JP2008225595A - Management apparatus, method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To examine each terminal according to the state, the terminal being removed or used at home and having more risks of virus infection, information leakage and the like than terminals normally connected to networks. <P>SOLUTION: A state-based security information storage part 16 of a management apparatus 1 stores security information indicating examination standards for the states (normal connection, removal, home-use) of terminals, and a state-based examination determining means 12 determines the state of a terminal. An information collecting means 11 receives the terminal information of the terminal. The state-based examination determining means 12 obtains the security information corresponding to the determined state of the terminal and examines the terminal while comparing the obtained security information with the terminal information. If the result of the examination indicates that the security setting of the terminal do not coincide with the security information, an access restriction instruction means 13 sends instructions to a secure gate device 2 to prohibit the terminal from accessing network resources. The secure gate device 2 limits access of the terminal according to the instructions. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to, for example, a quarantine network system that performs quarantine on a take-out terminal device taken out from the inside of an organization such as a company, a take-out terminal device taken back from the outside into the organization, and the like.

Conventional quarantine network systems determine connection conditions for client terminals based on network connection conditions and compliance standards that are common to connection control servers (authentication servers) or defined for each client terminal, for each user, and for each group. The connection of terminals whose connection is not permitted is restricted by switching the network switch (for example, Patent Document 1).
In addition, a method has been proposed in which safety is determined according to security policy information selected according to the network connection environment of the terminal, and an inspection according to the state of the terminal is performed (for example, Patent Document 2).
JP 2004-265286 A JP 2006-251851 A

  For example, in Patent Document 1, a conventional quarantine network system determines whether a terminal connected to an in-house network conforms to the same network connection conditions and compliance standards, and switches between a blocked state and a connected state. Because it is a form, when taking out a terminal that is normally connected to an internal network outside the company, confirmation of the implementation of measures to deal with information leaks, such as encryption of take-out information for check items required for the take-out terminal, etc. There was a problem that could not be implemented.

In addition, as a technique for making a determination based on a security policy corresponding to the environment of the terminal, there is a method of Patent Document 2, but since the determination is performed based on the network environment, Since it is determined that the terminal is connected to the network, there is a problem that it is not possible to perform determination based on the security policy corresponding to the take-out terminal.
In addition, if the security policy appropriate for the environment is not met at the take-out destination, it is not possible to make corrections because it is not possible to connect to an environment where the countermeasure can be implemented, and it is possible to use the taken-out terminal. There was also a problem that could not be done.

  The main object of the present invention is to solve the above-mentioned problems, and there is a possibility that the terminal is usually connected to a network and may face dangers such as virus infection and information leakage compared to those terminals. The main purpose is to realize a technology that enables quarantine operations corresponding to the status of each terminal to be taken out and taken out of the terminal where the cost increases.

The management device according to the present invention is:
A management device that performs inspection for security settings of a terminal device that takes multiple states,
A state-specific inspection standard information storage unit that stores state-specific inspection standard information indicating the inspection standard of the inspection for the security setting for each state of the terminal device;
A terminal state determination unit for determining the current state of the terminal device;
A security setting information receiving unit for receiving security setting information indicating the contents of the security setting of the terminal device;
The state-specific inspection standard information corresponding to the state determined by the terminal state determination unit is acquired from the state-specific inspection standard information storage unit, and the acquired state-specific inspection standard information and security received by the security setting information receiving unit It has a test execution unit that compares the setting information with the security setting of the terminal device.

  According to the present invention, since the security setting is inspected according to the inspection standard corresponding to the state of the terminal device, the strict inspection standard is applied to the terminal device in a state where the threat of virus infection or the risk of information leakage is high. To promote the application of the latest security patches and the installation of the latest anti-virus software, and reduce the threat of virus infection and information leakage, as well as the threat of virus infection and information leakage. For terminal devices with a relatively low possibility, a relatively gradual inspection standard can be applied to enable the terminal device to be used continuously.

Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a configuration example of a quarantine network system according to the present embodiment.
As shown in the figure, the quarantine network system includes a management device 1, a secure gate device 2, a terminal device 3 (hereinafter also simply referred to as a terminal 3), a countermeasure treatment server device 6, and a network resource 7.
The management device 1, the secure gate device 2, the terminal 3, the countermeasure processing server device 6 and the network resource 7 are connected via a communication line 5.

The management device 1 performs quarantine on the terminal 3 (inspection for the security setting of the terminal 3) via the secure gate device 2.
In addition, the secure gate device 2 is controlled to manage access to the network resource 7 of the terminal 3.

  The secure gate device 2 performs access restriction on the network resource 7 of the terminal 3 in accordance with an instruction from the management device 1. The secure gate device 2 is an example of a relay device.

The terminal 3 includes an agent 4. The terminal 3 is a terminal device. Further, the terminal 3 takes a plurality of states such as a normal connection state, a take-out state (domestic take-out, overseas take-out), and a take-out state (domestic take-out, overseas take-out).
The normal connection state is a state in which the terminal 3 can communicate with the management device 1 via the secure gate device 2. Specifically, the terminal 3 is connected to a network in a specific organization such as a company (an in-house network or the like), and can communicate with the management device 1 via the secure gate device 2.
The take-out state is a state where the terminal 3 is scheduled to be taken out from the inside of an organization such as a company to the external environment (scheduled take-out state). The external environment is an environment in which the terminal 3 cannot communicate with the management device 1 via the secure gate device 2.
The terminal 3 in the taken-out state is scheduled to be taken out to the external environment, but if it passes the quarantine, it can access the network resource 7 and, for example, obtains a file, an application program, or the like required from the outside from the network resource 7. be able to.
The take-out state is a state in which the terminal 3 is brought back from the external environment into an organization such as a company and can communicate with the management device 1 via the secure gate device 2. The terminal 3 that can communicate with the management apparatus 1 but is in a take-away state cannot access the network resource 7 until it passes the quarantine.
There are two states: the state where the company is scheduled to be taken out in the same country as the country where the organization is located (domestic take-out state) and the state where the company is located outside the country where the organization such as the company is located (overseas) There is a take-out state). In the following, the domestic export state is also simply referred to as domestic export, and the overseas export state is also simply referred to as overseas export.
The take-out state includes a state where the organization such as a company is home from the same country as the country where the organization is located (domestic take-out state) and a state where the organization such as the company is located outside the country where the organization is located (overseas take-out state). In the following, the domestic take-out state is simply referred to as domestic take-out, and the overseas take-out state is also referred to simply as overseas take-out.
In addition, a terminal that is in a domestic take-out state is a domestic take-out terminal, a terminal that is in an overseas take-out state is an overseas take-out terminal, a terminal that is in a domestic take-out state is a domestic take-out terminal, and a terminal that is in an overseas take-out state is an overseas take-out terminal Say.

  The agent 4 collects information related to the terminal 3, transmits it to the management apparatus 1, and executes quarantine.

  The communication line 5 constitutes a network such as an intranet or a LAN (Local Area Network).

  The countermeasure processing server device 6 is a server that performs security countermeasure processing on the terminal 3, and for example, supplies (downloads) a security patch program or antivirus software to the terminal 3.

  The network resource 7 is, for example, a file server, a mail server, a printer server, or the like, and resources that provide some service to the terminal 3 through the network are collectively referred to as a network resource.

FIG. 2 is a block diagram illustrating a configuration example of each device of the quarantine network system according to the first embodiment.
In FIG. 2, reference numeral 11 denotes information collecting means for collecting terminal information acquired by the agent 4 on the terminal 3 and storing the collected terminal information in the terminal information storage unit 17. The information collecting unit 11 is an example of a security setting information receiving unit.
12 uses the terminal information stored in the terminal information storage unit 17, the terminal state information stored in the terminal state information storage unit 15, and the security information stored in the state corresponding security information storage unit 16 to perform network connection It is a state-corresponding quarantine determining unit that determines whether or not the terminal 3 that has been connected can be connected to the network and stores the determination result in the quarantine result storage unit 18. The state corresponding quarantine determination unit 12 is an example of a terminal state determination unit and an inspection execution unit.
13 obtains a list of countermeasure access destinations stored in the access restriction information storage unit 19 based on the quarantine result stored in the quarantine result storage unit 18, and MAC address information and countermeasures of the terminal that has performed the quarantine Access restriction instructing means for instructing access restriction by transmitting a list of access destinations to the secure gate device 2. The access restriction instruction unit 13 is an example of an access control unit. Further, the countermeasure access destination is, for example, the countermeasure processing server device 6.
Reference numeral 14 denotes countermeasure instruction means for notifying the terminal 3 of the quarantine result stored in the quarantine result storage unit 18 and instructing execution of the countermeasure.
Reference numeral 15 denotes a terminal state information storage unit that stores state information of the terminal 3.
Reference numeral 16 denotes a state-corresponding security information storage unit that stores information on determination criteria (inspection criteria) for determining whether or not the terminal 3 is in a state where it can be connected to the network. The state corresponding security information storage unit 16 is an example of a state-specific inspection standard information storage unit.
A terminal information storage unit 17 stores terminal information acquired by the agent 4 on the terminal 3.
A quarantine result storage unit 18 stores the quarantine result information determined by the state corresponding quarantine determination unit 12.
Reference numeral 19 denotes an access restriction information storage unit that stores a quarantine determination result and an access destination necessary for implementing the countermeasure.

Reference numeral 21 denotes access restriction enforcement means for storing the access restriction information transmitted from the management apparatus 1 in the access information storage unit 22 and restricting the communication of the corresponding terminal to the designated access destination.
An access information storage unit 22 stores a MAC address for identifying a terminal transmitted from the management apparatus 1 and a list of access destinations.

