In recent years, diverse systems have been configured to offer services via intranets and on the Internet. These systems are each equipped with multiple computers and multiple pieces of networking equipment. On each computer, multiple pieces of software (service programs, client programs, operating systems, etc.) all operate in cooperation with one another.
In order to let these systems operate securely, it is important to take countermeasures against the vulnerability of the software running on the systems. Taking countermeasures against such vulnerability requires system administrators to apply correction patches thereto as needed. However, as systems have grown massive in size, the system administrators have been overwhelmed with workload; they even find it difficult to know which piece of software is vulnerable on which computer.
Thus there has been a need for vulnerability countermeasure techniques that will take the place of the system administrators in countering the vulnerability of the computers configured in a given system. For example, U.S. Pat. No. 7,181,769 (Patent Literature 1) proposes a system that checks hosts on a management target network for vulnerability and collects signatures of host-resident vulnerability on a server for signature surveillance.
Japanese Unexamined Patent Publication No. 2006-146297 (Patent Literature 2) proposes a server which manages applied states of the software and patches installed in each client and which, based on the latest security information acquired via a network, performs control to open and close the TCP/IP ports of the routers to which the clients are connected for security management purposes.