A client compliancy system is used to gate access to a protected network, such that only clients that are in compliance with a policy are allowed access to the protected network. Clients that are not in compliance are typically assigned to a quarantine network and provided with some remediation mechanism that should allow them to become compliant. Determination of a client's compliance can be done on the client itself, external to the client, or in combination. Generally, a client compliancy solution typically achieves this gating and remediation functionality without requiring any agent on the client so that the system can accommodate brand new, previously un-managed clients.
Intrusion detection system (IDS) sensors can be used to identify possible security breaches within a computer system or network, such as intrusions by external attackers and inappropriate use by internal personnel. In addition, vulnerability assessment (VA) techniques, sometimes referred to as scanning, are configured to assess the security of a computer system or network. In this sense, such IDS and VA techniques can be used to detect non-compliance. However, there is currently no efficient mechanism for communicating non-compliances to compliant clients and other elements on the network.
What is needed, therefore, are techniques that allow clients and other compliancy authentication elements to tell that a particular client appears to be out of compliance.