109.
The external access control unit 108 and the external access monitoring unit 109 function in cooperation with the file access monitoring unit 106, the system control unit 107, and the file access control unit 110, and are features of the router 103 of this embodiment.
The file access monitoring unit 106, the system control unit 107, and the file access control unit 110 may be provided outside the NAS 104.

In this embodiment, the personal computer 101 performs file access to the NAS 104.
When the malware publishes NAS 104 data (files, folders, etc.) on the Internet, the malware leaks the data to the external network 105 via the personal computer 101 that accesses the NAS 104 as a file.

The NAS 104 controls the external access control unit 108 of the router 103 when there is a file access to the designated folder.
The designated folder is a folder designated in advance by the user as a folder to be kept secret.
The folder stored in the NAS 104 has a flag indicating whether or not the folder is a secret target.

In the network storage system 100 according to the present embodiment, the NAS 104 prohibits the personal computer 101 from accessing the external network 105 while the personal computer 101 is editing a file to be kept secret.
As a result, the network storage system 100 can prevent leakage of the confidential file stored in the NAS 104 due to malware.

It is possible to refer to the Internet from another personal computer 102, and it is also possible to refer to data within the LAN between the personal computer 101 and the personal computer 102.
Note that connection control between the external network 105 and the personal computers 101 and 102 is not limited to being realized by control of the router 103.

[NAS104]
The NAS 104 in this embodiment has a function of controlling the router 103 in addition to the file server function.
The router 103 controls communication from the personal computer 101 to the external network 105 by the external access control unit 108.

The NAS 104 has folders and files.
The file may be in a folder or the same hierarchy as the folder.
The file access monitoring unit 106 detects file access of the personal computers 101 and 102.
In the present embodiment, the file access monitoring unit 106 detects file access of the personal computers 101 and 102 by detecting an application program interface (api) related to file access of the personal computers 101 and 102.
Api is a set of rules that define the software program procedures.

  When the file access monitoring unit 106 detects access from the personal computers 101 and 102 to the file, it notifies the system control unit 107 of the MAC address and IP address of the access request source (personal computers 101 and 102).

  The system control unit 107 controls the external access control unit 108 included in the router 103 based on information (MAC address, IP address) received from the file access monitoring unit 106.

The external access control unit 108 blocks access of the personal computers 101 and 102 to the external network 105 based on an instruction from the system control unit 107.
Further, the external access control unit 108 may be configured to delay the access of the personal computers 101 and 102 to the external network 105.

For example, suppose that the malware tries to send a file that should be concealed originally (a file for which a concealment flag is valid) to the external network 105 by e-mail or the like.
The NAS 104 in this embodiment prohibits access to the external network 105 and the personal computer (the personal computer in which the malware exists) that has read the confidential file when the malware reads the confidential file.
As a result, data transmission of the secret file by the personal computer fails, and information leakage can be prevented.

By external access control unit 1 08 prohibits access to the personal computer and the external network 105 also prohibits the communication also uniform with the external network 105 external access control unit 1 08 is the personal computer is performed as a work of a regular To do.
When the user of the personal computer recognizes and investigates that the operation of the system is unstable, the user becomes aware of the location of the malware.
According to the network storage system 100 in the present embodiment, the user can find out the mixing of malware at an early stage, and can prevent secondary damage and the spread of damage.

  Therefore, it is possible to prevent information leakage due to malware by controlling the personal computer so that the file access to the external storage is blocked while accessing the network storage.

[Linkage Function of Router 103 and NAS 104]
FIG. 2 is a schematic diagram of the router 103 and the NAS 104 according to the present embodiment.

The cooperation between the router 103 and the NAS 104 according to this embodiment will be described in detail.
The router 103 and NAS 104 shown in FIG. 2 are shown and are equivalent to those shown in FIG.
In FIG. 2, the file access control unit 106 and the system control unit 107 mounted on the NAS 104 are not shown, but the NAS 104 of FIG.

The router 103 has a BadPCList 203 in addition to the external access control unit 108.
FIG. 3 shows a specific example of the BadPCList 203.

The router 103 has the following functions implemented by software.
One of the functions of the router 103 is a function of managing the BadPCList 203 and determining whether the personal computers 101 and 102 are permitted or rejected to communicate with the external network 105.
One of the functions of the router 103 is a function of updating the BadPCList 203.
Further, one of the functions of the router 103 is that the IP packet source IP address and MAC address are present in the BadPCList 203, and it is determined that the IP packet source (personal computer) refuses to communicate with the external network 105, and When it is determined that the destination of the packet is that of the external network 105, this is a control logic function that discards the packet.
The router 103 also has a function of discriminating whether the transmission source and transmission destination of the packet is the internal LAN or the external network 105 based on the IP address and MAC address of the packet.
[BadPCList203]
FIG. 3 shows a BadPCList 203 according to this embodiment.

