US008626915B2

(12) United States Patent (10) Patent N0.: US 8,626,915 B2 Uchida (45) Date of Patent: Jan. 7, 2014

(54) ROUTING METHOD 2006/0059279 A1* 3/2006 KakiZaki ...... 710/33 2007/0162749 A1 7/2007 Lim (75) Inventor: Yoshiaki Uchida, Kawasaki (JP) 2007/0174501 A1 * 7/2007 Lln et a1‘ """""""""""" " 710/15 (73) Assignee: Fujitsu Limited, Kawasaki (JP) FOREIGN PATENT DOCUMENTS

( * ) Notice: patentSubject' is to extended any disclaimer, or adjusted the term under of this 35 JP 2002-312316 :2 10/2002 U.S.. 15405) by 0 days. JP 2003-122615 4/2003 JP 2004-185312 7/2004 (21) Appl' NO". 12/766’017 JP 2006-0854012005-130214 3/20065/2005 . JP 3994126 10/2007

WO 00/22796 4/2000 (65) Prior Publication Data WO 2004/ 100456 A1 11/2004 Us 2010/0205300 A1 Aug. 12, 2010 OTHER PUBLICATIONS

_ _ International Search Report for PCT/ J P2007/ 070796, mailed on Mar. Related US. Application Data 18, 2008' (63) Continuation of application No. PCT/JP2007/070796, Chinese Of?ce APP?“ issued Aug 24, 2012 in Corresponding Chi ?led on Oct 25 2007 nese Patent Application No. 2007801012733. ' ’ ' Chinese Of?ce Action mailed Mar. 7, 2013 for corresponding Chi (51) Int Cl nese Application No. 2007801012733. ' ' Extended European Search Report dated Feb. 17, 2012 issued in G06F 15/1 73 (200601) corresponding European Patent Application No. 078305307. (52) U-s- Cl- Chinese Of?ce Action issued May 15, 2012 issued in corresponding USPC ...... 709/225; 709/224 Chinese Patent Application No. 2007801012733. (58) Field of Classi?cation Search _ _ USPC ...... 709/216, 224, 225, 229, 370/389; * med by examlner 707/100; 710/15 Primary Examiner * Quang N Nguyen See application ?le for complete search history. (74) Attorney, Agent, or Firm * Staas & Halsey LLP (56) References Cited (57) ABSTRACT U.S. PATENT DOCUMENTS A method executed by a router that establishes a connection between a network and an another network that includes an 6,535,227 B1 * 3/2003 Fox et al...... 709/224 information processing device and an information storage 6,742,040 B1 * 5/2004 Toga ...... 709/229 device, the method includes: detecting an access status of the 7,143,096 B2 * 11/2006 Gemba et al. 709/216 information processing device to the information storage 8,010,627 B1 * 8/2011 Schneebeli et a1 709/229 2002/0107961 A1* 8/2002 Kinoshita ...... 709/225 device; and prohibiting transfer of the information from the 2004/0022242 A1* 2/2004 Bhogal et a1...... 370/389 information processing device to the another network 2004/0111603 A1 6/2004 Iwamura depending on the access status managed in the detecting. 2005/0108257 A1* 5/2005 Ishii et al...... 707/100 2005/0229245 A1 10/2005 Nakano et al. 7 Claims, 15 Drawing Sheets

500 ROUTER ~503

EXTERNALCONTROL ACCESS UNIT L, 506 EXTERNAL NETWORK 8 505

PC PC FILEACCESS MONITORING UNIT 507 SYSTEM CONTROL UNIT 508 CHARACTERISTIC PATTERN GENERATING UNIT 509

CI-IARACTERISTIC PATTERN 510 DICTIONARY

FILE SEARCH UNIT 511

ADDING FUNCTION 512

US. Patent Jan. 7, 2014 Sheet 2 0f 15 US 8,626,915 B2

6x500:2:

momm2 N

.wN_u_ momSN wwmoo

4 ‘7 wm?nom US. Patent Jan. 7, 2014 Sheet 3 0f 15 US 8,626,915 B2

zoo,6205,,33E, .EMwwmmagogzwwmmamfb 0Q2956936932wmmwgmg o25mmNwonomnowomnomémmmwgm? 2Q290omonomnowomnomngwwwwgm? .QEm Sm8mmomomNew amA

