Method and system for sensitive information monitoring and leakage prevention based on front-end gateway

Abstract

The invention relates to a method and a system for sensitive information monitoring and leakage prevention based on a front-end gateway. The system comprises a configuration module, a non-trust list generating module and a sensitive information leakage prevention module. The method includes that first, the front-end gateway is arranged in a data flow link of a web server, and a front-end gateway agent client sends requests to the web server and / or accepts requests from the web server, second, the front-end gateway is configured with sensitive information needing to be monitored by the agent website and starts to monitor the sensitive information after the configuration is successful, and third, the front-end gateway takes uniform resource locators (URLs) containing the sensitive information as non-trust URLs of the website and establishes a non-trust list, and when the client requests the content of the URLs, the front-end gateway replaces the website to respond to the requests to prevent the sensitive information from leaking. The system for the sensitive information monitoring and leakage prevention based on the front-end gateway is not dependent on a construction system of the website, does not interfere with the management mode of the website, and can monitor the status containing the sensitive information of the website ceaselessly and meanwhile ensure that the sensitive information does not leak through the method of agent response by the front-end gateway.

Description

technical field [0001] The present invention relates to information security. Specifically, it relates to a method for realizing sensitive information monitoring and leakage prevention of a protected website based on a front-end gateway. Background technique [0002] With the development of Internet technology, websites, as the carrier of network information, undertake the function of disseminating information to the outside world. Text information is the main component of the website. Once sensitive information is maliciously added, it will mislead users, even affect the direction of public opinion, and even cause huge Therefore, there is a need for a method to monitor the sensitive information inside the website and prevent the leakage of existing sensitive information. [0003] Currently, sensitive information monitoring is divided into two types, client-side sensitive information monitoring and server-side sensitive information monitoring. The main purpose of client-si...

AI Technical Summary

Problems solved by technology

For example, the application number is: 200610061403.2 Invention patent application, sensitive information filtering system and method for uploading files by the server, including a control center and several sensitive information filtering components in the system, there are defects such as: the server can only filter sensitive information for uploaded files filtering; using the control center plus file server filtering components, the main application background is ftp and / or smb server, another example is the invention patent application with application number: 200710122234.3, sensitive information monitoring and automatic reply system and method, establishing monitoring The connection between the device and the host, the monitoring device reads and stores sensitive information inside the host, monitors ordinary files in the host, and needs to be adapted to the host

Existing defects: It is also necessary to run monitoring software and monitoring devices on the host to monitor sensitive information

[0006] As can be seen from the above description, on the one hand, the website has become the mainstream information publishing medium, and the WEB application server, as the main equipment for providing services to the outside world, has the characteristics of general use of servers, and the source file can be monitored by deploying sensitive information monitoring software on the server side. Sensitive information monitoring and leakage prevention, such as the invention patent application with the patent application number: 200710300405.7, the method and device for preventing sensitive information leakage, and computer terminals, whether the terminal accesses phishing websites, to ensure that sensitive information is not leaked to illegal sites, exists Defect: Due to the particularity of WEB application services, this method has certain limitations

For example, the application number is: 200710118490.5 invention patent application, a method and storage device for restricting the reading of sensitive information. A piece of sensitive information, and delete the sensitive information, there are defects such as: based on the smart card to protect sensitive information from leaking, which limits the number of readings of sensitive information, and the monitoring process is relatively passive; but due to the particularity of WEB application services, this method It has certain limitations. With the continuous increase of website capacity, it is obviously not enough for WEB application services to provide external information only by relying on static technology. Therefore, most WEB application services use dynamic technology to store most of the content information in the database. When customers When the client requests the information, the WEB application service extracts the information requested by the user from the database and generates an html format that can be parsed by the browser and sends it to the client. The method cannot detect the real content of the file, but only the source code file for developing WEB application services; In the network data flow link, the protection against the leakage of sensitive information cannot be carried out

Images