Recently, quarantine systems have come to be employed for preventing illegal accesses made to operation networks of business corporations and the like where the security is ensured. The quarantine system is a system which, when a terminal is connected anew to a network, isolates the terminal to a quarantine network provided for checking the policy separately from the operation network, judges whether or not the terminal satisfies the policy that is the basis for the security for being connected to the operation network, and allows the terminal to connect to the operation network when judged that it satisfies the policy as a result of the judgment.
For that, there are Patent Documents 1 to 3 as the specifically known technical documents related to the above-described technical field.
The quarantine system disclosed in Patent Document 1 is constituted with a gate (Gate) device, agent software, an agent control server, and a control device. In the quarantine system, when an agent software unemployed terminal is connected to the Gate device, the Gate device first urges the terminal to employ the agent. When the agent is not employed, the Gate device denies connection to an operation network that is an in-company network. In the meantime, even in a case of an agent software employed terminal, connection to the in-company network is also denied when the management device judges that the terminal is unsafe. That is, Patent Document 1 discloses a technical content for preventing connection of the agent software unemployed terminal to the in-company network.
Further, Patent Document 2 discloses a technical content with which the quarantine agent employed to the client computer acquires the policy regularly from the quarantine server to suppress delay between a point where the policy is updated by the quarantine server and a point where the update is reflected in the quarantine agent of the client computer.
Further, Patent Document 3 discloses a technical content with which, when a communication apparatus is connected to a network, it is connected to a check-in network, whether or not the communication apparatus satisfies the connection condition for connecting to a main network is judged in the check-in network, and it is allowed to connect to the main network from the check-in network when judged that the connection condition is satisfied.
As described, with the conventional quarantine system, the terminal is isolated from the operation network until the terminal policy check is completed, and connection of the terminal to the operation network is allowed only when the terminal is judged as safe as a result of the policy check. This increases the security of the operation network.    Patent Document 1: Japanese Unexamined Patent Publication 2006-72682    Patent Document 2: Japanese Unexamined Patent Publication 2010-219803    Patent Document 3: Japanese Unexamined Patent Publication 2007-199980
However, with the known techniques disclosed in Patent Document 1 or 3, when the quarantine agent is invalidated (uninstalled) unlawfully after connection to the operation network is permitted, the terminal whose quarantine agent is uninstalled is kept in a state of being connected to the operation network.
Further, like the known technique disclosed in Patent Document 2, even with the use of the method with which communication is done regularly between the quarantine agent and the quarantine server for checking the install state of the quarantine agent, the terminal whose quarantine agent is uninstalled is also kept in a state of being connected to the operation network during the time after the quarantine agent is uninstalled from the terminal until a next check for existence of the agent is done.
The object of the present invention is to improve the inconveniences of the above-described related techniques and to provide a network quarantine system capable of ensuring the security of the operation network through isolating the terminal from the operation network immediately without keeping the terminal in a state of being connected to the operation network even when the terminal is judged to satisfy the policy by the quarantine agent and connected to the operation network and then the quarantine agent is uninstalled unlawfully by an operator.