Reference numeral 41 denotes terminal information acquisition means for acquiring terminal information such as OS information on the terminal, information on security countermeasure products, and information on operation processes.
Reference numeral 42 denotes terminal information transmission means for transmitting the terminal information acquired by the state corresponding terminal information acquisition means 41 to the management apparatus 1.
Reference numeral 43 denotes countermeasure implementation means for implementing countermeasures in accordance with instructions from the management apparatus 1.

In the present embodiment, the management device 1 performs an inspection (quarantine) on the security setting of the terminal 3 that takes a plurality of states such as domestic take-out, domestic take-out, overseas take-out, overseas take-out, and normal connection state.
Quarantine by the management apparatus 1 is performed when the terminal 3 is located inside the organization (in-house etc.). In other words, for take-out terminals scheduled to be taken out, quarantine is performed at the stage before take-out (stage 3 is in the organization (in-house, etc.)), and for take-out terminals, terminal 3 is taken into the organization. Quarantine is performed at the stage where the terminal 3 is located (the stage where the terminal 3 is inside the organization (in-house etc.)).

  The state-corresponding security information storage unit 16 (state-specific inspection standard information storage unit) stores state-corresponding security information (state-specific inspection standard information) indicating the inspection standard for inspection for the security setting for each state of the terminal 3. Specifically, the state-corresponding security information storage unit 16 includes information indicating inspection criteria when the terminal 3 is in the normal connection state (inspection criterion information for the normal connection state) as the state-corresponding security information, and the terminal 3 is in the take-out state Information (inspection standard information for the scheduled take-out state) when it is in (domestic take-out, overseas take-out), inspection standard when terminal 3 is in the take-out state (domestic take-out, overseas take-out) Stores information (inspection standard information for the take-out state).

  The state corresponding quarantine determination unit 12 (terminal state determination unit) determines the current state of the terminal 3.

The information collecting unit 11 (security setting information receiving unit) receives terminal information (security setting information) indicating the contents of the security setting of the terminal 3.
Security settings will be described later. For example, the security patch application status in the terminal 3, the file pattern and version of anti-virus software, the presence / absence of encryption of confidential information to be taken out, and the BIOS (Basic Input / Output System) password setting. The situation.

  Further, the state-corresponding quarantine determination unit 12 (inspection execution unit) acquires state-corresponding security information corresponding to the determined state of the terminal 3 from the state-corresponding security information storage unit 16, and collects the acquired state-corresponding security information and information. The terminal information received by the means 11 is compared, and the security setting of the terminal 3 is inspected (quarantine).

The access restriction instructing unit 13 (access control unit) determines that the security setting content of the terminal 3 indicated in the terminal information from the terminal 3 does not match the state corresponding security information as a result of the quarantine by the state corresponding quarantine determination unit 12. An instruction is sent to the secure gate device 2 to perform an access prohibition measure for prohibiting the terminal 3 from accessing the network resource 7.
Further, the access restriction instructing unit 13 instructs the secure gate device 2 to set the access destination of the terminal 3 to the countermeasure server device 6, for example.

  In the secure gate device 2, the access restriction execution means 21 blocks access to the network resource 7 of the target terminal 3 based on an instruction from the management device 1, and sets the access destination only to the countermeasure server device 6. Control is performed.

FIG. 3 is an example of terminal state information stored in the terminal state information storage unit 15 of the management apparatus 1 according to the first embodiment.
In FIG. 3, 15-1 is terminal identification information for identifying a terminal. In this example, a MAC address is used. However, any IP address, host name, or the like that can uniquely identify a terminal may be used.
15-2 is a state identification number for identifying the state of the terminal.
This information is for associating the state identification number stored in the state-corresponding security information storage unit 16 with the number recognized by the state-corresponding terminal information acquisition unit 41 on the agent 4, and is the same for a certain state. Must be identification information.
15-3 is a take-out information list. This is a list of files that the take-out terminal takes but should not leak.
In other words, the take-out information list is a list of files that are originally prohibited from being taken out, but are specifically allowed to be taken out for business reasons (but should not be leaked outside).

  In the present embodiment, for example, the user of the terminal 3 applies to the administrator (system administrator) of the management apparatus 1 that the terminal 3 is scheduled to be taken outside or that the terminal 3 has been brought home from the outside. Then, it is assumed that the manager of the management apparatus 1 inputs the terminal status information shown in FIG. 3 using the input means (not shown) of the management apparatus 1 based on the application from the user of the terminal 3.

4 and 5 are examples of security information stored in the state-corresponding security information storage unit 16 of the first embodiment.
FIG. 4 is an example of state identification number table association information indicating a relationship between the state identification number stored in the terminal state information storage unit 15 and the table storing the corresponding state correspondence security information.
16-1 is a state identification number for identifying the state corresponding security information corresponding to the state. This information is for associating the state identification number 15-2 stored in the terminal state information storage unit 15 with the number recognized by the state corresponding terminal information acquisition means 41 on the agent 4, and for a certain state Need to have the same identification information. For example, “1” in the state identification number 16-1 means “domestic export” (from the quarantine policy name 16-2), but in the state identification number 15-2 stored in the terminal state information storage unit 15 The state identification number “1” must be operated as a number meaning “domestic export”, and the state identification terminal information acquisition unit 41 on the agent 4 also sets the status identification number “1” as “national export”. Need to recognize.
16-2 is a name of the quarantine policy corresponding to the state of the terminal, and is an essential item for the administrator to easily recognize the contents of the state identification number.
Reference numeral 16-3 denotes a policy storage table name in which security information serving as a determination criterion corresponding to the state is stored.

  FIG. 5 is an example of security information that is a criterion for determining a terminal to be taken out in the country.

16 (1) -1 is an inspection item of the security patch application deadline.
In the case of the normally connected terminal 3, it is assumed that a grace period is set even if a security patch is provided.
This is because, when a new security patch is provided while the terminal user is on a business trip, in the case of a rule applied on the same day, the user who has returned from the business trip is immediately connected by the access control by the management device 1 and the secure gate device 2. This is because it is assumed that the network resource 7 cannot be accessed by using this, or that if the access restriction to the network resource 7 of all the terminals is performed at the timing when the security patch is applied, it is assumed that the business will be hindered. is there.
However, in the case of a take-out terminal, security threats such as virus infection at the take-out destination are high, so it is desirable to apply the latest security patch. It is an item for making it possible to cope with such an idea. In other words, by setting strict application requirements (the latest security patch application is performed on the same day in FIG. 5) to the security patch application deadline 16 (1) -1, it is stricter than the terminal in the normal connection state for the bring-out terminal Enable operation.
It should be noted that a list of the latest security patches to be applied by the terminal is stored in the management apparatus 1 in relation to the item 16 (1) -1, and the terminal indicated by the terminal information from the terminal 3 as described later. Whether the management device 1 has the latest security patch set in the terminal 3 by collating the security patch information applied to 3 with the latest security patch information stored in the management device 1. Can be judged.
Then, the value “same day” in the item 16 (1) -1 is to request the terminal 3 to apply the latest security patch on the day of the quarantine when the security patch of the terminal 3 is not the latest security patch. Means.

16 (1) -2 is an inspection item of the anti-virus software application deadline.
This is the expiration date for the update of anti-virus software pattern files and engine versions. This item is also an item for enabling handling for the same reason as the security patch.
In addition, in relation to item 16 (1) -2, a list of the latest anti-virus software to be applied by the terminal is stored in the management apparatus 1, and the terminal indicated by the terminal information from the terminal 3 as described later. 3 is collated with the latest anti-virus software information stored in the management device 1, so that the management device 1 sets the latest anti-virus software in the terminal 3. Can be determined.
The value “same day” in the item 16 (1) -2 is that the terminal 3 is requested to apply the latest antivirus software on the day of the quarantine when the security patch of the terminal 3 is not the latest security patch. It means to do.

16 (1) -3 is an inspection item for the encryption check.
Set whether or not to check whether the confidential information taken out at the takeout terminal is encrypted.
Even if confidential information is stored in a normally connected terminal, operation that is not encrypted is permitted. It is envisaged that encryption will be implemented as a measure to prevent the problem. It is an item for making it possible to cope with such an idea.

Reference numeral 16 (1) -4 denotes an inspection item for the file export check.
Whether or not to check whether only the file shown in the take-out information list (15-3 in FIG. 5) is stored in the take-out terminal is set.
This allows operations where confidential information is normally stored in a terminal that is normally connected, but in the case of a take-out terminal, measures are taken to minimize damage when information leaks at the take-out destination. Assuming that information to be taken out is minimized. It is an item for making it possible to cope with such an idea.

16 (1) -5 is an inspection item of the unnecessary file check target information extension list.
This allows operation where confidential information is stored in a normally connected terminal, but in the case of a taking-out terminal, as a measure to minimize damage when information leaks at the take-out destination It is envisaged to minimize the information brought out. Therefore, by specifying the extension of a file that can be confidential information, it is possible to determine whether a file with this extension exists other than the registered information, thereby minimizing the information to be taken Is possible. It is an item for making it possible to cope with such an idea.

16 (1) -6 is an inspection item of the file list not to be checked.
This allows operation where confidential information is stored in a normally connected terminal, but in the case of a taking-out terminal, as a measure to minimize damage when information leaks at the take-out destination It is envisaged to minimize the information brought out. For this reason, unnecessary files are checked, but files attached to software such as template files and help information may have the same extension as confidential information. Since such a file needs to be excluded from the check target, it is an item for making it compatible.

16 (1) -7 is a check item of the BIOS password check.
This is an item corresponding to the presence / absence of the terminal activation authentication setting check. Set whether or not to check that the password is required to be entered when the terminal is activated at the takeout terminal.
This is because a normally connected terminal is less likely to be stolen or the like, but in the case of a take-out terminal, there is a possibility that the terminal may be transferred to another person due to theft or misplacement. As a measure for minimizing this damage, it is assumed that a BIOS password is set. It is an item for making it possible to cope with such an idea.
In addition, since this item is a measure for preventing others from starting the terminal, such an item can be used when implemented by controlling a biometric device or the like.