  The BadPCList 203 includes an IP address 301, a MAC address 302, an in_use 303, a BTL 304, a protect flag 305, and an OCN 306 of the personal computers 101 and 102 existing in the LAN.

  in_use 303 is a counter indicating the number of factors for denying access.

  The BTL 304 is a down counter that indicates the time until access to the external network 105 by the personal computers 101 and 102 is permitted.

protect flag 305 is for holding the access allowed whether the state of the external net in correspondence with each personal computer 101 or 102 to obtain the connection to the external network 105.

The OCN 306 is a down counter that indicates the time until the personal computers 101 and 102 are allowed to access the NAS 104.
The OCN 306 is a counter that sets a predetermined value (for example, 20) each time communication between the personal computers 101 and 102 and the external network 105 occurs.

The router 103 counts up in_use 303 when a factor for refusing access between the personal computers 101 and 102 and the external network 105 occurs.
Specifically, the cause of denying access between the personal computers 101 and 102 and the external network 105 is that the personal computers 101 and 102 accessed the designated folder of the NAS 104.

If the router 103 determines that there is no longer any cause for denying access between the personal computers 101 and 102 and the external network 105, the router 103in_use 303 is counted down.
The initial value of in_use 303 is 0.

The fact that the value of in_use 303 is not “0” indicates that there is a cause of denying access between the personal computers 101 and 102 and the external network 105, so the router 103 sets the protect flag 305 to “protect = true”.
The router 103 sets the value of the BTL 304 to a specified value (for example, 32).

When the router 103 sets in_use 303 to “0” (that is, there is no factor to deny access between the personal computers 101 and 102 and the external network 105), the router 103 counts down the value of the BTL 304 at regular time intervals (for example, 1 second). To do.
When the router 103 counts down the BTL 304 and sets the value of the BTL 304 to “0”, the countdown is stopped and the protect flag 305 is changed from “true” to “false”.
As a result, the personal computer corresponding to “protect = false” can communicate with the external network 105.

In this embodiment, the router 103 also counts down the OCN 306 at the same time interval (for example, 1 second) as the BTL 304, and stops counting down when set to “0”.
Of course, the time interval of the countdown in the OCN 306 and the BTL 304 is not limited to be the same.

The value set in the OCN 306 by the router 103 may be changed according to the communication protocol (port number) between the personal computers 101 and 102 and the external network 105.
In that case, the router 103 performs control so that a value smaller than the value held by the OCN 306 is not written to the OCN 306.

In this embodiment, the BadPCList 203 is a table managed by software installed in the router 103, but is not limited to this.
The router 103 can also implement the BadPCList 203 by hardware such as Gate Array.

From the above, BadPCList 203 indicates the following.
The personal computer 101 with the IP address “192.168.3.32” is permitted to access the external network (protect = false), but is communicating only within the LAN (OCN = 0).
On the other hand, the personal computer 102 of “192.168.3.33” is prohibited from communicating with the external network 105 due to two factors.
Furthermore, the personal computer of “192.168.3.34” indicates that communication with the external network 105 was performed (20−15 =) 5 seconds ago.

[Function of NAS104]
Next, functions of the NAS 104 according to the present embodiment will be described in detail.

The NAS 104 has a Hide flag and an Open flag for each folder disclosed to the personal computers 101 and 102 in the LAN.

More specifically, the NAS 104 in this embodiment has folders 201 and 202.
Each of the folders 201 and 202 has a Hide flag and an Open flag.
The Hide flag of the folder 201 is “true”, and the Open flag is “false”.
The Hide flag of the folder 202 is “false”, and the Open flag is “true”.

The “true” of the Hide flag indicates that the file in the folder 201 should be kept secret from the external network 105.
The “False” of the Hide flag indicates that the file in the folder 202 can be opened to the external network 105.
That is, the Hide flag is information indicating whether or not a file in a folder having the Hide flag is a secret file.
The NAS 104 refers to the Hide flag of the folders 201 and 202 to determine whether or not the files in the folders 201 and 202 are secret files.

An Open flag “true” indicates that any file in the folder 202 has been read (read / written).
“False” of the Open flag indicates that any file in the folder 201 has not been read (read / written).
The folders 201 and 202 have an Open flag for each access source personal computer (not shown; representatively, only the Open flag corresponding to the personal computer 101 is shown).

As the Hide flag and the Open flag, flags originally possessed by the file system can be used.
For example, in the case of a Unix (registered trademark) file system, “Hide = true is considered when reading is not permitted for the other user”, and in the case of a FAT file system, “Hide = true is considered when the Hidden attribute is present”. There are methods.
The Open flag has a counter indicating the number of times that many file systems have been opened and a flag indicating that the file system has been mounted. Therefore, this mechanism and the mechanism b2 below are combined and managed for each access source personal computer. Can be.

  The NAS 104 has a function of specifying a personal computer that has accessed the NAS 104 by an IP address or a MAC address.

