KR101344242B1 - How to prevent illegal browser for using the DNS - Google Patents

Abstract

The present invention relates to a method for blocking illegal browsers using DNS, and more preferably, to block illegal browsers accessing a web browser or a text browser using a trusted DNS and at the same time, IP information to the trusted DNS. It is related to a technology that passes the information of the internal user requesting information and the requested information to the DNS inspection device in real time, automatically sets the policy to block normal browsers, and permits only normal access browsers.
The blocking method of the illegal web browser is that when the internal PC user performs naming using the web or text browser, the browser first checks whether the host list exists in the host list file in order to check IP information about the naming. In the process of verifying that the internal PC user runs the naming for external access, a program is installed to remove the host from the internal PC, and the internal PC does not find the host. Next, in retrieving the illegal browser by checking the naming information entered in the web or text browser through the trusted DNS address registered in the user's PC by the program in the trusted DNS,
The information and request information of the internal user who requested IP information to the trusted DNS are delivered to the trusted DNS inspection device installed between the internal internet section and the external internet section in real time to automatically set the policy to verify normal access. Access only the web browser, find the Internet path with the IP information requested by the user, access the relevant web site, read the information, collect illegal web browsers, and deliver the site to the computer incident response team for analysis. Next, the illegal site list database accessed through the illegal web browser is operated to share information.

Description

How to prevent illegal browser for using the DNS}

The present invention relates to a method for blocking illegal browsers using DNS, and more preferably, to block illegal browsers accessing a web browser or a text browser using a trusted DNS and at the same time, IP information to the trusted DNS. It is related to a technology that passes the information of the internal user requesting information and the requested information to the DNS inspection device in real time, automatically sets the policy to block normal browsers, and permits only normal access browsers.

With the rapid development of the Internet technology, the convenience of the Internet makes it possible for individuals and businesses to conduct economic activities, from e-mails and file transfers to simple general tasks, as well as electronic payments, corporate advertising through web servers, and e-commerce. The Internet is being used throughout all aspects of life.

On the other hand, due to the general use of the Internet, the side effects are increasing rapidly. For example, as the Internet usage of teenagers surges, they may intentionally access harmful sites (such as adult sites or entertainment sites) to expose them to harmful information, or they may be harmful in the process of accessing certain sites that are not intentionally accessed. Is frequently linked to be exposed to harmful information provided from the harmful site.

In addition, in the workplace or the enterprise, since employees are in an environment where the Internet is easily accessible, there are frequent cases in which work efficiency is lowered by accessing sites that are not related to work.

Due to this problem, users (eg, parents or business owners) require selective access to block illegal browsers (phishing / zombie sites / abnormal operating sites, etc.) of Internet sites, and access to illegal browsers in accordance with the above requirements. Internet access blocking services are provided in various ways.

Hereinafter, a conventional internet access blocking service method will be described.

First, when a subscriber terminal downloads a site marked with a rating for a harmful site, there is a method of preventing the subscriber from accessing the harmful site by setting a function on the web so that the screen is not displayed on the web even if the download is performed.

However, the above method is difficult to set up and crack down on harmful sites on the Internet, so that not only companies that operate harmful sites domestically and internationally, but also the fact that these harmful sites are operated by changing IP addresses, It is not an effective means of blocking.

Second, using the client-server concept, a subscriber who wants to receive a blocking service for a harmful site registers with a blocking server, and then installs a communication program in his terminal, which can communicate with the blocking server, from the blocking server. When the list is downloaded, the blocking program installed in the terminal blocks the subscriber's access to the harmful site by installing and updating the downloaded list.

However, in this method, since there is no way for the blocking server provider to recognize whether the subscriber's list of blocked sites is updated and the arbitrary destruction of the blocked program, the harmful site using the latest blocked site list provided by the blocked server is provided. Blocking is not efficient.

Third, there is a method of blocking access to harmful sites by using a firewall or a network device capable of blocking traffic.

Although the above method can block the IP address or port of the harmful site at the source, it has a disadvantage that a system administrator needs much time and effort to manage the information change due to the creation, modification and destruction of the site providing the harmful service.

Fourth, there is a method of selectively blocking the traffic of the user who wants to receive harmful services while monitoring the service traffic provided through the network using the harmful traffic monitoring specialized apparatus on the network link.

The above method monitors all traffic on the network and finds and blocks harmful traffic information contained therein. Therefore, when applied to a large traffic volume, the performance of the system is reduced, and IPSec-based communication between the harmful information providing server and the subscriber station is performed. If an encrypted link is configured, such as a VPN (Virtual Private Network) or SSL (Secure Socket Layer), there is no way to block it.

Fifth, there is a method of classifying the traffic of a user who wants to receive a harmful site blocking service based on the network, passing it to a blocking server, and filtering the harmful site.

The above method has the advantage of providing a blocking service in a network of a carrier without adding a separate function for blocking a harmful site selected to a subscriber terminal, but has a disadvantage in that a bandwidth of a physical connection link to a blocking server must be large. It has the disadvantage of complicating the function and the failure of the blocking server to prevent the subscriber from using the Internet service.

According to the above-described schemes, not only the blocking server has to be set up separately, but also the blocking of a specific site requires that the traffic from the subscriber must pass through the blocking server. It is difficult to arbitrarily adjust the bandwidth, so free bandwidth must be secured in advance, resulting in inefficient operation of network resources.