16 (1) -8 is an inspection item of the BIOS password length.
This is an item corresponding to terminal activation authentication setting analysis difficulty. Even if a BIOS password is set, the effect is low if the password is easy to analyze. Therefore, increasing the password length makes analysis difficult. It is an item for making such analysis difficult.
For the same purpose, for example, it is possible to make an item that requires a password mixed with alphanumeric characters and symbols.
Further, when a biometric device or the like is used, it can be set as an item for increasing the effect when the device is used.
Also, in this item, the analysis difficulty level of the authentication method for terminal activation is set as the terminal activation authentication level, the lowest is no authentication, the next is password, the next is device authentication, etc. Can be defined in the table or in another table.

16 (1) -9 is an inspection item for OS password check.
This is an item corresponding to the presence / absence of the OS use authentication setting check.
It is set whether or not to check that the password input is requested when using the OS at the take-out terminal.
This is because a normally connected terminal is less likely to be stolen or the like, but in the case of a take-out terminal, there is a possibility that the terminal may be transferred to another person due to theft or misplacement. As a measure to prevent this damage to a minimum, setting a logon password is assumed. It is an item for making it possible to cope with such an idea.
In addition, since this item is a measure for preventing others from using the terminal, it can be set as an item corresponding to that when it is implemented by controlling a biometric authentication device or the like.

16 (1) -10 is an inspection item of the OS password length.
This is an item corresponding to the OS use authentication setting analysis difficulty.
Even if an OS password is set, the effect is low if the password is easy to analyze. Therefore, increasing the password length makes analysis difficult. It is an item for making such analysis difficult.
For the same purpose, for example, it is possible to make an item that requires a password mixed with alphanumeric characters and symbols.
Further, when a biometric device or the like is used, it can be set as an item for increasing the effect when the device is used.
Also, in this item, the analysis difficulty level of the authentication method for logging on to the OS is set as the OS use authentication level, the lowest is no authentication, the next is password, the next is device authentication, etc. It is also possible to define that the level is higher than device authentication and to define the analysis difficulty level in this table or in another table.

16 (1) -11 is an inspection item for a screen saver password setting check.
This is an item corresponding to the presence / absence of the lock release authentication setting check when the terminal is not used.
There is a possibility that the user is left logged on to the terminal, such as when the terminal user leaves.
A terminal in a normal connection state is unlikely to be used by another person, but in the case of a take-out terminal, the terminal is likely to be used.
For this reason, even if you are logged on, locking when not in use can reduce the possibility of use by others when you are away from the desk, making it possible to handle such items. is there.
In addition, since this item is a measure for preventing others from using the terminal, it can be set as an item corresponding to that when it is implemented by controlling a biometric authentication device or the like.

16 (1) -12 is an inspection item of the screen saver activation time.
This is an item corresponding to the lock activation time when the terminal is not used.
There is a possibility that the user is left logged on to the terminal, such as when the terminal user leaves.
A terminal in a normal connection state is unlikely to be used by another person, but in the case of a take-out terminal, the terminal is likely to be used. For this reason, even if you are logged on, locking it when not in use will reduce the possibility of other people using it when you are away from your desk, and the time for this lock to be automatically applied. If it is short, the possibility of use by others can be further reduced. It is possible to deal with such items.
In addition, since this item is a measure for preventing others from using the terminal, it can be set as an item corresponding to that when it is implemented by controlling a biometric authentication device or the like.

16 (1) -13 is an inspection item of the unstartable service list.
A normally connected terminal may be accessible from another terminal by a service program or the like that is permitted to be used in the company. Such a setting may be a security hole in the case of a take-out terminal, which may cause virus infection or information leakage. As described above, it is assumed that the activation of a service program that is necessary in the company but is unnecessary for the take-out terminal is prohibited. It is an item for making it possible to cope with such an idea.

As described above, the state-corresponding security information indicates the inspection standard for the inspection for the security setting for each state of the terminal 3.
That is, FIG. 5 shows the inspection standard for the domestic take-out terminal, but the state-corresponding security information storage 16 stores the state-corresponding security information indicating the inspection standard for the terminal in the normal connection state, the inspection for the overseas take-out terminal. The state-corresponding security information indicating the standards, the state-corresponding security information indicating the inspection standards for the domestic take-out terminals, and the state-corresponding security information indicating the inspection standards for the overseas take-out terminals are stored.
The inspection standard for the terminal in the normal connection state is a gradual standard than the inspection standard for the domestic take-out terminal, and the inspection items are also different from those shown in FIG. For example, it is an inspection item for the installed OS name, OS version, application program name, application program version, and the like.
Further, the inspection standard for the overseas take-out terminal, the inspection standard for the domestic take-out terminal, and the inspection standard for the overseas take-out terminal may be the same as or different from the inspection standard for the domestic take-out terminal.
However, as described above, the inspection standard for the terminal in the take-out state (scheduled state for take-out) and the inspection standard for the terminal in the take-out state are stricter than the inspection standard for the terminal in the normal connection state.

Next, an operation when the terminal 3 is taken out in Japan will be described.
First, the outline of the operation of the management device 1, the secure gate device 2, and the terminal 3 (agent 4) will be described with reference to FIG. 18, and then the secure gate device 2, the terminal 3 (agent 4) with reference to FIGS. Each operation of 4) will be described in detail.
In FIG. 18, the management apparatus 1 and the terminal 3 are described as communicating directly, but this is for the sake of simplicity of explanation, and strictly speaking, the management apparatus 1 and the terminal 3 are secure gates. Communication is performed via the relay of the device 2.

In FIG. 18, first, the agent 4 of the terminal 3 acquires terminal information corresponding to the normal connection state of the terminal 3 (S1801), and transmits this to the management apparatus 1 (S1802).
The agent 4 includes, for example, OS name, version, applied service pack, applied security patch information, computer name, IP address, MAC address, registered service information, service setting information, operation process information as terminal information corresponding to the normal connection state. The installed application information, application version information, application setting information, etc. are collected and transmitted to the management apparatus 1.
Note that the access to the network resource 7 is blocked by the secure gate device 2 until the access restriction cancellation (S1810) is performed by the secure gate device 2 to be described later, and the terminal 3 can communicate with only the management device 1. To do.
Further, before the terminal 3 transmits the terminal information, the terminal state information in the terminal state information storage unit 15 of the management device 1 is based on an application from the user of the terminal 3 to the administrator (system administrator) of the management device 1. In FIG. 3, the MAC address of the terminal 3 is described in at least the item of the terminal identification information 15-1, and the state of the terminal 3 (domestic takeout, domestic takeout, etc.) is described in the item of the state identification number 15-2. It shall be.

The management device 1 receives the terminal information, and quarantines the normal item, that is, compares the state-corresponding security information indicating the inspection criteria for the terminal in the normal connection state with the terminal information from the agent 4 ( S1803).
Next, when the terminal 3 has passed the quarantine with the normal items, the management apparatus 1 checks whether or not the state-corresponding quarantine is necessary (S1804). That is, it is confirmed whether the terminal 3 is any of a domestic take-out terminal, an overseas take-out terminal, a domestic take-out terminal, and an overseas take-out terminal. Judge that quarantine using security information is necessary.
Next, the management apparatus 1 transmits a quarantine result notification for notifying the result of the quarantine performed in S1803, and when it is determined in S1804 that state-compliant quarantine is necessary, a status-compatible terminal information acquisition request Is transmitted (S1805).
The status corresponding terminal information acquisition request is a message requesting transmission of status corresponding terminal information corresponding to the current status of the terminal 3 (domestic takeout, domestic takeaway, etc.).
Hereinafter, the description will be continued assuming that the terminal 3 has passed the quarantine in S1803 and the management apparatus 1 is requested to transmit the terminal information corresponding to the domestic export state.
Note that if the terminal 3 passes the quarantine in S1803 and the management apparatus 1 is not requested to transmit the state corresponding terminal information, that is, if the terminal 3 is in the normal connection state, the management apparatus 1 immediately An access restriction release instruction is transmitted to the secure gate device 2 (S1809), and access restriction release is performed in the secure gate device 2 (S1810).

Next, the agent 4 of the terminal 3 collects state corresponding terminal information corresponding to the domestic carry-out state (S1806). Specifically, security setting information corresponding to each inspection item shown in FIG. 5 is collected. For example, the identification information of the security patch last applied to the terminal 3, the application date and time, the version information of the anti-virus software running on the terminal 3, the presence / absence of encryption of confidential information, the identification information of the taken-out file, the BIOS password check Presence / absence of setting, length of set BIOS password, presence / absence of setting of OS password check, length of set OS password, presence / absence of setting of screen saver password, screen saver activation time, type of service that cannot be activated on terminal 3 collect.
Next, the agent 4 of the terminal 3 transmits the collected state corresponding terminal information to the management apparatus 1 (S1807).

The management apparatus 1 receives the state-corresponding terminal information transmitted from the agent 4 of the terminal 3, receives the state-corresponding security information from the agent 4 and the state-corresponding quarantine in the state-corresponding policy, i.e. The quarantine is performed by comparing the state corresponding terminal information (S1808).
Next, when the security setting in the terminal 3 has passed the quarantine in the state correspondence policy, that is, when the content shown in the state correspondence terminal information matches the state correspondence security information for the domestic carry-out state, The management device 1 transmits an access restriction release instruction to the secure gate device 2 (S1809). The access restriction release instruction is an instruction to permit the terminal 3 to access the network resource 7.
On the other hand, if the security setting in the terminal 3 fails the quarantine in the state correspondence policy, that is, if the content shown in the state correspondence terminal information does not match the state correspondence security information for the domestic carry-out state, 1 transmits an access restriction instruction to the secure gate device 2 (S1811). The access restriction instruction is an instruction to block access to the network resource 7 of the terminal 3.