As an example of the mounting method, since a request to the NAS 104 arrives via the network, the request source IP address and MAC address can be extracted from the request packet.
This may be added as additional information to the request block to the file system as it is.
When the processing result in the file system is transmitted to the requesting personal computer, the destination IP address / MAC address (the IP address / MAC address of the access requesting personal computer) may be extracted.

  When the NAS 104 detects that the Open flag folder has changed from “false” to “true” in the folder 201 whose Hide flag is “true”, the access source personal computer 101, that is, the BadPCList 203 for the extracted IP address / MAC address. In_use is counted up.

The NAS 104 sets the value of the protect flag 305 to “true” and sets the value of the BTL 304 to a specified value (for example, 32).
When the NAS 104 changes the Open flag from “true” to “false”, the NAS 104 counts down the corresponding in_use.

  As described above, the router 103 performs data communication between the access source personal computer 101 and the external network 105 while the personal computer 101 is accessing the secret folder and for a certain period of time (32 seconds) after the access is completed. Is prohibited.

The access prohibition period (BTL 304, OCN 306) does not hinder the user's normal work.
For example, during the access prohibition period, the user can read / write data in a folder to be kept secret while reading / writing mail.
On the other hand, network access of software such as malware is prohibited, and damage from information leakage can be prevented.
In addition, logs and error messages that block communication alert you that malware is running.
Therefore, the user can find malware early.

The router 103 does not need to have a NAT function or a DHCP function.
Therefore, the router 103 can be realized by detecting and switching the address of the packet and the IP / MAC address of the transmission source.
Therefore, the router 103 is almost the same as the switching HUB and can be easily implemented as hardware.

[External access monitoring unit 109]
Next, the external access monitoring unit 109, which is a new function installed in the router 103, will be described.

  The external access monitoring unit 109 has a function of detecting the connection status between the personal computers 101 and 102 and the external network 105.

When the personal computers 101 and 102 access the external network 105, the NAS 104 prohibits file access of the personal computers 101 and 102 that access the external network 105.
In other words, when the router 103 receives an access request from the personal computers 101 and 102 in the LAN to the external network 105, the NAS 104 in the NAS 104 by the personal computer 101 and 102 that has requested access to the external network 105 for a certain period of time thereafter. An error occurs when reading the folder.

  As a result, when the personal computers 101 and 102 try to connect to the external network 105 due to the operation of malware, the NAS 104 transfers the confidential files (the confidential files stored in the NAS 104) to the personal computers 101 and 102. By prohibiting access, data leakage is prevented.

  Specifically, when the external access monitoring unit 109 detects that the personal computers 101 and 102 have accessed the external network 105, the external access monitoring unit 109 sets the value of the OCN 306 of the BadPCList 203.

The external access monitoring unit 109 sets the value of the OCN 306 in consideration of the network protocol used for the exchange of the personal computers 101 and 102 with the external network 105.
For example, when the personal computers 101 and 102 communicate with the external network 105 by using SMTP (Simple Mail Transfer Protocol), the external access monitoring unit 109 sets the value of the OCN 306 to “30”.
When the personal computers 101 and 102 communicate with the external network 105 using HTTP (Hypertext Transfer Protocol), the external access monitoring unit 109 sets the value of the OCN 306 to “10”.
When the personal computers 101 and 102 communicate with the external network 105 using FTP (File Transfer Protocol), the external access monitoring unit 109 sets the value of the OCN 306 to “40”.
That is, when the personal computers 101 and 102 send mail or transfer files, the access prohibition period to the NAS 104 is made longer than when the personal computers 101 and 102 access the web.
This prohibits the access prohibition period for access to the external network 105 where a confidential file is likely to be leaked by malware.

  The external access monitoring unit 109 may be realized such that the router 103 monitors communication between the personal computers 101 and 102 and the external network 105 in cooperation with a firewall.

[File access control unit 110]
The NAS 104 has a file access control unit 110.
The file access control unit 110 has a function of prohibiting or delaying access to a folder that can be opened to the personal computers 101 and 102 in the LAN.

The file access control unit 110 operates based on information from the external access monitoring unit 109 of the router 103.
More specifically, the system control unit 107 acquires access detection at the external access monitoring unit 109 of the router 103.
The system control unit 107 gives an operation instruction to the file access control unit 110 based on the access information acquired from the external access monitoring unit 109.
The file access control unit 110 controls access of the personal computers 101 and 102 to the NAS 104 based on an instruction from the system control unit 107.

As described above, the external access monitoring unit 109 sets the value of the OCN 306.
The system control unit 107 gives an operation instruction to the file access control unit 110 according to the value of the OCN 306.
The file access control unit 110 permits access to the NAS 104 for a personal computer whose OCN 306 value is “0”.
Further, the file access control unit 110 prohibits access to the NAS 104 for personal computers whose OCN 306 value is not “0”.

