The present invention relates in general to the technology relating to the security of computers connected to a network, and more particularly to a network system which is adapted to the audit the vulnerability of a computer and defend the computer against a unjust invader on the basis of the audit result.
Heretofore, as for a system for auditing the "vulnerability of a computer" connected to a network, i.e., the security problem of a computer, there are well known: (1) the technology wherein the audit for a personal computer is carried out from the inside of the computer so that vulnerability of the computer itself is detected in the inside of the computer; and (2) the technology wherein a packet or message for inquiring of a computer vulnerability is sent from a predetermined management unit to the computer via a network and on the basis of a response of the computer to the packet or message thus sent thereto, the vulnerability of the computer is detected by the management unit.
Now, "vulnerability" of a computer means, for example, (i) vulnerability of setting parameters which is set in such a way that while, originally, reference to a file "a" in a computer is permitted only to a user "a", a user "x" is also permitted to refer to the file "a"; and (ii) nonconformity of an application in which although, originally, an application on a computer does not receive a command "xxx", the command "xxx" is also received by the application.
More specifically, in the technology for auditing a computer from the inside of the computer, there is well known a COPS (Computerized Oracle and Password System), and also for the technology for auditing a computer by a management unit installed outside the computer there are well known a SATAN (Security Administrator Tool for Analyzing Network) and an ISS (Internet Security Scanner).
The COPS is shown in an article of "The Cops Security Checker System" by Daniel Farmer et al., Purdue University Technical Report CSD-TR-993, Sep. 19, 1991 for example, and the SATAN is shown in an article of "Security Administrator Tool for Analyzing Networks" for example.
Currently, the development of a global network such as the internet, results in information sent from every corner of the world being able to be obtained by a computer at home. On the other hand, however, each computer is exposed to the menace of an invader from the outside of the computer.
As counter measures for defending against such an unjust invader, it is important to audit the vulnerability of a computer and correct it since the possibility of an unjust intrusion to a computer can be reduced. If there is one computer in which vulnerability still exists, other computers in the periphery of the one vulnerable computer may be unjustly invaded.
Therefore, it will be necessary to take effective measures when an abnormality is found to be present in the auditing result.
In addition, when a large scale network system is constructed, there may not be adopted in some cases a structure such that the direct communication can be established between a management unit and computers as objects of the audit. Then, in such cases, the management unit can not concentratedly audit each of the computers.