8N US. Patent Jan. 7, 2014 Sheet 4 0f 15 US 8,626,915 B2

~ mow

ZOEUZE 20:.023;6045.46/\ wziotzoz55E5‘3

on_

on_

US. Patent Jan. 7, 2014 Sheet 6 6f 15 US 8,626,915 B2

OE@ US. Patent Jan. 7, 2014 Sheet 7 0f 15 US 8,626,915 B2

N 5 E

852528R2 6x58:232 8|Néogmzézmmbm :NKENE2252 an@E N EmmiZQBEOZQ6x58555v55ézmmbm v55255m< GEN @zEmEQ:75 @Em?

N $5528ézowmmi 4 $82ME 959202:75 US. Patent Jan. 7, 2014 Sheet 8 0f 15 US 8,626,915 B2

éogmzézmmcm| ~ Now 6x58:2: 8w gmE2252 8%?528w2 6x58£52555v5555%

8m N ~

80ml_2:$82Q55HE gag 8%“L865Q52 mzOmwm5mm: mm._EH

momw a3% _ZOEEEQ75o ZOEEEO562:E55 V US. Patent Jan. 7, 2014 Sheet 10 0f 15 US 8,626,915 B2

89w?mzOmosamm>m@215 @005Qzm >

US. Patent Jan. 7, 2014 Sheet 13 0f 15 US 8,626,915 B2

mom? ~ N E225hv moéokmE052:75I

#2 N 4‘ N

N> 5252 3%vE225v k 82 US. Patent Jan. 7, 2014 Sheet 14 0f 15 US 8,626,915 B2

mo? N [\\ ) $52ME( 6x58 :75 6x5855%( :75 on_

on_

US 8,626,915 B2 1 2 ROUTING METHOD FIG. 3 is a Bad PC List 203 according to the embodiment. FIG. 4 is a con?guration diagram of a network storage CROSS-REFERENCE TO RELATED system 400 according to the embodiment. APPLICATION FIG. 5 is a con?guration diagram of a network storage system 500 according to the embodiment. This is a continuation of Application PCT/J P2007/ 070796, FIG. 6 is a con?guration diagram of a network storage ?led on Oct. 25, 2007, the entire contents of which are incor system 600 according to the embodiment. porated herein by reference. FIG. 7 is a con?guration diagram of a network storage system 700 according to the embodiment. FIELD FIG. 8 is a con?guration diagram of a network storage system 800 according to the embodiment. A certain aspect of the embodiments discussed herein FIG. 9 is a ?owchart related to open operation of the relates to technique of a network storage, such as an NAS according to the embodiment. (network attached storage). FIG. 10 is a ?owchart related to close operation of the NAS 104 according to the embodiment. BACKGROUND FIG. 11 is a ?owchart of counting operation executed by the router 103 according to the embodiment. A network storage, such as an NAS, has been increasingly FIG. 12 is a ?owchart of packet transfer operation executed used. Constant connection to the in a computer has by the router 103 according to the embodiment. become common. Therefore, even when users access ?les in 20 FIG. 13 is a hardware block diagram of the NAS 104 an NAS in a situation that most computers are placed in a according to the embodiment. closed area, such as a LAN, the computers are connected to FIG. 14 is a con?guration diagram of the network storage the Internet. system 100 according to the embodiment. This causes a problem that malicious (hereinafter, FIG. 15 is a con?guration diagram of the network storage referred to as malware) opens data, stored in the NAS, to the 25 system 100 according to the embodiment. public on the Internet in a form that is not intended by a user. In addition, there may also be a problem due to a careless, DESCRIPTION OF EMBODIMENTS inappropriate operation, such as a case where a user misiden ti?es an actually public area on the Internet as a private work A network storage system according to an embodiment is a area and then places important private data therein or a case 30 system in which a plurality of personal computers and an where a user establishes connection to a network while a NAS are connected by a LAN (Local Area Network) and then folder that originally should not be open to the public remains a network outside the LAN and the personal computers are open to the public. connected via a router. Then, the personal computers access There is a simple solution for the above problems, that is, to ?les via the LAN or access the Internet via the router. The “directly unplug a LAN cable”; however, this requires 35 NAS according to the present embodiment executes control unplugging a LAN cable of a router, or the like, so it is so that data stored in the NAS do not leak onto the Internet burdensome. against user’s intention. There is the following Patent Document related to a tech A particularly problematic case where data stored in the nique for preventing information leakage in a computer. NAS leak onto the Internet is caused by malware. [Patent Document 1] Japanese Laid-open Patent Publica 40 A route through which data on the Internet leak owing to tion No. 2003-122615 malware against user’s intention is conceivably the following cases. iMalware sets a secret folder to a public folder of a SUMMARY ?le sharing folder. iMalware copies a secret ?le into a public folder. iMalware transfers a secret ?le by mail at user’s According to an aspect of an embodiment, a method unintended timing. executed by a router that establishes a connection between a