The secure gate device 2 performs access restriction release (S1810) or access restriction (S1812) based on the access restriction release instruction or the access restriction instruction from the management apparatus 1.
In the access restriction (S1812), the secure gate device 2 maintains the interruption of the access to the network resource 7 of the terminal 3 and releases only the access to the countermeasure server device 6.

In addition, the management apparatus 1 transmits a quarantine result notification indicating the quarantine result of S1808 to the terminal 3 (S1813).
The agent 4 of the terminal 3 receives the quarantine result notification and confirms the quarantine result (S1814). If the quarantine result fails, the countermeasure is taken. For example, the agent 4 accesses the countermeasure processing server device 6 and displays a message for the user of the terminal 3 by displaying a message to the user of the terminal 3 such as downloading the latest security patch, downloading anti-virus software, etc. Take measures such as setting a BIOS password.
Further, the agent 4 of the terminal 3 collects the state corresponding terminal information corresponding to the domestic take-out in order to be quarantined again by the management apparatus 1 after the countermeasure is completed (S1806), and again by the management apparatus 1 Request quarantine for

Next, the operation of the agent 4 on the terminal 3 that takes out in Japan will be described with reference to FIG.
First, the state corresponding terminal information acquisition means 41 of the agent 4 acquires terminal information corresponding to the normal connection state of the terminal 3 (ST101).
The terminal information to be acquired includes OS name, version, applied service pack, applied security patch information, computer name, IP address, MAC address, registered service information, service setting information, operation process information, installed application information, application version information, Information such as application setting information.
When the acquisition is completed, the terminal information transmission unit 42 transmits the terminal information acquired in ST101 to the management apparatus 1 (ST102).

When the quarantine is executed in the management apparatus 1 and the quarantine result is transmitted, the countermeasure execution means 43 receives the transmitted quarantine result (ST103).
The countermeasure implementation means 43 determines whether or not the quarantine result includes an acquisition request for information on domestic export (ST104). If there is a request to acquire information for domestic takeout (Yes in ST104), the process proceeds to ST105, and if the result is a pure quarantine result, the process proceeds to ST106.
When the information acquisition request is for domestic take-out, the countermeasure implementation unit 43 instructs the state-compatible terminal information acquisition unit 41 to acquire the state-compatible terminal information for domestic take-out.
The state corresponding terminal information acquisition unit 41 acquires information necessary as state corresponding terminal information for domestic take-out. The acquired terminal information is an item related to the domestic export policy stored in the state corresponding security information storage unit 16. When the acquisition is completed, the process proceeds to ST102 (ST105).

On the other hand, if the result is a quarantine result in ST103 (No in ST104), the countermeasure execution unit 43 determines whether or not the quarantine result is OK (ST106). If it is quarantine OK, the process is terminated. If the quarantine result is NG, the process proceeds to ST107.
In ST107, the countermeasure execution means 43 performs the countermeasure action, and after the countermeasure is completed, proceeds to ST101 to execute the quarantine again.

Next, the operation of the secure gate device 2 will be described with reference to FIG.
The access restriction enforcement means 21 receives access restriction information (access restriction release instruction or access restriction instruction) from the management apparatus 1 (ST111). The access restriction information includes a MAC address and an access destination list.
The access restriction implementing means 21 determines whether or not it is an access restriction instruction requesting access restriction from the received content (ST112). Specifically, if there is an access destination list corresponding to the MAC address, it is determined as an access restriction instruction, and the process proceeds to ST113. If there is no access destination list corresponding to the MAC address, it is determined as an access restriction release instruction, and the process proceeds to ST115.
When determining that it is an access restriction instruction (Yes in ST112), the access restriction executing means 21 stores the access destination list acquired in ST111 in the access information storage unit 22 (ST113).
Thereafter, the communication of the terminal 3 instructed to restrict access is blocked if it is not the access destination described in the access destination list stored in the access information storage unit 22, and only the described one is permitted (ST114). ). Specifically, for example, the countermeasure server device 6 is described in the access destination list.
On the other hand, when it is determined that the access restriction is released (No in ST112), the entry of the corresponding MAC address stored in the access information storage unit 22 is deleted based on the MAC address information acquired in ST111 ( ST115).
Thereafter, the communication restriction of the terminal 3 instructed to release the access restriction is not implemented (ST116). Therefore, the terminal 3 can access the network resource 7.

Next, the operation of the management apparatus 1 will be described with reference to FIG.
The information collecting means 11 receives the terminal information from the terminal 3, and stores the received terminal information in the terminal information storage unit 17 (ST121) (security setting information receiving step).
The state corresponding quarantine determination unit 12 determines whether or not the acquired information is state corresponding terminal information (ST122). When it is state corresponding terminal information, it progresses to ST123. If it is normal terminal information, the process proceeds to ST127.
If the received terminal information is the state corresponding terminal information corresponding to the domestic takeout terminal (Yes in ST122), the state corresponding quarantine determination means 12 stores the domestic information stored in the state corresponding security information storage unit 16. Based on the export quarantine policy information, a quarantine determination is made as to whether or not the terminal 3 can connect to the network (ST123) (inspection execution step). That is, the state-corresponding quarantine determination unit 12 performs quarantine by comparing the state-corresponding security information indicating the inspection criteria for the domestic brought-out state and the state-corresponding terminal information from the agent 4.
Thereafter, the state corresponding quarantine determination unit 12 stores the quarantine result in the quarantine result storage unit 18.
Next, the access restriction instructing unit 13 refers to the quarantine result stored in ST123 (ST124). If the quarantine result is OK, the process proceeds to ST125. If the quarantine result is NG, the process proceeds to ST129.
If the quarantine result is OK (Yes in ST124), the access restriction instructing unit 13 acquires an access destination for quarantine OK (empty access destination) stored in the access restriction information storage unit 19, A list in which the MAC address and access destination of the terminal 3 that has executed the quarantine does not exist is created and transmitted to the secure gate device 2, and an access restriction release instruction for the terminal 3 is executed (ST125).
Further, the countermeasure instruction unit 14 returns the quarantine result to the terminal 3 (ST126).

On the other hand, if the received terminal information is normal terminal information (in the case of No in ST122), the state-corresponding quarantine determining unit 12 stores the policy information of the normally connected terminal stored in the state-corresponding security information storage unit 16. The quarantine determination is carried out based on (ST127). That is, quarantine is performed by comparing the state corresponding security information indicating the inspection criteria for the terminal in the normal connection state with the terminal information from the agent 4.
Thereafter, the state corresponding quarantine determination unit 12 stores the quarantine result in the quarantine result storage unit 18.
The state corresponding quarantine determination means 12 determines the quarantine result (ST128).
The access restriction instructing unit 13 refers to the quarantine result stored in ST127. If the quarantine result is NG, the access restriction instructing unit 13 proceeds to ST129. If the quarantine result is OK, the process proceeds to ST130.
When the quarantine result is NG (No in ST124 or No in ST128), the access restriction instructing unit 13 acquires the quarantine NG countermeasure access destination stored in the access restriction information storage unit 19, and quarantines. A list in which the MAC addresses of the terminals 3 that have performed the above are combined is created, transmitted to the secure gate device 2, and an access restriction instruction for the terminal 3 specified by the MAC address is executed (ST129). Specifically, the countermeasure access destination is, for example, the countermeasure treatment server device 6.

If the quarantine in the normal item is OK (Yes in ST128), the state-corresponding quarantine determining means 12 is a terminal for which the terminal 3 has to perform state-corresponding quarantine on the terminal state information storage unit 15. It is checked whether or not it is registered (ST130) (terminal state determination step). Specifically, it is determined whether the terminal identification information 15-1 of the terminal state information in FIG. 3 indicates the MAC address of the terminal 3 that has quarantined, and the MAC address of the terminal 3 is indicated. In this case, the state of the terminal 3 is determined from the number of the state identification number 15-2.
In the case of a terminal that has to perform quarantine in a state different from the normal connection state, the process proceeds to ST131. If quarantine of the normally connected terminal is sufficient, the process proceeds to ST125.
In the case of a terminal that needs to execute quarantine in a state different from the normal connection state (Yes in ST130), the countermeasure instruction unit 14 stores the state identification number 15-2 stored in the terminal state information storage unit 15 Is transmitted to the terminal 3, and an acquisition request for state-compatible terminal information is issued (ST131).
On the other hand, if the quarantine of the normally connected terminal is acceptable (No in ST130), the secure gate device 2 is instructed to release the access restriction of the terminal 3 (ST125), and the quarantine result is notified to the terminal 3 (ST126).

In the present embodiment, the normal connection state, the domestic take-out state, the domestic take-out state, the overseas take-out state, and the overseas take-out state are taken as examples of the terminal state. In-house special area take-out state, in-house take-out state to another base, in-house take-out state from another base, and state-compatible security information for these states may be prepared.
In this embodiment, the terminal to be taken out in the country is described. However, when taking out abroad, even if the terminal is taken out to a special area in the company or to another base in the company, the same operation as in the case of taking out to the country is performed.
In addition, the special areas in the company are assumed to be locations where partner companies are located and free access areas such as conference rooms.

  In addition, as criteria information for taking out terminals to special areas in the company and other locations in the company, for example, security patch application deadline, anti-virus software latest version application deadline, presence / absence of encryption check of takeout file, existence of takeout file Existence of check, existence of files other than export files, check target extension list, unchecked file list, presence / absence of terminal activation authentication setting check, terminal activation authentication setting analysis difficulty, OS use authentication setting check Check items related to presence / absence, OS use authentication setting analysis difficulty, presence / absence of lock release authentication setting check when terminal is not used, lock start time when terminal is not used, unstartable service list, and the like can be considered.

  Further, regarding overseas take-out status and overseas take-out status, country-specific take-out status and country-specific take-out status may be provided, and state-compatible security information may be prepared for each country.