In addition, harmful site information transmitted through an encrypted link such as an IPsec virtual private network (VPN) or a secure socket layer (SSL) between the subscriber station and the server cannot be blocked.
[Prior Art Literature]
1. Domestic Publication No. 10-2009-0019451

In order to solve the above problems, the present invention primarily checks and blocks an illegal browser planted illegally from the outside in a trusted DNS when the user accesses a web site to be accessed using a browser, as well as a second trusted DNS. It delivers internal user's information request information and request information to DNS inspection device in real time to automatically set policy to block illegal browser and access only normal browser for normal access to prevent hacking and many security incidents. The aim is to prevent the disease in advance.

Referring to the configuration of the present invention for solving the above problems based on the accompanying drawings as follows.

In the present invention, when an internal PC user performs naming using a web or text browser, the browser first checks whether a host list existing in the PC exists in the host list file in order to check IP information about the naming. When an internal PC user performs naming for external access, a program is installed to remove the host from the internal PC, and the internal PC does not find the host inside and immediately asks the trusted DNS for an address. In retrieving the illegal browser by checking the naming information entered in the web or text browser through the trusted DNS address registered in the user's PC in the trusted DNS,
The information and request information of the internal user who requested the IP information to the trusted DNS are delivered to the DNS inspection apparatus installed between the internal internet section and the external internet section in real time to automatically set the policy to confirm normal access and then proceed with the normal web. Access only the browser, find the Internet path with the IP information requested by the user, access the website, read the information, collect illegal web browsers, and deliver the site to the computer incident response team for analysis. Next, the illegal browser blocking method using DNS (DNS), characterized in that it is provided to share information by operating an illegal site list database accessed through the illegal web browser.

delete

delete

delete

delete

delete

According to the present invention by the above method, when an internal PC user accesses an external website through a web browser or a text browser, an illegal browser planted illegally is searched in the trusted DNS for the first time, and the DNS inspection apparatus is used for two times. Since only normal web browsers can access the site, it can prevent hacking or many security incidents caused by phishing / zombie sites / abnormal operating sites.

1 is a block diagram showing a state in which a trusted DNS and DNS checking apparatus of the present invention are installed.

Hereinafter, described in detail through a preferred embodiment of the illegal browser blocking method using the D & S according to the present invention, and in the description of the present invention, the related well-known technology, etc., if it is determined that can blur the gist of the present invention Will be omitted. However, these are not limited to the scope of the present invention by these as an example of the present invention.

The present invention is intended to prevent infringement caused by illegal websites through the DNS information search interworking system, and looks at the detailed operation description thereof.

As shown in Fig. 1, in order for the internal PC user 1 to access the external website 6, the web site to be accessed by the user is first named using the web or text browser 2 (www.ac.com). And run

At this time, the PC user can operate only the browser used by the user, so the illegal browser planted by the outside illegally accessed information cannot be checked.

Therefore, in order to be able to search and block illegal browsers, the web or text browser 2 first checks the host list in the host list file 3 existing in the PC for checking IP information about naming.

At this time, the host list file 3 tells the web or text browser 2 whether the host list exists or not. In this process, as a cause of security incidents such as phishing, unless the user knows the PC well, the user cannot check the authenticity of the site.

Therefore, if the host list does not exist in the host list file 3, an illegal web browser is searched in the trusted DNS 4 connected to the web or the text browser 2.

That is, if the IP information does not exist in the host list file 3, the trusted DNS 4 checks the DNS address registered in the user PC and requests the IP information.

As described above, the trusted DNS 4 blocks an illegal browser that does not exist in the host list file 3, that is, a fake DNS exists so that the user bypasses the user's knowledge and accesses the outside.

In addition, the verification process for normal access to prevent the illegal web browser from accessing by automatically setting the policy by transmitting the information of the internal user who requested the IP information to the trusted DNS 4 and the request information to the DNS inspection apparatus 5 in real time. Only allow normal web browsers to access.

Therefore, the DNS checking device 5 frequently checks user information and request information in real time on a secondary basis to prevent hacking or many security incidents by blocking illegal websites such as phishing, zombie sites, and abnormal operation sites in advance. will be.

In addition, by adding the information about the illegal web browsers retrieved from the trusted DNS (4) and the DNS inspection device (5) as described above, and forwarding the analysis to the computer incident response team for the site, and further analyzing The illegal sites are managed at a glance to prevent access to the sites.

In addition, while operating the list of the illegal site as a database to share the information and utilize it, in conjunction with other security equipment will be blocked from accessing the illegal web browser from time to time.

1. Internal user PC 2. Web or text browser
3. Local host list file 4. Trusted DNS
5. DNS inspection equipment 6. External website

Claims (3)

When an internal PC user performs naming by using a web or text browser, the browser automatically checks whether a host list existing in the PC exists in the host list file to check IP information about the naming. Runs naming for external access, a program is installed that removes the host from the internal PC, and the internal PC does not find the host inside and immediately asks the trusted DNS for an address. In retrieving the illegal browser by checking the naming information input from the web or text browser through the trusted DNS address through the registered trusted DNS address,
The information of the internal user who requested IP information to the trusted DNS and the requested information are delivered to the trusted DNS inspection device installed between the internal internet section and the external internet section in real time to automatically set the policy to confirm normal access. Access only the web browser, find the Internet path with the IP information requested by the user, access the relevant web site, read the information, collect illegal web browsers, and deliver the site to the computer incident response team for analysis. Then, the illegal browser blocking method using DNS (DNS) characterized in that it is provided to share the information by operating the list of illegal sites accessed through the illegal web browser.
delete delete

Images