Method and System for Network Security Control

US 20070089165A1
Filed: 10/13/2006
Published: 04/19/2007
Est. Priority Date: 10/15/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for network security control, comprising:

collecting, by terminal devices, local security correlation information and reporting the same to a server;

receiving and parsing, by the server, the security correlation information, and obtaining a security strategy corresponding to the result of the parsing;

performing, by the server, network access control and/or service access control on a terminal device via a network access device by using the security strategy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a method and system for network security control. A server at the network side analyzes local security correlation information collected and reported by terminal devices, and determines a security strategy according to the result of the analysis. Since correlative reacting between the network side and the terminal side is implemented and the security strategy is established according to the information from the terminal devices, threats against security from a terminal device can be resisted from the beginning. A relative large number of information sources can be taken into account when determining the security strategy such that the determined security strategy is more reasonable and accurate. Furthermore, a differential security service can be provided for terminal devices with different subscriber levels. This invention also provides a method and system for preventing junk mails based on the concept of correlative reacting between a terminal and a server.

125 Citations

40 Claims

1. A method for network security control, comprising:
- collecting, by terminal devices, local security correlation information and reporting the same to a server;
  
  receiving and parsing, by the server, the security correlation information, and obtaining a security strategy corresponding to the result of the parsing;
  
  performing, by the server, network access control and/or service access control on a terminal device via a network access device by using the security strategy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method for network security control according to claim 1, further comprising:
    - transmitting, by the server, to a security device the security correlation information reported by the terminal devices, and making, by the security device, a security response according to the security correlation information so as to implement security protection of the network.
  - 3. The method for network security control according to claim 1, wherein collecting local security correlation information comprises:
    - collecting local security configuration information and/or security event information.
  - 4. The method for network security control according to claim 3, wherein when the security correlation information collected by a terminal device contains the security event information, the terminal device filters the security event information as collected according to preconfigured filtering rules and reports the remaining security event information after the filtering to the server.
  - 5. The method for network security control according to claim 3, wherein the security configuration information comprises system security configuration information and application security configuration information;
    - and the security event information comprises virus event information, attack event information and illegal scan information.
  - 6. The method for network security control according to claim 1, wherein the server receives the security correlation information in an interruption or inquiry way.
  - 7. The method for network security control according to claim 1, further comprising:
    - providing, by the server, a security service for a terminal device based on the security strategy.
  - 8. The method for network security control according to claim 7, wherein providing a security service comprises:
    - performing security attack processing, performing security configuration updating or providing a security report.
  - 9. The method for network security control according to claim 1, wherein receiving and parsing the security correlation information comprises:
    - making a comprehensive analysis on the security correlation information reported by at least two terminal devices.
  - 10. The method for network security control according to claim 1, wherein obtaining a security strategy corresponding to the result of the parsing comprises determining a security strategy corresponding to each terminal device in combination with the security service level of a security service subscribed to by a subscriber.

11. A system for network security control, comprising terminal devices, a network access device connected therewith, and a security correlation server connected with the network access device, and further comprising:
- security correlation agents provided at the terminal device side, for collecting security correlation information of the terminal devices and reporting the same to the security correlation server;
  
  wherein the security correlation server is for receiving and parsing the security correlation information reported by the security correlation agents, obtaining a security strategy corresponding to the result of the parsing, and performing network access control and/or application service access control on a terminal device via the network access device by using the security strategy.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 12. The system for network security control according to claim 11, wherein the security correlation server parses the security correlation information reported by the security correlation agents, by making a comprehensive analysis on the security correlation information reported by the security correlation agents of at least two terminal devices.
  - 13. The system for network security control according to claim 11, further comprising:
    - a security device connected with the security correlation server, for obtaining the security correlation information from the security correlation server, making a corresponding security response and implementing security protection of the network.
  - 14. The system for network security control according to claim 11, wherein the security correlation agent comprises:
    - a configuration information obtaining subunit for collecting and transmitting security configuration information of the terminal device to the security correlation server.
  - 15. The system for network security control according to claim 14, wherein the security configuration information collected by the configuration information obtaining subunit comprises system security configuration information and application security configuration information.
  - 16. The system for network security control according to claim 14, wherein the security correlation agent further comprises:
    - an event information obtaining subunit for collecting security event information of the terminal device;
      
      an event information filtering subunit connected with the event information obtaining subunit, for filtering the security event information as collected according to preconfigured filtering rules and reporting the remaining security event information after the filtering to the security correlation server.
  - 17. The system for network security control according to claim 11, wherein the security correlation agent comprises:
    - an event information obtaining subunit for collecting security event information of the terminal device;
      
