ES2285922B1 - SYSTEM OF CORTAFUEGOS AND ANTI-SPAM FOR ETHERNET NETWORKS. - Google Patents

Abstract

The present invention describes a system for computer networks that have an Ethernet interface, in which by means of a dedicated device (1), located between the Internet and the network to be protected, that it has its own processor, hard disk, different input ports and exit, etc., performs a firewall for the network that provides an anti-spam filter. The system includes a method of mail recognition and management to establish such an anti-spam filter based on lists of admitted or rejected senders and classification messages with prevention mechanisms against automated responses.

Description

Firewall and anti-spam system for networks
Ethernet

Field of the Invention

The present invention describes a system for computer networks that have an Ethernet interface, in which through a dedicated device with its own processor, disk hard, different input and output ports, etc., performs a firewall for the network that provides a filter anti-spam It includes the procedures of mail recognition and management to establish said filter anti-spam

Background

One of the serious problems that exist in the Today is that due to the abusive use of technologies based On the Internet, companies are victims of SPAM or spam that comes to collapse redistribution services and / or email storage of those companies and to do cumbersome selection of useful mail by users

But in addition, email is the medium used to attack new computer viruses and the injection into business networks and personal computers of spyware (Spyware) that seeks to obtain data confidential corporations, or software that ends using outside computing resources for their own Purposes In general, all these damages result in reducing the quality and performance of computer equipment that their benefits decrease, losing effectiveness.

To all this we must add the "pishing" (password harvesting fishing) It is a bank scam supported by the transmission of mail electronic that represents a new danger for computers They receive email from the network. In this modality of scam, by sending an email, supposedly from a legitimate banking entity, they send us to a page fraudulent that mimics the legitimate one, in order to obtain our bank access codes that will then be used with fraudulent purposes

Both network performance losses business informatics, such as the consequences of different email related scams, and even the violation of the confidentiality of confidential data result of business activity, represent damages Economic millionaires.

It is to deal with these problems that has devised the system of the present invention.

Because although there are computers that located between the network or networks of the company and abroad are used as firewalls, the cost of them, and above all, the obvious ones configuration difficulties mean a high cost of realization that hinders its extension.

Paradoxically, the difficulty of configuration of such systems that the cost of the equipment computer always on the decline.

Also computers, individually, in their same configurations of the installed software have products that perform anti-spam filters, or Firewall

Most account providers email like Yahoo, Google, etc., and the providers of domains, currently provide some service anti-virus and non-mail filters wanted.

However, all previous systems do not they manage to avoid the growing proliferation of viruses in the emails and unwanted messages for fraudulent purposes.

The system of the present invention provides an economical and very reliable means of protecting corporate networks,  with the possibility of protecting different domains, which allows a Important mail handling size.

One of the main objectives of this invention is therefore to establish a firewall that enable the effective realization of a filter Anti-spam or spam.

To do this, a device is made that comes factory set with all hardware items that allow optimal operation of the same but saving those of which for example has a personal computer and that They are not necessary for this function. Software components they are also configured for optimal operation at prescribed task, in the absence of setting specific parameters typical of each system in which it is installed.

The system also includes its own method of filtering unwanted mail that gives total security about the legitimate origin of the mail that is
receives.

Brief Explanation of the Invention

The firewall system and anti-spam for ethernet networks of the invention it consists of a device configured to position itself as a bridge between the corporate network or corporate networks, with one or more domains, and the external network, usually the Internet.

The device has a processor, Ethernet controllers and Ethernet ports, a Chipset, Memory SDRAM, a hard drive, USB ports, RS232 port and standard output VGA

The device incorporates operating system software, an SMTP email server (Simple Mail Transfer Protocol), an antivirus integrated with said email server, a manager
antiSpam, and different mainly statistical software.

The device of the invention incorporates, In addition, a spam filtering method that collates valid sources with a list of supported sources, and in case negative sends secure identity confirmation emails that allow the automatic management of these lists of origins admitted.

This avoids not only receiving mass emails for a multitude of end users, but the rejection of emails with fake identities managed automatically by computer robots that test the Internet in the search for networks to infiltrate.

Brief explanation of the drawings

For a better understanding of the invention, accompanies a sheet of drawings for illustrative purposes only and not Limiting it.

Figure 1 represents a schematic of the situation of the device using the system of the invention as a bridge between a corporate network and the Internet.