The system control unit 107 determines a folder whose Hide flag is “true”.
The file access monitoring unit 104 monitors the Open flag.
When the file access monitoring unit 104 detects that the Open flag has changed from “false” to “true”, the system control unit 107 acquires the OCN 306 of the personal computer corresponding to the changed Open flag.
When the system control unit 107 determines that the Hide flag of the acquired OCN 306 is “true”, the system control unit 107 notifies the file access control unit 110 of the OCN 306.

When the file access control unit 110 determines that the value of the OCN 306 is not “0”, the file access control unit 100 returns an error in response to the file access request.
That is, the file access control unit 110 prohibits file access of a personal computer whose OCN 306 value is not “0”.

[Network storage system 400]
FIG. 4 is a configuration diagram of the network storage system 400 according to the present embodiment.

The network storage system 400 includes personal computers 401 and 402, a firewall 403, and a NAS 404.
The network storage system 400 is connected to the external network 105 via the firewall 403.
The firewall 403 includes a packet monitoring unit 406 and a feature pattern dictionary 409.
The NAS 404 has a feature pattern generation unit 407 and a registration function 408.

The NAS 404 can manage whether each file is a secret file.
The feature pattern generation unit 407 generates a feature pattern for each confidential file.
The registration function 408 registers the feature pattern generated by the feature pattern generation unit 407 in the feature pattern dictionary 409.
The feature pattern indicates whether or not the file is a secret file.
The feature pattern generation unit 407 generates a feature pattern based on, for example, the file name / file content of the secret file.

The packet monitoring unit 406 monitors the transfer packet from the personal computers 401 and 402 in the LAN to the external network 405, and determines the presence or absence of a feature pattern present in the transfer packet.
When the firewall 403 receives the transfer packet, the packet monitoring unit 406 refers to the feature pattern dictionary 409.
When the packet monitoring unit 406 determines that there is a feature pattern registered in the feature pattern dictionary 409 in the transfer packet, the external access control unit 410 prohibits the transfer packet from being transmitted to the external network 105.

Accordingly, the network storage system 400 according to the present embodiment can designate the secret file to the firewall 403 using the feature pattern, and can prevent the secret file from flowing out to the external network 405.
Further, the network storage system 400 according to the present embodiment can prevent the malware from copying the confidential file to the public folder.

  Further, the trigger for the feature pattern generation unit 407 to operate is, for example, any one or combination of a, b, and c below.

  a. A user of the NAS 404 issues a start instruction to the feature pattern generation unit 407.

  b. The feature pattern generation unit 407 is activated periodically at a predesignated time.

  c. The pattern generation unit 407 is activated in response to writing / updating to a file.

Further, the feature pattern generation unit 407 calculates a feature pattern that the NAS 404 has in the changed file.
Therefore, the firewall 403 can monitor the presence / absence of a feature pattern in the transfer packet in real time.

  Note that the activation trigger of the feature pattern generation unit 407 can be realized by diverting the file system installed in the NAS 404 and the function for notifying file update and creation of the operation system.

As described above, the network storage 400 according to this embodiment can prevent a file in a specific folder of the NAS 404 (the protect flag is “true”), a file obtained by modifying the file, or data from leaking to the external network 405.
Add a story about the protect flag.

The network storage system 400 in this embodiment prohibits transmission of a transfer packet having a feature pattern to the external network 105.
Therefore, the network storage system 400 according to the present embodiment can prevent the confidential file from flowing out to the external network 405 even when the confidential file exists in a folder that is not protected.
[Network storage system 500]
FIG. 5 is a configuration diagram of the network storage system 500 according to the present embodiment.

The network storage system 500 includes personal computers 501, 502, a router 503, and a NAS 504.
The network storage system 500 is connected to the external network 505 via the router 503.
The router 503 has an external access control unit 503.
The NAS 504 includes a file access monitoring unit 507, a system control unit 508, a feature pattern generation unit 509, a feature pattern dictionary 510, and a file search unit 511.

The network storage system 500 according to the present embodiment is a system that detects a feature pattern in a secret file at any time and updates the presence / absence of access to the secret file at any time.
The network storage system 500 in this embodiment prohibits access to the external access network 505 of a personal computer that has made file access to the secret file.
As a result, the network storage system 500 can also prevent leakage of the confidential file due to malware.

  Hereinafter, the operation of the network storage system 500 will be described.

The personal computers 501 and 502 perform file access to the NAS 504.
When the personal computers 501 and 502 update the confidential file, the feature pattern generation unit 509 is activated.
The feature pattern generation unit 509 generates a feature pattern of the updated secret file.
The feature pattern generation unit 407 generates a feature pattern based on the file name / file content.
The feature pattern generation unit 509 registers the generated feature pattern in the feature pattern dictionary 510 and notifies the file search unit 511 of the generated feature pattern.
The file search unit 511 determines whether the notified feature pattern exists in all folders existing in the NAS 504.
When the file search unit 511 detects a folder or file including the generated feature pattern, the addition function 512 adds the detected file as a new monitoring target of the file access monitoring unit 507.
The file access monitoring unit 507 monitors file access from the personal computers 501 and 502 even in the newly monitored folder and file and the folder and file that are already monitored.