Existing measures for these problems are as follows. iA network and an another network that includes an information personal computer detects “malware” by antivirus software. processing device and an information storage device, the iA personal computer shuts off an external network connec method includes: detecting an access status of the informa tion to the personal computer by a software ?rewall. iA tion processing device to the information storage device; and 50 personal computer monitors leakage of important data by a prohibiting transfer of the information from the information physical ?rewall. processing device to the another network depending on the However, according to the measures of the above described access status managed in the detecting. 1, an action against a new type of virus delays. The above The object and advantages of the invention will be realiZed measures are ineffective for a personal computer that is ini and attained by means of the elements and combinations 55 tially or early infected with “malicious software”. particularly pointed out in the claims. According to the measures of the above described 2, it is It is to be understood that both the foregoing general di?icult to detect a case where “malicious software” that once description and the following detailed description are exem starts to run accesses the outside from the inside. plary and explanatory and are not restrictive of the invention, The measures of the above described 3 include a technique as claimed. 60 that is used to take measures for a SPAM mail or to monitor an Web access conducted by an employee. This technique is BRIEF DESCRIPTION OF DRAWINGS such that, for example, when data coming from an external network or exchanged with an external network include a FIG. 1 is a con?guration diagram of a network storage word or an expression that is unlikely to be related to a job or system 100 according to the embodiment. 65 when a source or a relay point is considered to be a suspicious FIG. 2 is a schematic view of a router 103 and NAS 104 individual, the coming or exchanged data are regarded as according to the embodiment. unauthorized data. It is presumably possible to use the above US 8,626,915 B2 3 4 technique When important data that should be prevented from netWork storage system 100 is able to prevent leakage of a leakage are ?xed and have a speci?c pattern. That is, accord secret ?le stored in the NAS 104 due to malWare. ing to the above technique, if a Word or an expression that is Note that the other personal computer 102 is alloWed to considered to be important on a job can be selected as a ?xed refer to the Internet, and data may be referred to Within the pattern, transmission of data, including the ?xed pattern, is LAN betWeen the personal computer 101 and the personal prohibited When the data are about to be transferred to the computer 1 02. Note that control for a connection betWeen the outside. external netWork 105 and the personal computer 101 or 102 is HoWever, as it is dif?cult for a ?reWall to mechanically not limited to control implemented by the router 103. distinguish abnormal data from normal data throughout only [NAS 104] by a Word or an expression that is unlikely to be related to a The NAS 104 according to the present embodiment not job, it is also dif?cult to detect data transmission using a Word only has a ?le server function but also has a function of or an expression that is a key to prohibit the data transmission. controlling the router 103. Then, the router 103 uses the Therefore, the user just needs to take measures at a later date external access control unit 108 to control communication using the log data of the ?reWall. from the personal computer 101 to the external netWork 105. The NAS according to the present embodiment is con The NAS 104 has folders and ?les. The ?les may be con nected to a personal computer via a netWork. The NAS is tained in the folders or may be placed in the same hierarchy as formed of a ?le access detecting unit and a system control those of the folders. The ?le access monitoring unit 106 unit. The ?le access detecting unit detects a ?le access from detects a ?le access of each of the personal computers 101 and the personal computer to the netWork storage. The system 20 102. In the present embodiment, the ?le access monitoring control unit controls interruption of a connection betWeen the unit 106 detects an api (Application Program Interface) personal computer and an external netWork on the basis of the related to the ?le access of the personal computer 101 or 102 detected ?le access. By so doing, While an information pro to thereby detect the ?le access of the personal computer 101 cessing device is accessing to the NAS, a connection betWeen or 102. The api is a set of protocols that de?ne the procedure the information processing device and an external netWork is 25 of softWare for programming. interrupted to thereby make it possible to prevent leakage of When the ?le access monitoring unit 106 detects an access data, stored in the NAS, to the external netWork. from the personal computer 101 or 102 to a ?le, the ?le access [NetWork Storage System 100] monitoring unit 106 noti?es the system control unit 107 of the Hereinafter, a netWork storage system 100 according to the MAC address or IP address of the access request source present embodiment Will be described With reference to FIG. 30 (personal computer 101 or 102). 