  In addition, the criteria for determining the terminal to be taken overseas include, for example, the security patch application deadline, the list of software that cannot be installed in the country to be taken out, the presence / absence check of the taken-out file, and the existence check of files other than the taken-out file. Extension list of files to be checked, list of files not to be checked, presence / absence of encryption check of file to be taken out by encryption software corresponding to country to be taken out, presence / absence of terminal activation authentication setting check, difficulty in analyzing terminal activation authentication setting, OS use authentication Check items such as presence / absence of setting check, OS usage authentication setting analysis difficulty, presence / absence of unlocking authentication setting check when terminal is not used, lock activation time when terminal is not used, unstartable service list, etc.

  In the above description, the normal connection state is quarantined first, and then the quarantine is performed according to the terminal state. However, the terminal information is acquired from the agent according to the normal terminal information and the state. And quarantine may be performed at the same time.

  In the above description, the secure gate device is used to restrict the communication destination of the network. However, the information stored in the access restriction information storage unit is the information for VLAN switching, and the authentication VLAN is used. It is good also as a form.

  In the above description, the secure gate device is used to restrict the communication destination of the network. However, the IP address information to be assigned to the information to be stored in the access restriction information storage unit is set as DHCP (Dynamic Host Configuration). (Protocol) server may be used.

  Further, in the above description, the secure gate device and the management device are configured separately, but may be configured to perform a quarantine determination performed by the management device in the secure gate device.

In addition, for data stored in the state-corresponding security information storage unit that is a criterion for executing the quarantine, automatic download from a server corresponding to the security information, registration using a medium such as a CD-ROM, and a registration screen It is assumed that the storage is performed by means such as registration from the administrator.
Further, as described above, the data stored in the terminal state information storage unit is stored by means such as registration from a user or registration by an administrator.

  As described above, according to the first embodiment, when it is determined that the terminal 3 is a domestic take-out terminal, the corresponding terminal information is acquired, and the quarantine is performed according to the determination criterion corresponding to the state. As a result, it is guaranteed that the latest security patches and the latest anti-virus software will be installed only on the mobile devices where the threat of virus infection is high, so the possibility of virus infection is reduced. However, it is possible to maintain the security level in the conventional normal operation for the terminals normally connected in the company.

  As described above, according to the first embodiment, when it is determined that the terminal 3 is a domestic take-out terminal, the corresponding terminal information is acquired, and the quarantine is performed according to the determination criterion corresponding to the state. As a result, only the take-out terminals that threaten to leak information are compulsory to encrypt confidential documents and prohibit the take-out of unnecessary confidential information. In this way, it is possible to carry out normal operations that hold confidential information.

  As described above, according to the first embodiment, when it is determined that the terminal 3 is a domestic terminal, the corresponding terminal information is acquired, and the quarantine is performed according to the determination criterion corresponding to the state. As a result, only the takeout terminal, which has a high threat of information leak, is forced to encrypt confidential documents and prohibit the takeout of unnecessary confidential information. Can be lowered.

  As described above, according to the first embodiment, when it is determined that the terminal 3 is a domestic take-out terminal, the corresponding terminal information is acquired, and the quarantine is performed according to the determination criterion corresponding to the state. As a result, it is possible to enforce a high-level authentication method only for the take-out terminal where the threat of information outflow is high, and the possibility of information outflow and unauthorized use of the take-out terminal can be reduced.

  As described above, according to the first embodiment, since the quarantine of the normal terminal is always performed, the information of the determination criterion corresponding to the state can be only a part different from that of the normal quarantine. Management is easy because there is no need to make the settings.

As described above, in the present embodiment, there are a terminal including an agent, a secure gate device that controls communication of the terminal, and a management device that instructs to release control / control of communication of the terminal according to the state of the terminal. In a quarantine network system connected to each other via a network,
A state corresponding terminal information acquisition means for acquiring terminal information corresponding to the state of the terminal to the agent on the terminal;
The management device
A terminal state information storage unit for storing terminal state information;
A state-corresponding security information storage unit that stores information serving as a determination criterion for determining whether or not the terminal is connectable to a network according to the state of the terminal;
Based on the terminal information stored in the terminal status information storage unit, it can be connected to the network by comparing the information used as a criterion stored in the state corresponding security information storage unit with the terminal information transmitted from the agent. Equipped with a state-aware quarantine judging means for judging whether or not there is,
A take-out terminal quarantine network system has been described in which acquired information and determination criteria are changed according to the state of the terminal, and quarantine corresponding to the state of the terminal is performed.

  Further, in the present embodiment, the terminal state is one of normal connection state, internal special area take-out state, internal special area take-out state, domestic take-out state, domestic take-out state, overseas take-out state, and overseas take-out state. A take-out terminal quarantine network system has been described in which a plurality of pieces of state information are stored in the terminal state information storage unit.

  Further, in the present embodiment, the take-out terminal quarantine network system has been described in which the take-out state by country and the take-out state by country are set as the state information stored in the terminal state information storage unit.

  Further, in the present embodiment, as a terminal status, a taken-out terminal quarantine network system in which the taken-out status for each in-house location and the taken-out status for each in-house location are set as status information stored in the terminal status information storage unit explained.

  Further, in the present embodiment, the take-out terminal quarantine network system has been described in which the list of confidential information to be taken out is the status information stored in the terminal status information storage unit as the status information of the terminal.

  Further, in the present embodiment, the management device is provided with the status corresponding terminal information acquisition means providing means, the agent is provided with the status correspondence terminal information acquisition means execution means, and the management device acquires the terminal information corresponding to the status. Explained the mobile terminal quarantine network system.

Embodiment 2. FIG.
In the first embodiment described above, only the terminal to be taken out is quarantined according to the criteria for taking out domestically with respect to the terminal to be taken out in the country. An embodiment in which quarantine is performed according to a judgment standard for take-out in Japan is shown.

  FIG. 9 is an example of state-corresponding security information that is a determination criterion when the terminal taken out in the country is taken home.

16 (2) -1 is an inspection item of the security patch application time limit.
In the case of a normally connected terminal, it is assumed that a grace period is set even if a security patch is provided. This is because if a new security patch is provided during a business trip, or if the rule is applied on the same day, the user who returns from the business trip cannot use the terminal immediately, or the security patch is applied at all times when the security patch is applied. This is because if the terminal network is restricted, it is assumed that the business will be hindered.
However, in the case of a take-out terminal, security threats such as virus infection are high, so it is desirable to apply the latest security patch. It is an item for making it possible to cope with such an idea.

16 (1) -2 is an inspection item of the anti-virus software application deadline.
This is the expiration date for the update of anti-virus software pattern files and engine versions. This item is also an item for enabling handling for the same reason as the security patch.

16 (1) -3 is an inspection item on the virus infection check implementation date.
In the case of a normally connected terminal, since the possibility of virus infection is low, it is assumed that the virus infection check is regularly performed during a time zone not related to business. This is because the virus infection check retrieves all information on the terminal, so that it is assumed that the load on the terminal is increased and the business is affected.
However, in the case of a take-out terminal, security threats such as virus infection increase, so it is desirable to permit network connection after determining that virus infection has not occurred. It is an item for making it possible to cope with such an idea.

  The number of inspection items of the state-corresponding security information in FIG. 9 is smaller than the inspection items of the state-corresponding security information in FIG. 5, for example, 16 (1) -3 to 16 (1) -13 in FIG. This is because the inspection items need only be inspected in the domestic take-out state, so that it is less necessary to be inspected in the case of the domestic take-out state.

The operation when the terminal 3 is taken home is the same as that of the first embodiment, the terminal state is not taken out in the country but is taken out in the country, and the contents of the terminal information to be acquired and the items to be inspected are only changed. There are examples of the items shown in FIG.
That is, the domestic take-out terminal transmits state-compatible terminal information corresponding to the domestic take-out state to the management device 1, and the management device 1 provides the state-compatible security information indicating the inspection standard for the domestic take-out state and the domestic take-out terminal. Quarantine is performed by comparing the status-compatible terminal information from.
The domestic take-out terminal cannot access the network resource 7 until it passes the quarantine by the management device 1 and the access restriction is released by the secure gate device 2.
If the quarantine by the management apparatus 1 fails, the domestic take-out terminal accesses the countermeasure processing server apparatus 6 and performs countermeasure measures.
The network configuration example according to the present embodiment is the same as that shown in FIG. 1, and the configuration examples of the management device 1, the secure gate device 2, and the agent 4 are also the same as those shown in FIG.

In the present embodiment, a terminal taken home from Japan has been described. However, the same operation is performed even if the terminal is taken home from overseas, a special area in the company, or another base in the company.
In-house special areas are assumed to include locations where partner companies are located and free access areas such as conference rooms.

  For example, inspection items relating to a security patch application deadline, latest anti-virus software application deadline, virus infection check execution date, and the like can be considered as criteria for taking out a terminal from a special area in the company or from another base in the company.

  In addition, as criteria for determining take-out terminals from overseas, for example, inspection items related to a security patch application deadline, the latest version application deadline of anti-virus software, a virus infection check execution date, a list of necessary security software, and the like can be considered.

  As described above, according to the second embodiment, when it is determined that the terminal 3 is a domestic take-out terminal, the corresponding terminal information is acquired, and the quarantine is performed according to the determination criterion corresponding to the state. As a result, it is guaranteed that the latest security patch is applied only to take-out devices with high possibility of virus infection, the latest anti-virus software is installed, and the virus infection is confirmed by the latest anti-virus software. While it is possible to reduce the possibility of terminal network connection, it is possible to maintain the security level in the conventional normal operation for terminals normally connected in the company.

  In addition, as described above, according to the second embodiment, since the quarantine of the normal terminal is always performed, the information of the determination criterion corresponding to the state can be only a part different from the normal quarantine. Therefore, it is not necessary to make duplicate settings, and management becomes easy.