  The network storage system 500 according to the present embodiment searches for a feature pattern from a folder other than the designated folder (the protect flag is “true”) in the NAS 504, or the public folders of the personal computers 501 and 502 and the NAS 504.

  Alternatively, the NAS 504 has a function of searching for a feature pattern in all folders on the personal computer in cooperation with software on the personal computer, and the NAS 504 performs one or both of the following operations a and b. May be.

  a. Prohibit transmission of the file or folder in which the characteristic pattern is found to the external network 505.

  b. The personal computer is notified about the file or folder in which the feature pattern is newly detected.

  As a result, the network storage system 500 according to the present embodiment can prevent the confidential file from flowing out to the external network 505 even when the confidential file is copied to an unprotected folder.

In addition, the network storage system 500 according to the present embodiment adds a secret file to a monitoring target even if the secret file is copied to an unprotected folder.
Therefore, it is possible to reduce the outflow of the confidential file to the external network 505 due to the user's careless operation.

In the network storage system 500 according to the present embodiment, if a user designates a folder to be protected, a copy of a file existing in that folder can be protected.
Therefore, the network storage system 500 can prevent the file protection leak of the NAS 504 from being overlooked by the user.

[Network storage system 600]
FIG. 6 is a configuration diagram of the network storage system 600 according to the present embodiment.

  Next, the network storage system 600 according to the present embodiment will be described.

The network storage system 600 includes a personal computer 601 and an external network 602.
The personal computer 601 includes a LAN port 603, a net access control unit 604, a system control unit 605, a file access monitoring unit 606, and a built-in disk 607.
The personal computer 601 has firewall software that runs on the personal computer 601.

The internal disk 607 stores a secret folder and a secret file.
The file access monitoring unit 606 detects file access to a secret folder and a secret file stored in the internal disk 607.
When the file access monitoring unit 606 detects file access to the secret folder and the secret file, the file access monitoring unit 606 notifies the system control unit 605 of detection of file access.

  When the system control unit 605 receives the file access detection notification, the system control unit 605 instructs the network access control unit 604 to block the external network 602 based on the file access detection notification from the file access monitoring unit 606. .

  The net access control unit 604 blocks access of the personal computer 601 to the external network 602 based on an instruction from the system control unit 605.

[Network Storage System 700]
FIG. 7 is a configuration diagram of the network storage system 700 according to the present embodiment.

  A network storage system 700 according to this embodiment will be described.

The network storage system 700 includes a personal computer 701, an external network 702, and an external disk 703.
Here, the external disk is an MO disk or a USB memory.
The personal computer 701 is connected to the external disk 703 via a USB interface, a SCSI interface, or the like.

  The personal computer 701 includes a LAN port 704, a net access control unit 705, a system control unit 706, a protection target detection unit 707, a file access monitoring unit 708, and an internal disk 709.

When the personal computer 702 accesses a folder or file stored in the external disk 703, the protection target detection unit 707 determines that the accessed folder or file is a secret folder or secret based on the volume label or folder name of the external disk 703. Determine that it is a file.
Specifically, the processing logic performed by the protection target detection unit 707 determines, for example, a folder or file whose volume label is “HIDDENxxx” as a protection target.
In other words, the protection target detection unit 707 determines a folder or file having a predetermined volume label as a protection target.
Alternatively, the protection target detection unit 707 determines a folder or file existing in a specific root folder as a protection target.

  When the protection target detection unit 707 determines that the folder or file stored in the external disk 703 is a protection target, the protection target detection unit 707 prohibits the system control unit 706 from accessing the external network 702 and the personal computer 701. Notify you.

  When the system control unit 706 receives an access prohibition notification from the protection target detection unit 707, the system control unit 706 instructs the network access control unit 705 to block the external network 702 based on the notification from the protection target detection unit 707. To do.

  The net access control unit 705 blocks access of the personal computer 701 to the external network 702 based on an instruction from the system control unit 706.

The network storage system 700 also detects access to a file by using the file access monitoring unit 708 that a file access has been made to a secret folder or a secret file stored in the internal disk 709.
When the file access monitoring unit 708 determines that there is a file access to the secret folder or secret file stored in the internal disk 709, the file access monitoring unit 708 notifies the system control unit 706 of detection of file access.

  When the system control unit 706 receives the file access detection notification from the file access monitoring unit 708, the system control unit 706 sends the network access control unit 705 to the external network 702 based on the file access detection notification from the file access monitoring unit 708. Instruct to shut off.