1. FIG. 1 is a con?guration diagram of the netWork storage The system control unit 107 controls the external access system 100 according to the present embodiment. control unit 108 of the router 103 on the basis of information The netWork storage system 100 is formed of personal computers 101 and 102, a router 103 and a netWork storage (MAC address, IP address) received from the ?le access monitoring unit 106. (hereinafter, referred to as NAS) 104. The netWork storage 35 system 100 is connected to an external netWork 105 via the The external access control unit 108 interrupts an access of router 103. In addition, the NAS 104 is formed of a ?le access the personal computer 101 or 102 to the external netWork 105 monitoring unit 106, a system control unit 107 and a ?le on the basis of an instruction from the system control unit access control unit 110. The ?le access monitoring unit 106, 107. In addition, the external access control unit 108 may be system control unit 107 and ?le access control unit 110 that 40 con?gured to delay an access of the personal computer 101 or are implemented in the NAS 104 are neW functions and are 102 to the external netWork 105. characteristics of the NAS 104 according to the present For example, it is assumed that malWare tries to transmit a embodiment. In addition, the router 103 has an external secret ?le (?le for Which a secret ?ag is on) that should be access control unit 108 and an external access monitoring unit originally kept secret to the external netWork 105 by mail 109. The external access control unit 108 and the external 45 protocol, or the like. At the time When malWare reads a secret access monitoring unit 109 function in cooperation With the ?le, the NAS 104 according to the present embodiment pro ?le access monitoring unit 106, the system control unit 107 hibits an access betWeen the external netWork 105 and the and the ?le access control unit 110, and are characteristics of personal computer (personal computer in Which malWare is the router 103 according to the present embodiment. Note that present) that has read the secret ?le. By so doing, data trans the ?le access monitoring unit 106, the system control unit 50 mission of a secret ?le by the personal computer ends in 107 and the ?le access control unit 110 may be provided failure, and it is possible to prevent information leakage. outside the NAS 104. In addition, the access control unit 105 prohibits the per Then, in the present embodiment, the personal computer sonal computer from accessing the external netWork 105. 101 accesses a ?le in the NAS 104. When malWare opens data Thus, the access control unit 105 also uniformly prohibits (?le, folder, or the like) in the NAS 104 to the public on the 55 communication With the external netWork 105, Which is a Internet, the malWare leaks the data to the external netWork normal job executed by the personal computer. A user of the 105 via the personal computer 101 that accesses a ?le in the personal computer identi?es that the operation of the system NAS 104. is unstable and then carries out investigation. This gives an When there is a ?le access to a speci?ed folder, the NAS opportunity that the user recogniZes the presence of malWare. 104 controls the external access control unit 108 of the router 60 With the netWork storage system 100 according to the present 103. The speci?ed folder is a folder that the user speci?es as embodiment, the user is able to early ?nd inclusion of mal a secret folder. Folders stored in the NAS 104 each have a ?ag Ware, so it is possible to prevent secondary damage and that indicates Whether the folder is a secret target. expansion of damage. In the netWork storage system 100 according to the present Therefore, the personal computer is controlled so that a ?le embodiment, While the personal computer 101 is editing a 65 access to the external netWork is interrupted While the per secret ?le, the NAS 104 prohibits the personal computer 101 sonal computer is accessing the netWork storage. By so doing, from accessing the external netWork 105. By so doing, the it is