Embodiment 3 FIG.
In the above embodiment, a terminal having a different state is quarantined according to the determination criterion corresponding to the state, but the network is next used when the take-out terminal is not in the take-out state. An embodiment for quarantine when connected is shown.

FIG. 10 is a block diagram illustrating a configuration example of each device of the quarantine network system according to the third embodiment.
In FIG. 10, 301 uses terminal information stored in the terminal information storage unit 17, terminal state information stored in the terminal state information storage unit 302, and security information stored in the state corresponding security information storage unit 16. It is a state-corresponding quarantine determination unit that determines whether or not the terminal 3 that has performed network connection is in a state where it can be connected to the network, and stores the determination result in the quarantine result storage unit 18.
Reference numeral 302 denotes a terminal state information storage unit that stores state information of the terminal 3.

As will be described later, the terminal status information storage unit 302 manages the takeout start date and time (takeout start time), which is the date and time when the domestic takeout terminal (terminal that is scheduled to be taken out) is scheduled to be taken outside (external environment). is doing.
The terminal status information storage unit 302 that manages the takeout start date and time is an example of a takeout start time management unit.
Then, the state-corresponding quarantine determination unit 301 stores the terminal state information when the information collection unit 11 receives normal terminal information from any of the terminals 3 and the current state of the terminal 3 is the domestic take-out state. It is determined whether or not the takeout start date and time of the terminal 3 managed by the unit 302 is a time before the current time, and when the takeout start date and time is a time before the current time, access The restriction instruction unit 13 is instructed to perform an access prohibition measure for prohibiting access to the network resource of the terminal device.
The elements other than the state corresponding quarantine determination unit 301 and the terminal state information storage unit 302 are the same as those shown in FIG.

FIG. 11 is an example of terminal state information stored in the terminal state information storage unit 302 of the third embodiment.
In FIG. 11, 15-1 to 15-3 are the same as those in the first embodiment.
301-1 is a take-out start date and time. This is the date and time when the terminal is actually taken out of the office (external environment). The takeout start date and time is an example of the takeout start time.
The take-out start date 302-1 is also the same as the terminal identification information 15-1, the state identification number 15-2, and the take-out information list 15-3, as shown in the first embodiment, for example, the terminal 3 The user of the management device 1 applies to the administrator (system administrator) of the management device 1 for the date and time when the user intends to take out the terminal 3 to the outside. Assume that the take-out start date 302-1 is input using the input means (not shown) of the management apparatus 1 based on the application from the user of the terminal 3.

Next, the operation of the management apparatus 1 will be described with reference to FIG.
In FIG. 12, except for ST301, the operation is basically the same as the operation shown in FIG.

First, the information collecting unit 11 receives terminal information from the terminal 3, and stores the received terminal information in the terminal information storage unit 17 (ST121).
The state correspondence quarantine determination unit 301 determines whether or not the acquired information is state correspondence terminal information (ST122). When it is state corresponding terminal information, it progresses to ST123. If it is normal terminal information, the process proceeds to ST127.
When the information is state-corresponding terminal information (in the case of Yes in ST122), the state-corresponding quarantine determination unit 301 determines the terminal 3 based on the corresponding state-corresponding security information stored in the state-corresponding security information storage unit 16. A quarantine determination is made as to whether or not to connect to the network, and the result is stored in the quarantine result storage unit 18 (ST123).
The access restriction instruction means 13 refers to the quarantine result stored in ST123 (ST124).
If the quarantine result is OK, the process proceeds to ST125. If the quarantine result is NG, the process proceeds to ST129.

If the quarantine result is OK (Yes in ST124 or No in ST130), the access restriction instructing means 13 acquires the access destination for quarantine OK stored in the access restriction information storage unit 19, and performs the quarantine. A list in which the MAC address and access destination of the implemented terminal 3 do not exist is created, transmitted to the secure gate device, and an access restriction release instruction for the terminal 3 is implemented (ST125).
The countermeasure instruction unit 14 returns the quarantine result to the terminal 3 (ST126).

When the terminal information is normal terminal information (No in ST122), the state-corresponding quarantine determining unit 301 determines the quarantine based on the policy information of the normally connected terminal stored in the state-corresponding security information storage unit 16. And store the result in the quarantine result storage unit 18 (ST127).
The state corresponding quarantine determination unit 301 determines the quarantine result (ST128).
The access restriction instructing unit 13 refers to the quarantine result stored in ST127. If the quarantine result is NG, the access restriction instructing unit 13 proceeds to ST129. If the quarantine result is OK, the process proceeds to ST130.
If the quarantine result is NG (No in ST124, No in ST128, or Yes in ST301), the access restriction instructing unit 13 selects the access destination for countermeasures of the quarantine NG stored in the access restriction information storage unit 19. A list obtained by combining the MAC addresses of the terminals 3 that have been acquired and quarantined is created, transmitted to the secure gate device, and an access restriction instruction for the terminals 3 specified by the MAC addresses is executed (ST129).

If the quarantine result is OK (Yes in ST128), whether or not the state-corresponding quarantine determination unit 301 is registered in the terminal state information storage unit 302 as a terminal that should perform state-compliant quarantine It is checked whether or not (ST130). In the case of a terminal that needs to perform quarantine in a state different from the normal connection, the process proceeds to ST301. If the quarantine of the normally connected terminal is acceptable, the quarantine result is stored in the quarantine result storage unit 18, and the process proceeds to ST125.
In the case of a terminal that needs to execute quarantine in a state different from the normal connection state (Yes in ST130), the state-corresponding quarantine determination unit 301 determines the terminal from the information stored in the terminal state information storage unit 302. It is determined whether or not 3 is in a take-out state at any location and the current date and time is the date and time after the start of take-out (ST301).
If the condition is satisfied, the terminal is determined to be an unauthorized terminal, and the process proceeds to ST129. If the condition is not satisfied, the process proceeds to ST131 in order to perform normal processing.
When the condition is not satisfied (No in ST301), the countermeasure instruction unit 14 transmits the state identification number stored in the terminal state information storage unit 302 to the terminal 3, and requests for acquisition of the state corresponding terminal information (ST131).

In the above ST301, when the condition is satisfied, that is, when the take-out start date / time is earlier than the current date / time, it is determined that the terminal information is transmitted from an unauthorized terminal. When the takeout start time is a date and time later than the current time, the terminal information is transmitted for quarantine with respect to the terminal scheduled to be taken out.
On the other hand, when the terminal is taken home, there is an application for domestic take-out from the user of the terminal to the manager (system manager) of the management apparatus 1, and the status identification number 15-2 in the terminal status information storage unit 302 is received. Since the terminal information is transmitted from the domestic take-out terminal after the “domestic take-out” is changed to “domestic take-out”, the status identification number 15-2 of the terminal status information storage unit 302 is set to “domestic take-out”. If it is “out” and the take-out start date / time is earlier than the current date / time, the terminal information for quarantine is not sent to the terminal scheduled to be taken out, or the terminal information is sent from a domestic take-out terminal. Therefore, it is recognized that the terminal information is transmitted from an unauthorized terminal.

In the present embodiment, the terminal to be taken out in Japan is described. However, the same operation is performed even when the terminal is taken overseas, when it is taken out to a special area in the company or to another base in the company.
In-house special areas are assumed to include locations where partner companies are located and free access areas such as conference rooms.

  As described above, according to the third embodiment, when it is determined that the terminal 3 is a take-out terminal, the take-out start date and time are compared with the current date and time, and after the start of take-out, the take-out state is not established. However, since the terminal connected to the network is determined to be an unauthorized terminal and the network connection is rejected, it is possible to prevent a terminal that does not perform correct processing from being connected to the network.

  As described above, in the present embodiment, the take-out terminal quarantine network system that does not permit network connection when the take-out terminal does not carry out take-out quarantine has been described.

Embodiment 4 FIG.
In the above embodiment, terminals with different states are quarantined according to the determination criteria corresponding to the state, but when the quarantine determination of the takeout terminal is performed next, the terminal state information The embodiment to change is shown.

FIG. 13 is a block diagram illustrating a configuration example of each device of the quarantine network system according to the fourth embodiment.
In FIG. 13, 401 uses the terminal information stored in the terminal information storage unit 17, the terminal state information stored in the terminal state information storage unit 302, and the security information stored in the state corresponding security information storage unit 16, When it is determined whether the terminal 3 that has been connected to the network is in a state where it can be connected to the network, the determination result is stored in the quarantine result storage unit 18, and when the quarantine of the take-out terminal is successful, It is a state-corresponding quarantine determination unit that updates the information of the corresponding terminal stored in the terminal state information storage unit 302 to the normal connection state.
The elements other than the state corresponding quarantine determination unit 401 are the same as those shown in FIG.

The operation of the management apparatus 1 will be described with reference to FIG.
In FIG. 14, except for ST401 and ST402, in principle, the operation is the same as that shown in FIG.

