The exemplary embodiments of the present invention relate to a switching hub, a system, a method of the switching hub and a program thereof. Especially, these embodiments relate to a switching hub with a VLAN (Virtual Local Area Network) function, a system, a method of the switching hub and a program thereof.
Recently, quarantine network systems have attracted attention as one of the techniques to prevent information leaks. Quarantine network systems check how the security patches distributed from vendors are used and the antivirus software pattern files are updated at the terminals connected to the in-house LAN of a company.
Then, the quarantine network systems isolate a terminal not complying with the company' s security policy by putting it in an isolation network and compel it to apply a security patch. This improves the in-house security level. The quarantine network systems also isolate a virus—infected terminal by putting it in the isolation network. This also prevents the spread of virus infection.
Generally, this type of quarantine network system uses a hub with a VLAN function for the purpose of stricter network control (for example, see WO2004/114599). This hub, also called a layer 2 switch, controls the network at a lower layer (data link layer) than the layer used for internet protocol communications.
Specifically the hub has a business VLAN and an isolation VLAN. The business VLANs is used to establish a network used for daily business (hereinafter, it is called as “business network”). And the isolation VLAN is used to establish a network where terminals with an insufficient security level is isolated from the business network (hereinafter, it is called as “isolation network”).
However, the quarantine network system disclosed in WO2004/114599 has the following problem. In this quarantine network system, virus-infected terminals are put in the same isolation network in which terminals not complying with the security policy are isolated from the business network. Therefore, terminals not complying with the security policy can communicate with virus-infected terminals, which may cause a terminal not complying with the security policy to become virus-infected.
An object of the exemplary embodiments of the present invention is to provide a switching hub, a system, a method of the switching hub and a program thereof which can restrict communications between terminals within the isolation network.