possible to prevent information leakage due to malWare. US 8,626,915 B2 5 6 [Cooperation Function between Router 103 and NAS 104] 103 sets the protect ?ag 305 to “protect?rue”. Then, the FIG. 2 is a schematic view of the router 103 and NAS 104 router 103 sets the value of the BTL 304 to a prescribed value according to the present embodiment. (for example, 32). Cooperation between the router 103 and the NAS 104 When the router 103 sets the in_use 303 at “0” (that is, the according to the present embodiment will be described in factor for rejecting the personal computer 101 or 102 from detail. FIG. 2 illustrates the router 103 and the NAS 104 that accessing the external network 105 is eliminated), the router are equivalent to those shown in FIG. 1. Note that the ?le 103 counts down the value of the BTL 304 at a constant time access control unit 106 and the system control unit 107 that interval (for example, one second). When the router 103 are implemented in the NAS 104 are not shown in FIG. 2; counts down the BTL 304 and then sets the value of the BTL however, the NAS 104 shown in FIG. 2 also has those func 304 at “0”, the router 103 stops counting down the BTL 304, tions. and changes the protect ?ag 305 from “true” to “false”. By so The router 103 has a Bad PC List 203 in addition to the doing, the personal computer corresponding to external access control unit 108. FIG. 3 is a speci?c example “protect:false” is allowed to communicate with the external of the Bad PC List 203. network 105. The router 103 implements the following functions by In addition, in the present embodiment, the router 103 software. One of the functions of the router 103 is a function counts down the OCN 306 at the same time interval (for of managing the Bad PC List 203 and then determining example, one second) as that of the BTL 304, and then sets the whether the respective personal computers 101 and 102 are OCN 306 at “0” to stop counting down the OCN 306. Of allowed or rej ected to communicate with the external network course, the time interval at which the OCN 306 is counted 105. In addition, one of the functions of the router 103 is a 20 down is not necessarily the same as the time interval at which function of updating the Bad PC List 203. Furthermore, one the BTL 304 is counted down. of the functions of the router 103 is a control logic function of A value at which the router 103 sets the OCN 306 may be discarding an IP packet when the source IP address or MAC con?gured to be varied in accordance with a communication address of the IP packet is present in the Bad PC List 203, it protocol (port number) between the personal computer 101 or is determined to reject communication of the source (personal 25 102 and the external network 105. In this case, the router 103 computer) of the IP packet with the external network 105 and executes control so that a value smaller than a value held by it is determined that the destination of the IP packet is that of the OCN 306 is not written into the OCN 306. the external network 105. Note that the router 103 has a In addition, in the present embodiment, the Bad PC List function of determining whether the source and destination of 203 is a table managed by software installed in the router 103; a packet are present in the internal LAN or the external 30 however, the Bad PC List 203 is not limited to this con?gu network 105 on the basis of the IP address or MAC address of ration. The router 103 may implement the Bad PC List 203 by the packet. hardware, such as a gate array. [Bad PC List 203] Note that, from the above, the Bad PC List 203 indicates FIG. 3 is the Bad PC List 203 according to the present the following facts of current status. The personal computer embodiment. 35 101 at the IP address of“192.168.3.32” is allowed to access The Bad PC List 203 is formed ofan IP address 301, MAC the external net (protect:false) but the personal computer 1 01 address 302, in_use 303, BTL 304, protect ?ag 305 and OCN is carrying out communication only within the LAN 306 of each of the personal computers 101 and 102 present in (OCNIO). On the other hand, the personal computer 102 at the LAN. “192.168.333” is prohibited to communicate with the exter The in_use 303 is a counter that indicates the number of 40 nal network 105 owing to two factors. Furthermore, the Bad factors by which an access is rejected. PC List 203 indicates, by the OCN value, that the personal The BTL 304 is a down counter that indicates a period of computer at “192.168.334” communicated with the external time that elapses until the personal computer 101 or 102 network 105 (20-15:) 5 seconds ago. become allowed to access the external network 105. [Functions of NAS 104] The protect ?ag 305 holds an access rejection status to the 45 