First, the information collecting unit 11 receives terminal information from the terminal 3, and stores the received terminal information in the terminal information storage unit 17 (ST121).
The state correspondence quarantine determination unit 401 determines whether or not the acquired information is state correspondence terminal information (ST122). When it is state corresponding terminal information, it progresses to ST123. If it is normal terminal information, the process proceeds to ST127.
When the information is state-corresponding terminal information (in the case of Yes in ST122), the state-corresponding quarantine determination unit 301 determines the terminal 3 based on the corresponding state-corresponding security information stored in the state-corresponding security information storage unit 16. A quarantine determination is made as to whether or not to connect to the network, and the result is stored in the quarantine result storage unit 18 (ST123).
The access restriction instruction means 13 refers to the quarantine result stored in ST123 (ST124). If the quarantine result is OK, the process proceeds to ST401. If the quarantine result is NG, the process proceeds to ST129.
If the quarantine result is OK (Yes in ST124), the state-corresponding quarantine determination unit 401 determines whether the terminal 3 is a take-out terminal (ST401). In the case of a take-out terminal, the process proceeds to ST402. If it is not a take-out terminal, the process proceeds to ST125.
When the terminal is a take-away terminal (Yes in ST401), the state-corresponding quarantine determination unit 401 updates the state of the corresponding terminal stored in the terminal state information storage unit 302 and sets the normal connection state (ST402).
When the quarantine result is OK and the terminal is not a take-away terminal (No in ST130 or No in ST401), or after the terminal status information is updated in ST402, the access restriction instructing unit 13 accesses the access restriction information storage unit 19 The access destination for the quarantine OK stored in the quarantine is acquired, and a list in which the MAC address and the access destination of the terminal 3 that has executed the quarantine does not exist is transmitted to the secure gate device. Implement (ST125).
The countermeasure instruction unit 14 returns the quarantine result to the terminal 3 (ST126).

On the other hand, if the terminal information is normal terminal information (No in ST122), the state-corresponding quarantine determination unit 301 determines the quarantine based on the policy information of the normally connected terminal stored in the state-corresponding security information storage unit 16. And store the result in the quarantine result storage unit 18 (ST127).
The state corresponding quarantine determination unit 301 determines the quarantine result (ST128).
The access restriction instructing unit 13 refers to the quarantine result stored in ST128, and when the quarantine result is NG, the process proceeds to ST129. If the quarantine result is OK, the process proceeds to ST130.
If the quarantine result is NG (No in ST124, No in ST128, or Yes in ST301), the access restriction instructing unit 13 selects the access destination for countermeasures of the quarantine NG stored in the access restriction information storage unit 19. A list obtained by combining the MAC addresses of the terminals 3 that have been acquired and quarantined is created, transmitted to the secure gate device, and an access restriction instruction for the terminals 3 specified by the MAC addresses is executed (ST129).

If the quarantine result is OK (Yes in ST128), whether or not the state-corresponding quarantine determination unit 401 is registered in the terminal state information storage unit 302 as a terminal for which the terminal 3 must perform state-compliant quarantine It is checked whether or not (ST130).
In the case of a terminal that needs to perform quarantine in a state different from the normal connection state, the process proceeds to ST301. If the quarantine of the normally connected terminal is sufficient, the quarantine result is stored in the quarantine result storage unit 18, and the process proceeds to ST125.

In the case of a terminal that needs to perform quarantine in a state different from the normal connection state (Yes in ST130), the state-corresponding quarantine determination unit 401 determines the terminal from the information stored in the terminal state information storage unit 302. It is determined whether or not 3 is in a take-out state at any location and the current date and time is the date and time after the start of take-out (ST301). If the condition is satisfied, the terminal is determined to be an unauthorized terminal, and the process proceeds to ST129. If the condition is not satisfied, the process proceeds to ST131 in order to perform normal processing.
When the condition is not satisfied (No in ST301), the countermeasure instruction unit 14 transmits the state identification number stored in the terminal state information storage unit 302 to the terminal 3, and requests for acquisition of the state corresponding terminal information (ST131).

  As described above, in the present embodiment, the state-corresponding quarantine determination unit 401 checks the security setting of the terminal determined to be in the take-away state, and as a result, the content of the security setting indicated in the state-compatible terminal information of the terminal is When the inspection criteria for the take-out state are met, the terminal state information of the terminal stored in the terminal state information storage unit 302 is updated to information indicating that the terminal is in the normal connection state.

In the present embodiment, a terminal taken home from Japan has been described. However, the same operation is performed even if the terminal is taken home from overseas, a special area in the company, or another base in the company.
In-house special areas are assumed to include locations where partner companies are located and free access areas such as conference rooms.

  As described above, according to the fourth embodiment, when it is determined that the terminal 3 is a take-away terminal, the terminal state is updated to the normal connection terminal when the quarantine is successfully performed based on the determination criteria in the take-out state. Therefore, there is no omission in update processing, and a terminal that has succeeded in quarantine can be used without any trouble in normal operations.

  As described above, in the present embodiment, the take-out terminal quarantine network system that cancels the take-out state when the quarantine of the take-out terminal is OK has been described.

Embodiment 5. FIG.
In the above embodiment, for example, it is assumed that the terminal state information is set in the terminal state information storage unit 15 by the input of the system administrator. 4 shows an embodiment for changing terminal state information.

FIG. 15 is a diagram illustrating a configuration example of the quarantine network system according to the present embodiment.
In FIG. 15, a WF (workflow) server apparatus 501 is a workflow system that processes an application for taking out or taking out a terminal in an in-house system.
Hereinafter, it is also simply referred to as a WF server 501.
In FIG. 15, the elements other than the WF server 501 are the same as those shown in FIG.

In the present embodiment, the user of the terminal 3 performs a take-out application procedure (hereinafter simply referred to as a take-out application) to the WF server 501 before taking out the terminal, and completes the take-out application by the WF server 501. It shall be obligatory. Further, if the terminal 3 scheduled to be taken out does not pass the quarantine by the management apparatus 1, the WF server 501 is in an operation in which the take-out application for the terminal 3 is not completed.
Similarly, in the present embodiment, the user of the terminal 3 performs a take-out application procedure (hereinafter also simply referred to as a take-out application) to the WF server 501 when the terminal is taken out, and the WF server 501 applies the take-out application. It is required to be completed. Further, if the terminal 3 that has been taken home does not pass the quarantine by the management apparatus 1, the WF server 501 is in an operation that does not complete the take-away application for the terminal 3.

FIG. 16 is a block diagram illustrating a configuration example of each device of the quarantine network system according to the fifth embodiment.
In FIG. 16, reference numeral 502 denotes information collection means for receiving status information from the terminal or receiving application information from the WF server 501 that performs processing for taking out and taking out.
503 is a workflow for receiving application information from the WF server 501 for carrying out take-out and take-out application processing, updating information in the terminal state information storage unit 302 based on the received contents, and notifying the WF server 501 of a quarantine result. It is a means of cooperation.
In the present embodiment, the workflow cooperation unit 503 is an example of a workflow cooperation unit.
The elements other than the information collection unit 502 and the workflow cooperation unit 503 are the same as those shown in FIG.

Next, the operation of the management apparatus 1 will be described with reference to FIG.
In FIG. 17, the operations other than ST501 to S504 are basically the same as the operations shown in FIG.

Information collecting means 502 receives information from terminal 3 or WF server 501 (ST501).
The information collecting unit 502 determines whether the received information is information from the terminal 3 or information from the WF server 501 (ST502).
In the case of information from the terminal 3, the received terminal information is stored in the terminal information storage unit 17, and the process proceeds to ST122. In the case of information from the WF server 501, the process proceeds to ST503.

In the case of information from the WF server 501 (in the case of No in ST502), the workflow cooperation unit 503 updates the information on the terminal with the application in the terminal state information storage unit 302 based on the application content (ST503).
As described above, the workflow cooperation unit 503 updates the terminal state information in accordance with the notification from the WF server 501, and the state correspondence quarantine determination unit 301 determines whether or not the state correspondence quarantine determination unit 301 from the WF server 501 determines the necessity of the state correspondence check in ST130 described later. Based on the terminal state information updated based on the notification, it can be determined whether the current terminal state is the normal connection state, the take-out state, or the take-out state.

When the information is from the terminal in ST502 (Yes in ST502), the state corresponding quarantine determination unit 301 determines whether or not the acquired information is state corresponding terminal information (ST122).
When it is state corresponding terminal information, it progresses to ST123. If it is normal terminal information, the process proceeds to ST127.
When the information is state-corresponding terminal information (in the case of Yes in ST122), the state-corresponding quarantine determination unit 301 determines the terminal 3 based on the corresponding state-corresponding security information stored in the state-corresponding security information storage unit 16. A quarantine determination is made as to whether or not to connect to the network, and the result is stored in the quarantine result storage unit 18 (ST123).
The access restriction instruction means 13 refers to the quarantine result stored in ST123 (ST124). If the quarantine result is OK, the process proceeds to ST504. If the quarantine result is NG, the process proceeds to ST129.

If the quarantine result is OK (Yes in ST124), the workflow cooperation unit 503 returns the quarantine result to the WF server 501 (ST504).
As described above, the workflow cooperation unit 503 notifies the WF server device 501 of the result of the inspection performed on the terminal by the state corresponding quarantine determination unit 301.

Next, the access restriction instructing unit 13 acquires the access destination for quarantine OK stored in the access restriction information storage unit 19 and creates a list in which the MAC address of the terminal 3 that has performed the quarantine and the access destination do not exist. The terminal 3 transmits an access restriction release instruction to the secure gate device (ST125).
The countermeasure instruction unit 14 returns the quarantine result to the terminal 3 (ST126).

On the other hand, if the received terminal information is normal terminal information (in the case of No in ST122), the state-corresponding quarantine determination unit 301 stores the policy information of the normally connected terminal stored in the state-corresponding security information storage unit 16. The quarantine determination is carried out based on (ST127).
The state corresponding quarantine determination unit 301 determines the quarantine result (ST128).
The access restriction instructing unit 13 refers to the quarantine result stored in ST123. If the quarantine result is NG, the access restriction instructing unit 13 proceeds to ST129. If the quarantine result is OK, the process proceeds to ST130 (ST127).
If the quarantine result is NG (No in ST124, No in ST128, or Yes in ST301), the access restriction instructing unit 13 selects the access destination for countermeasures of the quarantine NG stored in the access restriction information storage unit 19. A list obtained by combining the MAC addresses of the terminals 3 that have been acquired and quarantined is created, transmitted to the secure gate device, and an access restriction instruction for the terminals 3 specified by the MAC addresses is executed (ST129).