Figure 2 represents a block diagram with the characteristic method of the invention to avoid the fraudulent attacks of robotic origin.

Detailed Explanation of the Invention

The present invention consists of a system of Firewall and anti-spam for ethernet networks formed by a device (1) configured to position itself as a bridge between the corporate network and the Internet or any external network.

Said device (1) incorporates a processor that in the preferred configuration of the invention is a VIA Nehemiah 1 Ghz, a chipset or set of control chips that in said preferred embodiment is a VT8601T VT82C686B, and memory of work of said device which in the preferred embodiment is of 128 Mb SDRAM133 type.

The device (1) uses a hard disk to store both the functional software and parameters of configuration and installation of it in the corporate network, as well as the incoming mail that the system of the invention.

In fact, to ensure an adequate volume of post process and size of the temporary segments of storage of the same inherent to its processing, the disk hard chosen in the preferred embodiment is a Seagate Barracuda 160 Gb UltraAta at 7200 rpm that provides a high capacity of storage and good speed of access to said disk.

As for the device inputs / outputs (1), there are different types: Ethernet ports, USB ports, Serial ports and standard VGA output.

In the preferred embodiment of the invention, they have in said device (1) 4 Ethernet ports, 2 ports USB, 1 RS232 serial port and 1 VGA output.

Said device (1) is implemented with software suitable for operation and ready for use by lack of proper introduction of appropriate parameters related to the network to be used as Firewall anti-spam

Said software in general terms incorporates an Operating System, an SMTP email server, a antivirus integrated with said email server, a anti-spam manager, and different software Mainly statistical

It should be noted that the mail server electronic does not require any user configuration or mailboxes personal In fact, it acts as a gateway and it is the server who receive mail from the domains specified in the configuration from the system and forwards them to the server (2) (backend) with the mailboxes of user.

They exist between the procedures implemented by the system different standard applications to avoid the virus intrusion and mass mail, as are the mechanisms AntiRelay, AntiRBL, Antivirus and Anti-Spam. He system uses in these functions procedures that are part of The known technique.

Relay is the sending of foreign mail from the own mail server. The Anti-RBL is the maintaining an automatic blacklist of known domains or IPs that send mass mail. Mail servers usually incorporate AntiRelay and AntiRBL functions that simply must set up

Similarly, the invention can use any antivirus software known to the art, both if it is proprietary software as if it is not.

A coating layer is also included Anti-Spam of those known in the art for avoid landing on the device (1) of mails addressed to multiple recipients

Finally, it is additionally included in the device (1) software of a diverse nature, mainly of statistical type to provide traffic information of mail through the device (1).

In the spam filter method characteristic of the system of the invention three are constructed mailing list: a white list (4) with addresses of incoming mail that will be admitted, a blacklist (5) with email addresses that will be rejected, and a waiting list (6) with incoming email addresses waiting to be admitted.

Actually the system of the invention manages entirely the mail that receives and transmits, but the decision final about whether an address is added to the white list (4) or black (5) will depend on the end user in response to the appropriate system internal mail.

When the device of the invention receives a new message of unknown origin, that is, it does not belong to none of the lists (4, 5 and 6) of sources, generates a form of contact that transmits by mail to the recipient user, offering you the option to add the sender to any of the lists (figure 2).

This contact form includes information of the sender of the mail, such as your name, company, telephone, Email, why you want to contact the protected user through the present system, and a text validation image.

Said text image that is generated by procedures known in the art, presents a word drawn in stylized stroke and character size, spacing and irregular baseline; word created randomly and that the User must read and write it on the form.

This method is used as proof that The user who sends the answer is a person and not a robot computer infiltrated in the corporate network through a virus or similar, that would otherwise obtain its automatic validation at through the mail gateway of the device (1), making This ineffective.

Analyzing in more detail Figure 2, this shows the process flow of the received mail, which, first instead, it is subjected to a virus review by means of a antivirus procedure included in the present invention. From own the message any type of virus, it is removed directly.

Once the antivirus check is over, the received mail is submitted by Bayesian filters to Check to see if it is a mass email or not. These virus or mass mail checks are optional and can Do not use if desired when configuring the system, although the favorite option contemplates its activation by default.