  The net access control unit 705 blocks access of the personal computer 701 to the external network 702 based on an instruction from the system control unit 706.

  The network storage system 700 according to this embodiment is a system that prohibits access between the personal computer 701 and the external network 702 when file access is made to a secret folder or a secret file on the external disk 703.

  As a result, the network storage system 700 in this embodiment can prevent the confidential data stored in the external disk 703 from leaking to the external network 702.

  If the personal computer 701 updates and manages the secret folder and the secret file stored in the external disk 703 in the external disk 703, it is possible to prevent the secret folder and the secret file from being leaked to the external network 702 by malware.

[Network Storage System 800]
A network storage system 800 according to the present embodiment will be described.

  FIG. 8 is a configuration diagram of the network storage system 800 according to the present embodiment.

  The network storage system 800 includes a personal computer 801, an external network 802, and an external disk 803.

  The personal computer 801 includes a LAN port 804, a network access control unit 805, a system control unit 806, an access control unit 807, a file access monitoring unit 808, and an internal disk 809.

  Also in the network storage system 800, the file access monitoring unit 808 detects file access from the personal computer 801 to the secret folder and the secret file stored in the internal disk 809.

  When the file access monitoring unit 808 determines that there is file access to the secret folder and the secret file stored in the internal disk 809, the file access monitoring unit 808 notifies the system control unit 806 of detection of file access.

  When the system control unit 806 receives a file access detection notification from the file access monitoring unit 808, the system control unit 806 sends an external network 802 to the net access control unit 805 based on the file access detection notification from the file access monitoring unit 808. Instruct to shut off.

The net access control unit 805 blocks access of the personal computer 801 to the external network 802 based on an instruction from the system control unit 806.

Data stored in the external disk 803 is encrypted.
The external disk 803 is a portable recording medium.
By encrypting the data in the external disk 803, it is possible to prevent data leakage even when the user inadvertently drops the external disk 803.

The personal computer 801 has an access control unit 807.
The access control unit 807 decrypts the encrypted data stored in the external disk 803.
Specifically, the access control unit 807 performs password authentication, fingerprint authentication, and the like, and the access control unit 807 decrypts the encrypted data stored in the external disk 803.
When the access control unit 807 determines that reading / writing to the external disk 803 is permitted, the access control unit 807 notifies the system control unit 806 that access to the external network 802 and the personal computer 801 is prohibited.

  When the system control unit 806 receives a notification of access prohibition from the access control unit 807, the system control unit 806 instructs the network access control unit 805 to block the external network 802 based on the notification from the access control unit 807.

  The net access control unit 805 blocks access of the personal computer 801 to the external network 802 based on an instruction from the system control unit 806.

  The network access control unit 805 is configured to permit network access such as NTP (Network Time Protocol) and ping response that does not allow leakage of secret data (secret folder, secret file) to the external network 802. Also good.

[Flow chart of open processing]
FIG. 9 is a flowchart regarding access processing (open processing) to files and folders stored in the NAS 104 according to the present embodiment.

  When the personal computers 101 and 102 access the NAS 104, the personal computers 101 and 102 transmit a request packet to the NAS 104.

  The file access monitoring unit 106 installed in the NAS 104 takes out the IP address / MAC address of the request source that has made a file access to the NAS 104 from the request packet (step S901).

The file access monitoring unit 106 refers to the BadPCList 203 and determines whether the value of the OCN 306 corresponding to the access request source is greater than 0 (step S902).
When the file access monitoring unit 106 determines that the value of the OCN 306 corresponding to the access request source is larger than “0” (YES in step S902), the file access monitoring unit 106 prohibits the request source file access (step S905). Then, the access process is terminated (step S906).

If the value of the OCN 306 corresponding to the access request source is not greater than 0 (specifically, the value of the OCN 306 is 0) (step S902 NO), the system control unit 107 performs the file access. The open process is executed with permission (step S903).
The open process is a process in which the system control unit 107 opens a file requested to be accessed.

Then, the system control unit 107 determines whether or not the open process has failed (step S904).
If the system control unit 107 determines that the open process has failed (YES in step S904), the file access monitoring unit 106 prohibits the request source file access (step S905) and ends the access process (step S906).
When the system control unit 107 determines that the open process is successful (NO in step S904), the system control unit 107 determines whether the file to be opened is a file to be protected (step S907).

When the system control unit 107 determines that the file to be opened is a protection target (YES in step S908), the system control unit 107 increments the in_use 303 corresponding to the access request source and increments it by 1, and sets the protect flag 305 to “ true ”and the BTL is set to“ 32 ”(step S908).
When the system control unit 107 determines that the file to be opened is not a protection target (step S909), the system control unit 107 ends the opening process (step S909).

[Close process flowchart]
FIG. 10 is a flowchart relating to access processing (close processing) to files and folders stored in the NAS 104 according to the present embodiment.

