1. Field of the Invention
The invention relates to the field of computers. More specifically, the invention relates to policy enforcement.
2. Background of the Invention
Enforcing an anti-virus policy on an organization's network by maintaining an anti-virus program is a difficult task. The task is made difficult by constantly changing threats to an organization's network, software updates to the anti-virus program, and the distribution of host devices throughout the organization's network.
One method for maintaining a single anti-virus program of a single vendor in host devices of an organization's local area network (LAN) involves programming a choke point. A choke point monitors a number of host devices coupled to the choke point. The choke point is configured to enforce the organization's anti-virus policy. The host devices that do not have a current version of a single anti-virus program of a single vendor, that do not enable the single anti-virus program of the single vendor, or that do not have the single anti-virus program of the single vendor, are restricted from accessing the Internet through the choke point. If the host devices do not have the single anti-virus program of the single vendor or do not have the current version of the single anti-virus program of the single vendor, then the choke point retrieves components for installing or updating the single anti-virus of the single vendor from a predefined location. The choke point sends the retrieved components to the non-complying host devices.
The method of maintaining a single anti-virus program of a single vendor does not allow for the use of multiple anti-virus products by a single vendor, multiple anti-virus products by multiple vendors, or a single anti-virus product by multiple vendors. The method of maintaining a single anti-virus program of a single vendor also does not allow for the enforcement of a network policy defined for more than anti-virus protection of an organization's network. In addition, an administrator or similar person must configure each choke point for a particular anti-virus program. If an organization changes to a different vendor's anti-virus program, then someone must reconfigure each choke point throughout the organization's network with the new anti-virus program.