Next, the functions of the NAS 104 according to the present external net in correspondence with each of the personal embodiment will be described in detail. computers 1 01 and 1 02 that require connection to the external The NAS 104 has a Hide ?ag and an Open ?ag for each network 105. folder that is open to the personal computers 101 and 102 in The OCN 306 is a down counter that indicates a period of the LAN. time that elapses until the personal computer 101 or 102 50 More speci?cally, the NAS 104 according to the present become allowed to access the NAS 104. The OCN 306 is a embodiment has folders 201 and 202. Then, each of the counter that sets a predetermined value (for example, 20) each folders 201 and 202 has a Hide ?ag and an Open ?ag. The time communication between the personal computer 101 or Hide ?ag of the folder 201 is “true”, and the Open ?ag is 102 and the external network 105 occurs. “false”. The Hide ?ag of the folder 202 is “false”, and the The router 103 counts up the in_use 303 when a factor for 55 Open ?ag is “true”. rejecting the personal computer 101 or 102 from accessing The “true” of the Hide ?ag indicates that ?les in the folder the external network 105 occurs. Speci?cally, the factor for 201 are secret to the external network 105. The “false” of the rejecting the personal computer 101 or 102 from accessing Hide ?ag indicates that ?les in the folder 202 may be open to the external network 105 is that the personal computer 101 or the external network 105. That is, the Hide ?ag is information 102 has accessed a speci?ed folder in the NAS 104. 60 that indicates whether ?les in a folder having the Hide ?ag are When the router 103 determines that the factor for rejecting secret ?les. Then, the NAS 104 refers to the Hide ?ag of the the personal computer 101 or 102 from accessing the external folder 201 or 202 to determine whether ?les in the folder 201 network 105 is eliminated, the router 103 counts down the or 202 are secret ?les. in_use 303. Note that the initial value of the in_use 303 is 0. The “true” of the Open ?ag indicates that any of the ?les in The fact that the value of the in_use 303 is not “0” indicates 65 the folder 202 is being read (read and written). The “false” of that there is a factor for rejecting the personal computer 1 01 or the Open ?ag indicates that none of the ?les in the folder 201 102 from accessing the external network 105, so the router are being read (read or written). Each of the folders 201 and US 8,626,915 B2 7 8 202 has the Open ?ag in correspondence With each access The external access monitoring unit 109 is a function of source personal computer (not shoWn, but only the Open ?ag detecting the status of a connection betWeen each of the corresponding to the personal computer 101 is typically personal computers 101 and 102 and the external netWork shoWn). 105. Flags that are originally held by the ?le system may be used When the personal computer 101 or 102 accesses the exter as the Hide ?ag and/ or the Open ?ag. For example, there are nal netWork 105, the NAS 104 prohibits a ?le access of the methods, such as “it is construed as Hide?rue When an Other personal computer 101 or 102 that accesses the external net user is not alloWed to read” in the case of a Unix-based ?le Work 105. In other Words, When the router 103 accepts a system and “it is construed as Hide?rue When there is a request for an access from the personal computer 101 or 102 Hidden attribute” in the case of a FAT ?le system. In addition, in the LAN to the external netWork 105, the NAS 104 sets the most ?le systems have a counter that indicates the number of reading of a folder in the NAS 104 by the personal computer processes that currently open and a ?ag that indicates that it is 101 or 102 that has issued the request for an access to the mounted, so the Open ?ag may be managed by access source external netWork 105 as an error for a constant period of time personal computers by combining this mechanism With the thereafter. folloWing b2 mechanism. By so doing, When the personal computer 101 or 102 tries In addition, the NAS 104 has a function of identifying a to establish connection to the external netWork 105 because of personal computer that has accessed the NAS 1 04 on the basis running of malWare, the NAS 104 prohibits the personal of the IP address or the MAC address. computer 101 or 102 from accessing a secret ?le (secret ?le As an example of a Way of implementing the above, 20 stored in the NAS 104) to thereby prevent data leakage. because a request to the NAS 104 comes via a network, the Speci?cally, When the external access monitoring unit 109 request source IP address or MAC address may be extracted detects that the personal computer 101 or 102 has accessed from the request