One of the everyday tasks that network administrators are required to implement is keeping the computers and servers in their systems up to date and having all the latest patches installed. Network administrators are required to make sure that the latest versions of the software and data files are present, and that the configuration is consistent and up to date. Data files that may be required to be kept up to date may consist of items such as virus signatures. One of the advantages of keeping everything up to date is that by doing so the network administrator is able to minimize risks from viruses that exploit vulnerabilities and ensure consistent and reliable configurations.
In known systems where computers connect through a small number of connection points (i.e., choke points), quarantine mechanisms may be created at these known choke points. In other words, a system may be put in place by which when the server which is at the choke point of a network is connected to, the server checks out the connecting client to determine what state it is in, and if it is in an acceptable safe state, then it is let into the network. If it is in an unacceptable state, it may either be rejected automatically, or may be guided through the steps for being placed in an acceptable state. This method works best when there are a small number of choke points. The method is less desirable when computers are connected in a system such as a wireless network or an Ethernet, where there are large numbers of potential access points through which the system can be entered. For example, in a corporate network where there may be many thousands of ports, due to the expense and complexity it is generally not practical to use known techniques to equip each of these ports with a quarantine system.
The embodiment of the present invention is related to providing a system and method that overcome the foregoing and other disadvantages. More specifically, the embodiment of the present invention is related to a system and method which utilizes clean groups for reducing security management complexity.