  When the personal computers 101 and 102 access the NAS 104, the personal computers 101 and 102 transmit a request packet to the NAS 104.

  The file access monitoring unit 106 installed in the NAS 104 takes out the IP address / MAC address of the request source that has made a file access to the NAS 104 from the request packet (step S1001).

  The file access monitoring unit 106 notifies the requesting IP address / MAC address to the system control unit 107, and the system control unit 107 performs a close process (step S1002).

Then, the system control unit 107 determines whether the file to be closed is a file to be protected (step S1003).
When the system control unit 107 determines that the file to be closed is not a protection target (NO in step S1003), the system control unit 107 ends the closing process (step S1006).
When the system control unit 107 determines that the file to be closed is a protection target (YES in step S1003), the system control unit 107 determines whether all the files in the folder to which the protection target file belongs are closed. It is determined (step S1004).

When the system control unit 107 determines that all the files in the folder are closed (step S1004 YES), the system control unit 107 counts down the in_use 303 corresponding to the access request source to decrease by 1 (step S1005) and closes it. The process ends (step S1006).
If the system control unit 107 determines that all files in the folder are not closed (NO in step S1004), the system control unit 107 ends the close process (step S1006).

[Count process flowchart]
FIG. 11 is a flowchart of the counting process performed by the router 103 according to this embodiment.
The function of the router 103 that executes the flowchart shown in FIG. 11 is a function of managing the BadPCList 203 described above and determining whether each personal computer 101, 102 is permitted or rejected to communicate with the external network 105.
The count process is a process for measuring the time for disconnecting the connection between the personal computers 101 and 102 and the external network 105.

The router 103 has an internal timer (not shown).
The router 103 is activated every second by an internal timer.
The router 103 refers to the BadPCList 203 (step S1101).
The router 103 determines whether or not the BTL 304 corresponding to all personal computers (personal computers 101 and 102) registered in the BadPCList 203 is larger than “0” (step S1102).
When the router 103 determines that the BTL 304 is greater than “0” (YES in step S1103), the router 103 counts down the value of the BTL 304 determined to be greater than “0” and decreases it by 1 (step S1103).

Then, the router 103 determines whether or not the BTL 304 has become “0” as a result of counting down and decreasing by 1 (step S1104).
If the router 103 determines that the BTL 304 has become “0” (YES in step S1104), the router 103 changes the protect flag 305 that has been determined that the BTL 304 has become “0” from “true” to “false” (step S1104). S1105).
When the router 103 determines that the BTL 304 is not “0” (NO in step S1104), the router 103 determines whether the OCN 306 corresponding to all the personal computers (personal computers 101 and 102) is larger than “0”. (Step S1106).
If it is determined in step S1102 that the BTL 304 corresponding to all personal computers (personal computers 101 and 102) registered in the BadPCList 203 is not greater than “0” (NO in step S1102), the router 103 determines that all personal computers It is determined whether or not the OCN 306 corresponding to (personal computers 101 and 102) is larger than “0” (step S1106).

When the router 103 determines that the OCN 306 is greater than “0” (step S1106 YES), the router 103 counts down the value of the OCN 306 and decreases it by 1 (step S1107).
When the router determines that the OCN 306 corresponding to all the personal computers (personal computers 101 and 102) is not larger than “0” (NO in step S1106), the router 103 sets the BTL 304 and OCN 306 of all entries registered in the BadPCList 203. It is determined whether or not the counting process has been executed for (step S1108).

When it is determined that the router 103 has executed the count process for the BTL 304 and OCN 306 of all entries registered in the BadPCList 203 (YES in step S1108), the router 103 ends the process (step S1109).
If the router 103 determines that the BTL 304 and OCN 306 of all entries registered in the BadPCList 203 have not been counted (NO in step S1108), the router 103 again determines whether the value of the BTL 304 is greater than “0”. Is discriminated (step S1102).

[Flowchart of packet transfer processing]
FIG. 12 is a flowchart of the packet transfer process performed by the router 103 according to the present embodiment. When the router 103 receives a packet from the personal computers 101 and 102, the packet transfer process is started (step S1201).

The router 103 determines whether or not the destination of the received packet is the external network 105 and the transmission source of the received packet is the personal computer 101 or 102 in the LAN (step S1202).
When the router 103 determines that the destination of the packet is not the external network 105 or the source of the received packet is not the personal computer 101 or 102 in the LAN (in other words, the destination of the packet is not the external network 105) When the packet transmission source is not the personal computer 101 or 102 (NO in step S1202), the router 103 transfers the received packet to a predetermined destination (step S1203), and ends the packet transfer process (step S1204). .

  When the router 103 determines that the destination of the packet is the external network 105 and the source of the received packet is the personal computer 101 or 102 in the LAN (YES in step S1202), the router 103 It is determined whether or not the protect flag 305 corresponding to the personal computer is “true” (step S1205).