      an event information filtering subunit connected with the event information obtaining subunit, for filtering the security event information as collected according to preconfigured filtering rules and reporting the remaining security event information after the filtering to the security correlation server.
  - 18. The system for network security control according to claim 16, wherein the security correlation information collected by the event information obtaining subunit comprises virus event information, attack event information and illegal scan information.
  - 19. The system for network security control according to claim 17, wherein the security correlation information collected by the event information obtaining subunit comprises virus event information, attack event information and illegal scan information.
  - 20. The system for network security control according to claim 11, wherein the security correlation agent is a functional module provided within the terminal device, or an independent functional entity in the system.
  - 21. The system for network security control according to claim 11, wherein the security correlation server comprises a database recording the security service level of a security service subscribed to by a subscriber;
    - wherein the security correlation server obtains a security strategy corresponding to the result of the parsing by determining a security strategy corresponding to each terminal device in combination with the security service level of a security service subscribed to by a subscriber.
  - 22. The system for network security control according to claim 21, wherein the security correlation server and the security correlation agent provide a security service for a terminal device based on the security strategy corresponding to the terminal device.
  - 23. The system for network security control according to claim 21, wherein the security service comprises security attack processing, security configuration updating or a security report.
  - 24. The system for network security control according to claim 22, wherein the security service comprises security attack processing, security configuration updating or a security report.

25. A method for preventing junk mails, comprising:
- reporting, by a client, the configuration information of a received junk mail to an associated server;
  
  receiving and parsing, the server, the configuration information, and establishing a junk mail filtering strategy according to the result of the parsing;
  
  filtering out, by the server, a junk mail received from the network according to the filtering strategy.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method for preventing junk mails according to claim 25, wherein reporting the configuration information of a received junk mail to an associated server comprises reporting at least one of the source address/destination address, a key word of the subject and a key word of the content of the junk mail to the associated server.
  - 27. The method for preventing junk mails according to claim 25, wherein the server receives the configuration information in an interruption or inquiry way.
  - 28. The method for preventing junk mails according to claim 26, wherein the server receives the configuration information in an interruption or inquiry way.
  - 29. The method for preventing junk mails according to claim 25, wherein the method further comprises:
    - updating, by the server, the junk mail filtering strategy in real time according to the configuration information of the junk mail reported by the client.

30. A system for preventing junk mails, comprising a mail server and at least one client connected with the mail server via a network access device, and further comprising:
- a configuration information obtaining unit provided in the client, for obtaining and transmitting configuration information of a junk mail received by the client;
  
  a security correlation server connected with the network access device, for receiving and storing the configuration information transmitted from the configuration information obtaining unit, establishing or updating a junk mail filtering strategy according to the configuration information, and controlling the network access device to filter out a junk mail received from the network by the mail server according to the filtering strategy.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The system for preventing junk mails according to claim 30, wherein the security correlation server comprises:
    - a configuration information storing unit, for receiving and storing the configuration information transmitted from the configuration information obtaining unit;
      
      a configuration information processing unit connected with the configuration information storing unit, for obtaining the configuration information from the configuration information storing unit, establishing or updating a junk mail filtering strategy according to the configuration information, and controlling the network access device to filter out a junk mail received from the network by the mail server according to the filtering strategy.
  - 32. The system for preventing junk mails according to claim 31, wherein the configuration information storing unit receives the configuration information of a junk mail from the configuration information obtaining unit in an interruption or inquiry way;
    - the configuration information processing unit reads the configuration information of a junk mail from the configuration information storing unit in an interruption or inquiry way.
  - 33. The system for preventing junk mails according to claim 30, further comprising:
    - a mail detecting unit connected with the configuration information obtaining unit, for detecting the mails received by the client and identifying a junk mail therefrom.
  - 34. The system for preventing junk mails according to claim 33, wherein the mail detecting unit is provided within the client, or is an independent entity in the system.

35. A system for preventing junk mails, comprising a mail server and at least one client connected with the mail server via a network access device, and further comprising:
- a configuration information obtaining unit provided in the client, for obtaining and transmitting configuration information of a junk mail received by the client;
  
  a security correlation server connected with the network access device, for receiving and storing the configuration information of the junk mail transmitted from the configuration information obtaining unit;
  
  a mail filtering unit connected with the security correlation server, for establishing or updating a junk mail filtering strategy according to the configuration information outputted by the security correlation server, and filtering out a junk mails received from the network according to the filtering strategy.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The system for preventing junk mails according to claim 35, wherein the mail filtering unit is provided in the mail server or connected with the mail server via a communication interface.
  - 37. The system for preventing junk mails according to claim 35, wherein the mail filtering unit is connected between the mail server and an internet router.
  - 38. The system for preventing junk mails according to claim 35, wherein the client comprises:
    - a mail detecting unit connected with the configuration information obtaining unit, for detecting the mails received by the client and identifying a junk mail therefrom.
  - 39. The system for preventing junk mails according to claim 38, wherein the mail detecting unit is provided within the client, or is an independent entity in the system.
  - 40. The system for preventing junk mails according to claim 35, wherein, the security correlation server obtains the configuration information of a junk mail from the configuration information obtaining unit in an interruption or inquiry way;
    - the mail filtering unit obtains the configuration information of a junk mail from the security correlation server in an interruption or inquiry way.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Wei, Jiwei, Liu, Shuling, Zheng, Zhibin

Application Number

US11/549,186
Publication Number

US 20070089165A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/0227   Filtering policies mail mes...

H04L 63/104   Grouping of entities

H04L 63/1433   Vulnerability analysis

Method and System for Network Security Control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

125 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Network Security Control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links