1. Field of the Invention
The present invention relates to a method and apparatus for dynamically controlling destinations of packets in a computer network and, in particular, to a method and apparatus for changing an address of a controlled apparatus by giving an instruction to transfer packets to be originally transmitted from the controlled apparatus to a destination apparatus, to another apparatus having a destination address different from the original destination address, for example, via data transferring apparatus.
2. Background and Related Art
A computer network is configured in a manner that the types and the number of devices can be flexibly changed, and this enhances the convenience of information processing for individual users. For example, a user can flexibly achieve work by possessing a portable terminal, such as a portable computer, and appropriately connecting the portable terminal to a network.
However, it is necessary to give consideration so that such flexible operation does not adversely affect the operation, efficiency, security and safety of a network. For example, portable terminals with malicious code that may act to harm the operation, efficiency, security or safety of a network need to be identified and precluded from connection.
Recently, enterprises, such as organization networks, have been implementing general security policies that apply to all activities in the organization. A network security policy may, in particular, be implemented and used for the purpose of preventing occurrence of the network problems identified above.
A network security policy may include, for example, conditions which are implemented by a network administrator and which are to be satisfied by devices connected to the network. Under such a security policy, only devices in conformity with the policy are permitted access to the network.
In order to realize this purpose, a quarantine/authentication system may, for example, be used for excluding devices that do not satisfy a security policy established for an intra-organization network. A quarantine/authentication system typically may use various approaches. For example, one approach is to use a validating function, which is for validating the security policy of each device. Another approach is to use a network control function for restrictions or allowing access to a network.