  When the router 103 determines that the protect flag 305 corresponding to the personal computer that is the packet transmission destination is not “true” (the protect flag 305 is “false”) (NO in step S1205), the router 103 determines whether or not the protocol is used for communication. The delay value (X) is determined (step S1208).

Then, the router 103 determines whether or not the value of the OCN 306 is smaller than the delay value (X) (step S1209).
When the router 103 determines that the value of the OCN 306 is smaller than the delay value (X) (YES in step S1209), the router 103 sets the value of the OCN to the delay value (X) (step S1210).

  When the router 103 determines that the value of the OCN 306 is not smaller than the delay value (X) (NO in step S1209), the router 103 performs a packet transfer process (step S1211) and ends the packet transfer process (step S1211). S1212).

  FIG. 13 is a hardware block diagram of the NAS 104 according to this embodiment.

A hardware configuration in the NAS 104 will be described.
The NAS 104 includes a CPU (Central Processing Unit) 1301, a storage unit 1302, a memory 1303, and LAN ports 1304 and 1305.

The NAS 104 is connected to the personal computers 101 and 102 via the LAN port 1304.
The NAS 104 is connected to the router 103 via the LAN port 1305.

The file access monitoring unit 106, the system control unit 107, and the file access control unit 110 included in the NAS 104 are functions executed by the CPU 1301 as software.
Therefore, the file access monitoring unit 106, the system control unit 107, and the file access control unit 110 are stored in the storage unit 1302 as software.
When the CPU 1301 executes the file access monitoring unit 106, the system control unit 107, and the file access control unit 110, the CPU 1301 expands and executes the file access monitoring unit 106, the system control unit 107, and the file access control unit 110 in the memory 1303. To do.

FIG. 14 is a configuration diagram of the network storage system 100 describing the functions of the NAS 104 according to the present embodiment.
The NAS 104 has functions of a file access monitoring unit 106, a system control unit 107, and a file access control unit 110.
The file access monitoring unit 106, the system control unit 107, and the file access control unit 110 are functions that control the network storage system 100.
Even when a personal computer infected with malware accesses the NAS 104 as a file, the NAS 104 can prevent the files and folders stored in the NAS 104 from leaking to the external network 105.

FIG. 15 is a configuration diagram of the network storage system 100 describing the functions of the router 103 according to the present embodiment.
The router 103 has functions of an external access control unit 108 and an external access monitoring unit 109.
The external access control unit 108 and the external access monitoring unit 109 are functions that control the network storage system 100.
The external access control unit 108 is a function for controlling whether or not to transfer packets received from the personal computers 101 and 102 to the external network 105.
The external access monitoring unit 109 is a function for monitoring the connection status between the external network 105 and the personal computers 101 and 102.
The router 103 executes and controls the external access control unit 108 and the external access monitoring unit 109 as software.
Therefore, the router 103 also has a CPU, a storage unit, a memory, or hardware equivalent to these in order to execute the external access control unit 108 and the external access monitoring unit 109.
The external access control unit 108 and the external access monitoring unit 109 may be physically present in a hardware configuration.

  The external access control unit 108 and the external access monitoring unit 109 can prevent the files and folders stored in the NAS 104 from leaking to the external network 105 even when a personal computer infected with malware accesses the NAS 104 as a file. it can.

  The network storage system according to the present embodiment relates to data protection in a storage connected via a network.

According to the network storage system of the present embodiment, it is possible to effectively prevent data from being leaked to an external network due to malware or inadvertent / inadequate network access.

Claims (7)

In a relay method executed by a relay that connects a network including a plurality of information processing devices and information holding devices and an external network,
And access control procedures for managing the access status to the information holding device of said plurality of information processing apparatuses,
Depending on the access status to manage in the access control procedures, the one of the plurality of information processing apparatuses, the information transfer to the external network selectively from information processing device is accessing to the information holding device Prohibited external access control procedures;
A relay method comprising: The relay method according to claim 1,
The access management procedure includes acquiring the access status from the information holding device. The relay method according to claim 2,
The access management procedure manages a time during which transfer of the information from the information processing apparatus to the external network is prohibited in the external access control procedure. The relay method according to claim 3,
A relay method further comprising an external access detection procedure for detecting a connection between the information processing apparatus and the external network. In relay method in according to claim 4,
The access management procedure manages a connection status between the information processing apparatus and the external network. The relay method according to claim 5,
The access management procedure manages a time during which access from the information processing device to the information holding device is prohibited according to a connection status between the information processing device and the external network. In a repeater that connects a network including a plurality of information processing devices and information holding devices and an external network,
An access management unit that manages an access status of the plurality of information processing devices to the information holding device;
In accordance with the access status managed by the access management unit, information transfer from the information processing apparatus accessing the information holding apparatus to the external network is selectively prohibited among the plurality of information processing apparatuses. An external access control unit;
The repeater characterized by comprising.