1. Field of the Invention
The present invention relates to a quarantine network system which can be used under a wireless LAN environment, a server apparatus used for it, and a program for realizing them.
2. Background Art
Nowadays, a quarantine network system attracts an attention as one technology of an information leakage countermeasure. The quarantine network system is a system which checks a security countermeasure state (an application state of a security patch distributed from a software vender or the like, an updating state of a pattern file of an anti-virus software, or the like) of a computer connected to an in-house LAN (Local Area Network).
The quarantine network system is a system which detects a terminal where the security countermeasure state does not conform to an in-house security policy, and then, quarantines it into a network for quarantining, and demands the application of the security patch or the like compulsorily from a user. By introducing the quarantine network system, enhancing an in-house security level is achieved. In addition, the quarantine network system detects a terminal infected with a computer virus, and also in that case, quarantines this into the network for quarantining, and prevents the computer virus infection from expanding.
Then, in a conventional general quarantine network system, a network used in a normal business (hereinafter, indicated as a “business network”) and a network for quarantining a terminal where the security level is not enough (hereinafter, indicated as a “quarantine network”) have been constructed by a VLAN (Virtual LAN).
In addition, for constructing the network like this, normally, a switch having a VLAN (Virtual LAN) function is used in order to perform control of the network more strictly (for example, refer to international publication No. WO 2004/114599). The switch like this is also referred to as a layer-2 intelligent switch, and controls the network in a layer lower than a layer of an internet protocol used for communication (data link layer).
However, in the quarantine network system, there is a case where also the terminal infected with a computer virus is quarantined into the same quarantine network as the network into which the terminal not conforming to the security policy is quarantined. In this case, the terminal infected with a computer virus and the terminal having a low security level become able to communicate with each other within the quarantine network, and a phenomenon that a terminal where the security level is only low will have been infected with a computer virus within the quarantine network will have arisen.
Therefore, for example, it is possible to consider a method where a VLAN is made to be allocated to every terminal, and the terminal infected with a computer virus is made to be quarantined from the terminal which does not conform to a security policy by the layer-2 intelligent switch mentioned above.
However, only terminals connected under a cable-LAN environment can be quarantined by means of the method using the L2 intelligent switch mentioned above. On the other hand, recent years, also in a company or the like, an introduction of a wireless LAN system advances, and terminals connected to a network wirelessly increase in number. Consequently, it is requested to quarantine terminals individually using the VLAN under the wireless LAN environment.