The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Network administrators seek to protect network equipment and software from harm inflicted by defective or malicious systems or applications. A corrupted application or operating system on a host in the network, considered alone, typically is not considered a problem. However, the corrupted application or operating system becomes an issue if the corruption results in infecting other systems or poisoning data, or prevents the operating system from running properly and from properly supervising or hosting applications.
Trusted software agents, embedded in an operating system, can be used to scan local systems for policy violation conditions, and can use information obtained in the scans to make decisions about enabling communications over the network. Systems using such approaches include Network Admission Control (NAC), Network Access Protection (NAP) and/or Trusted Network Connect (TNC).
A network device may be more trusted or less trusted based upon where the device has connected to the network and what software or data has been loaded onto the device. For such devices, the security of a trusted software agent approach depends upon the quality of the protection mechanisms implemented in the agents. A sufficiently determined attacker may be able to overwhelm the protection mechanisms of the agents from within the operating system, thereby corrupt the running operating system and the systems connected to it. Vulnerable operating systems exposed on the Internet are known to be susceptible to attack on ever decreasing time scales.
Additionally, applications are increasingly bound to particular versions of the operating system upon which they run. This binding often includes various versions of the kernel and patches of both the OS and applications. Some of the bindings impact security; others may affect application functionality, and in some cases the bindings affect both security and functionality. Even when vulnerabilities of applications and operating systems are known and patches are available, side effects of applying the patches or other remediation steps may make taking protective actions or performing the remediation less desirable to a network or server administrator than coping with the infection.