packet. It is only necessary that this is the external netWork 105, the external access monitoring unit directly added to a request block intended for the ?le system 109 sets the value of the OCN 306 in the Bad PC List 203. as additional information. Note that, When the processing 25 The external access monitoring unit 109 sets the value of result in the ?le system is transmitted to the request source the OCN 306 in consideration of a netWork protocol, or the personal computer, the source IP address/MAC address (IP like, used in exchanges betWeen the personal computer 101 or address/MAC address of the access request source personal 102 and the external netWork 105. For example, When the computer) may be extracted. personal computer 101 or 102 uses an SMTP (Simple Mail When the NAS 104 detects that the folder of the Open ?ag 30 Transfer Protocol) to carry out exchanges With the external has been changed from “false” to “true” in the folder 201 With netWork 105, the external access monitoring unit 109 sets the value of the OCN 306 at “30”. When the personal computer the Hide ?ag of “true”, the NAS 104 counts up the in_use of 101 or 102 uses an HTTP (Hypertext Transfer Protocol) to the access source personal computer 101, that is, the Bad PC carry out exchanges With the external netWork 105, the exter List 203 corresponding to the extracted IP address/ MAC 35 nal access monitoring unit 109 sets the value of the OCN 306 address. at “10”. In addition, the personal computer 101 or 102 uses an The NAS 104 sets the value of the protect ?ag 305 to “true” FTP (File Transfer Protocol) to carry out exchanges With the and sets the value of the BTL 304 to a prescribed value (for external netWork 1 05, the external access monitoring unit 1 09 example, 32). When the NAS 104 changes the Open ?ag from sets the value of the OCN 306 at “40”. That is, When the “true” to “false”, the NAS 104 counts doWn the correspond 40 personal computer 101 or 102 sends a mail or transfers a ?le, ing in_use. the access prohibiting period to the NAS 104 is elongated as As described above, the router 103 prohibits data commu compared With When the personal computer 101 or 102 car nication betWeen the access source personal computer 101 ries out Web access. This is to prohibit an access to the and the external netWork 105 While the personal computer external netWork 105, Which is highly likely to cause leakage 101 is accessing a secret folder and for a constant period of 45 of a secret ?le due to malWare, for the access prohibiting time (32 seconds) after the access has been completed. period. The access prohibiting period (BTL 304, OCN 306) does Note that the external access monitoring unit 109 may be not interfere With a user’ s normal job. For example, during the implemented by monitoring communication betWeen the per access prohibiting period, the user can read and Write data of sonal computer 101 or 102 and the external netWork 105 in the secret folder While reading and Writing a mail. In the 50 such a manner that the router 103 cooperates With a ?reWall. meantime, a netWork access of softWare, such as malWare, is [File Access Control Unit 110] prohibited to make it possible to prevent damage of informa In addition, the NAS 104 has the ?le access control unit 110. The ?le access control unit 110 is a function of prohib tion leakage. Furthermore, a log or an error message that iting the personal computer 101 or 102 in the LAN from indicates that communication is blocked is an alarm that 55 accessing a folder that may be open to the public or delaying malWare is running. Therefore, the user can early ?nd mal the access for a constant period of time. Ware. The ?le access control unit 110 operates on the basis of Note that the router 103 does not need to have an NAT information from the external access monitoring unit 109 of function or a DHCP function. Therefore, the router 103 may the router 103. More speci?cally, the system control unit 107 be implemented by detecting and sWitching IP/ MAC 60 acquires access detection in the external access monitoring addresses of the destination and source of a packet. Thus, the unit 109 of the router 103. Then, the system control unit 107 router 103 is almost equivalent to a sWitching HUB and is gives an operation instruction to the ?le access control unit easily formed of hardWare. 110 on the basis of access information acquired from the [External Access Monitoring Unit 109] external access monitoring unit 109. The ?le access control Next, the external access monitoring unit 109, Which is a 65 unit 110 controls an access of the personal computer 101 or neW function implemented in the router 103, Will be 102 to the NAS 104 on the basis of the instruction from the described. system control unit 107.