The present invention relates to a method for device quarantine and a quarantine network system, and more specifically to a method for device quarantine and a quarantine network system, the use of which is suitable for reducing labor of an administrator by not executing quarantine on devices such as a printer.
As a result of rapid development of a network society in recent years, network security is becoming major concerns.
Problems associating with network control and information control in an organization include carrying in of laptop computers and use of illegal software. More specifically, connection of a laptop computer infected by a computer virus at a place outside the organization such as a home or on a business trip to the network within the organization causes damage such as spreading of the computer virus and network down. In addition, a case that using banned software in an organization resulted in voluntary or careless disclosure of confidential information of the organization to outside of the company, thus leaking such information has also occurred.
In an attempt to prevent from such damage, it is urged to enhance security of user's client equipment, in addition to conventional measures taken in units of network such as a firewall and an intrusion detection system. As one of new enhancement measures, a quarantine system which restricts a client device in which anti-virus measures are defective or banned software is installed to perform communication is being realized. A purpose of the quarantine system is to prohibit devices that do not conform to organizational policies from being coupled to the network, and the quarantine system is configured by combining the following processing:
(1) Isolation processing: This processing permits connection of a client device only to a specified network until an inspection and therapy of a client device are completed. A client coupled to a network is forcibly connected to a network (quarantine network) designed exclusively for inspection and therapy to check safety. The quarantine network is configured independent from the business network and servers for inspection and therapy, which will be described later, is coupled thereto. The processing is realized when it is associated with network relay devices (a router, a network switch, a gateway, etc.), a DHCP, a personal firewall, etc.
(2) Inspection processing: This processing inspects if the client status conforms to the organizational policies. The inspection server inspects whether or not the client device is infected by virus, the patch is adequate, or fraudulent software is activated, etc. When safety is ensured here in this processing, connection to the business network is permitted.
(3) Treatment processing: This processing executes updating, modification of configurations of a client to satisfy the policy requirements. If a problem is found in the above-stated quarantine, the processing distributes virus definition files and security patches from a therapeutic server and updates a problematic computer. After the therapy processing, the processing performs an inspection again to permit communication through the in-house network.
To realize such quarantine system, software to inspect client status is required for the client device. However, devices which cannot run quarantine software exist such as a printer and NAS (Network Attached Storage). For connection of such devices to a network, it is generally performed to exempt quarantine by pre-registering network information (MAC address, IP address, etc.) of the device concerned in an apparatus to perform isolation processing as a quarantine-exempted device. The Japanese Patent Laid-open No. 2004-289260 discloses a technique to achieve isolation by arranging so that security-unknown devices can be accommodated in a logically closed segment in a system having a DHCP server.