Then, the email received is verified to determine if the mail sender is blacklisted (5). If the sender or its IP address are included in The blacklist, the message is automatically deleted.

If the sender of the message is included in the whitelist (4) the message that moves to the domain is accepted recipient so that the mail server of that domain transmit to your destination mailbox.

Those senders who are not included in none of the lists, neither the white one (4) nor the black one (5), are temporarily included in a waiting list (6).

In the latter case, the device (1) of the invention transmits to the message recipient a form of the That your consistent response is verified. The message or messages from said sender on the waiting list (6) remain in her for a scheduled time until future validation or elimination.

If any of the forms sent by the system with the same sender to decide its inclusion in the white list (4) or black (5) is answered by the recipient, all messages on the waiting list will be processed with the criteria decided by the final recipient and future messages originating in said sender will be processed according to your inclusion in the white list (4).

If blacklisted (5) all your messages on the waiting list (6) will be deleted, and the messages that will be received in the future will also be eliminated according with the criterion of inclusion of the sender to said blacklist (5).

In the event that the form received does not contain the appropriate response to the form generated by the system of the invention, the next step will be to verify if the message comes from a sender already included in any of the ready to proceed in logical consequence. In another case, it automatically generates another contact form analogous to first sent to offer another opportunity to the recipient of correct a possible error when completing it.

The system can be configured to establish a limit number to these repetitions of the verification form, establishing that after a certain number of erroneous attempts, the sender of the message is blacklisted (5) and all your emails present on the waiting list (6) and your messages Futures will be eliminated.

Thus, with the system of the present invention a firewall device (1) is provided and anti-spam that filters and controls the addresses of mail allowed and prohibited, allows the management of several domains, is autonomous and constitutes an email gateway between Internet or any external network and the internal corporate network.

It is understood that in the present case they will be variables how many details of finishing or realization do not alter or modify the essence of the invention.

Claims (8)

1. System firewall and anti-spam for Ethernet networks, characterized by comprising: a device (1) located as a bridge between a corporate network and the Internet or external network; said device (1) includes a processor, a chipset or set of control chips, working memory, hard disk, Ethernet ports, USB ports, serial ports and video output; said device (1) including the appropriate software and procedures that allow it to function as an email server and Anti-Spam manager thereof; Means, in said device (1), for determining the email address and / or IP address of the email senders; Means, in said device (1), for establishing a white list (4) of reliable senders, a black list (5) of blocked senders and a waiting list (6) of insecure senders; Means to formulate a communication with said senders of said e-mail messages aimed at determining their inclusion in any of said lists (4, 5 and 6). 2. Firewall and anti-spam system for Ethernet networks, according to claim 1, characterized in that it includes procedures for detecting and eliminating computer viruses, Anti-Relay filters, Anti-RBL filters, and an anti-spam wrap. 3. Firewall and anti-spam system for Ethernet networks, according to the preceding claims, characterized by having 4 Ethernet ports, 2 USB ports, 1 RS232 serial port and 1 VGA output. 4. A method used in the system of firewalls and spam to Ethernet networks claim 1, characterized in that the inclusion of the senders of the email messages in one of these lists: White (4) Black (5) or Waiting (6), is linked to the decisions of the recipients in their response messages to a verification form sent by said device (1) that includes an encrypted code that said recipient must read and copy in response to said form. 5. The method used in the firewall and anti-spam system for Ethernet networks of claim 1, according to the preceding claim, characterized in that said code encrypted in said verification forms consists of a randomly generated text image of a word, drawn in a stylized line and of irregular character size, spacing and baseline, within the known technique, and that must be read and entered in the response of said form. 6. Method used in the firewall and anti-spam system for Ethernet networks of claim 1, according to claims 4 and 5, characterized in that once the system receives the response to a verification form, determining the inclusion of the sender in one of the lists, white (4) or black (5), you will transfer all your waiting emails and future emails to your destination, or delete those emails and futures with the same sender or domain address. 7. Method used in the firewall and anti-spam system for Ethernet networks of claim 1, according to claims 4 to 6, characterized in that if the response to said verification form is not adequate, a new verification form can be sent repeating this process, if so decided, a limited number of times. 8. Method used in the firewall and anti-spam system for Ethernet networks of claim 1, according to claims 4 to 7, characterized in that said email verification form includes the following sender information: name, company , telephone, email, reason for contact, and said text validation image.