On the other hand, if the quarantine result is OK (Yes in ST128), the state-corresponding quarantine determination unit 301 is registered in the terminal state information storage unit 302 as a terminal for which the terminal 3 must perform state-compliant quarantine. It is checked whether or not (ST130).
As described above, the state-corresponding quarantine determination unit 301 refers to the terminal state information updated based on the notification from the WF server 501, so that the current state of the terminal is the normal connection state or the take-out state. , Determine whether it is a take-away state.
Then, in the case of a terminal that has to perform quarantine in a state different from the normal connection, the process proceeds to ST301. If the quarantine of the normally connected terminal is acceptable, the quarantine result is stored in the quarantine result storage unit 18, and the process proceeds to ST125.
In the case of a terminal that needs to execute quarantine in a state different from the normal connection state (Yes in ST130), the state-corresponding quarantine determination unit 301 determines the terminal from the information stored in the terminal state information storage unit 302. It is determined whether or not 3 is in a take-out state at any location and the current date and time is the date and time after the start of take-out (ST301). If the condition is satisfied, the terminal is determined to be an unauthorized terminal, and the process proceeds to ST129. If the condition is not satisfied, the process proceeds to ST131 in order to perform normal processing.
When the condition is not satisfied (No in ST301), the countermeasure instruction unit 14 transmits the state identification number stored in the terminal state information storage unit 302 to the terminal 3, and requests for acquisition of the state corresponding terminal information (ST131).

In the present embodiment, the terminal to be taken out in Japan is described. However, the same operation is performed even when the terminal is taken overseas, when it is taken out to a special area in the company or to another base in the company.
In-house special areas are assumed to include locations where partner companies are located and free access areas such as conference rooms.

As described above, according to the fifth embodiment, since it is configured in cooperation with the workflow system, the terminal state information is not updated and management becomes easy.
Further, as described above, according to the fifth embodiment, since the form is linked with the workflow system, it is possible to force quarantine at the time of take-out and take-out.
In addition, as described above, according to the fifth embodiment, since the workflow system is linked to the workflow system, it is possible to prevent the application for taking out from proceeding until the quarantine for taking out is successful. It is possible to prevent the taking out without passing through.
Further, as described above, according to the fifth embodiment, since it is linked with the workflow system, it is possible to prevent the take-out application from proceeding until the quarantine for take-out succeeds at the time of take-out. It is possible to prevent unauthorized use of the terminal.
Further, as described above, according to the fifth embodiment, since the form is linked to the workflow system, it is not necessary to separately check the take-out terminal and the take-out terminal, and management becomes easy.

  As described above, in the present embodiment, a workflow cooperation unit is provided on the management apparatus, the contents of the export application input in the export application workflow system are reflected in the terminal state information storage unit, and the quarantine result is output as the export application workflow. Explained the take-out terminal quarantine network system that answers the system.

  As described above, in the present embodiment, the contents of the take-out application input in the take-out application workflow system are reflected in the terminal state information storage unit, and the terminal is deleted from the terminal state information storage unit based on the quarantine result. Described the take-out terminal quarantine network system that returns the quarantine result to the take-out application workflow system.

Finally, a hardware configuration example of the management device 1, the secure gate device 2, and the terminal device 3 described in the first to fifth embodiments will be described.
FIG. 19 is a diagram illustrating an example of hardware resources of the management device 1, the secure gate device 2, and the terminal device 3 described in the first to fifth embodiments. The configuration of FIG. 19 is merely an example of the hardware configuration of the management device 1, the secure gate device 2, and the terminal device 3, and the hardware configuration of the management device 1, the secure gate device 2, and the terminal device 3 is as follows. The configuration described in FIG. 19 is not limited, and other configurations may be used.

In FIG. 19, the management device 1, the secure gate device 2, and the terminal device 3 include a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program. ing. The CPU 911 is connected to, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, and a magnetic disk device 920 via a bus 912. Control hardware devices. Further, the CPU 911 may be connected to an FDD 904 (Flexible Disk Drive), a compact disk device 905 (CDD), a printer device 906, and a scanner device 907. Further, instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of a storage device or a storage unit.
The communication board 915, the keyboard 902, the scanner device 907, the FDD 904, and the like are examples of an input unit and an input device.
Further, the communication board 915, the display device 901, the printer device 906, and the like are examples of an output unit and an output device.

As shown in FIG. 1, the communication board 915 is connected to a network. For example, the communication board 915 is connected to a LAN (local area network), the Internet, a WAN (wide area network), or the like.
The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The program group 923 stores programs that execute the functions described as “˜unit” and “˜means” in the description of the first to fifth embodiments. The program is read and executed by the CPU 911.
In the file group 924, in the description of the first to fifth embodiments, “determination of”, “calculation of”, “comparison of”, “evaluation of”, “update of”, and “setting of” are set. ”,“ Registering ”, etc., information, data, signal values, variable values, and parameters indicating the results of the processing are stored as“ ˜file ”and“ ˜database ”items. The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, Used for CPU operations such as calculation, calculation, processing, editing, output, printing, and display. Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, and buffers during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, printing, and display. It is temporarily stored in a memory or the like.
In addition, the arrows in the flowcharts described in the first to fifth embodiments mainly indicate input / output of data and signals. The data and signal values are the RAM 914 memory, the FDD 904 flexible disk, the CDD 905 compact disk, and the magnetic field. Recording is performed on a recording medium such as a magnetic disk of the disk device 920, other optical disks, mini disks, DVDs, and the like. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, in the description of the first to fifth embodiments, what is described as “to part” and “to means” may be “to circuit”, “to device”, and “to device”. , “˜step”, “˜procedure”, and “˜processing”. That is, what is described as “˜unit” and “˜means” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” and “to means” in the first to fifth embodiments. Alternatively, the procedures and methods of “to part” and “to means” in the first to fifth embodiments are executed by a computer.

  As described above, the management device 1, the secure gate device 2, and the terminal device 3 shown in the first to fifth embodiments are a CPU as a processing device, a memory as a storage device, a magnetic disk, etc., a keyboard as an input device, a mouse, a communication board, and the like. , A computer including a display device, a communication board, and the like as an output device, and using the processing device, storage device, input device, and output device for the functions indicated as “to unit” and “to means” as described above It is realized.

FIG. 3 is a diagram illustrating an example of a system configuration according to the first embodiment. FIG. 3 is a diagram illustrating a configuration example of a management device, a secure gate device, and an agent according to the first embodiment. FIG. 6 is a diagram showing an example of terminal state information according to the first embodiment. The figure which shows the example of the state identification number table correlation information which concerns on Embodiment 1. FIG. FIG. 5 is a diagram showing an example of state correspondence security information according to the first embodiment. FIG. 3 is a flowchart showing an operation example of the terminal device according to the first embodiment. FIG. 3 is a flowchart showing an operation example of the secure gate device according to the first embodiment. FIG. 3 is a flowchart showing an operation example of the management apparatus according to the first embodiment. The figure which shows the example of the state corresponding | compatible security information which concerns on Embodiment 2. FIG. The figure which shows the structural example of the management apparatus which concerns on Embodiment 3, a secure gate apparatus, and an agent. FIG. 11 is a diagram illustrating an example of terminal state information according to the third embodiment. FIG. 10 is a flowchart showing an operation example of the management apparatus according to the third embodiment. The figure which shows the structural example of the management apparatus which concerns on Embodiment 4, a secure gate apparatus, and an agent. FIG. 9 is a flowchart showing an operation example of the management apparatus according to the fourth embodiment. FIG. 10 is a diagram showing a system configuration example according to a fifth embodiment. FIG. 10 is a diagram illustrating a configuration example of a management device, a secure gate device, and an agent according to a fifth embodiment. FIG. 10 is a flowchart showing an operation example of the management apparatus according to the fifth embodiment. The figure which shows the outline | summary of the operation example of the management apparatus which concerns on Embodiment 1, a secure gate apparatus, and a terminal device. The figure which shows the outline | summary of the hardware structural example of the management apparatus, secure gate apparatus, and terminal device which concern on Embodiment 1-5.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Management apparatus, 2 Secure gate apparatus, 3 Terminal apparatus, 4 Agent, 5 Communication line, 6 Countermeasure action server apparatus, 7 Network resource, 11 Information collection means, 12 State corresponding quarantine judgment means, 13 Access restriction instruction means, 14 Countermeasures Instructing means, 15 terminal status information storage section, 16 status corresponding security information storage section, 17 terminal information storage section, 18 quarantine result storage section, 19 access restriction information storage section, 21 access restriction implementation means, 22 access information storage section, 41 Status correspondence terminal information acquisition means, 42 Terminal information transmission means, 43 Countermeasure implementation means, 301 Status correspondence quarantine judgment means, 302 Terminal status information storage unit, 401 Status correspondence quarantine judgment means, 501 WF server apparatus, 502 Information collection means, 503 Workflow linkage means.

Claims (14)

A management device that performs inspection for security settings of a terminal device that takes multiple states,
A state-specific inspection standard information storage unit that stores state-specific inspection standard information indicating the inspection standard of the inspection for the security setting for each state of the terminal device;
A terminal state determination unit for determining the current state of the terminal device;
A security setting information receiving unit for receiving security setting information indicating the contents of the security setting of the terminal device;
The state-specific inspection standard information corresponding to the state determined by the terminal state determination unit is acquired from the state-specific inspection standard information storage unit, and the acquired state-specific inspection standard information and security received by the security setting information receiving unit A management apparatus comprising: an inspection execution unit that compares the setting information with each other and inspects the security setting of the terminal device. The management device
Check the security settings of the terminal device,
The state-specific inspection standard information storage unit
As inspection standard information by state, inspection standard information for a normal connection state indicating a test standard when the terminal device is in a normal connection state communicable with the management device, and an external environment where the terminal device cannot communicate with the management device Stores inspection standard information for the scheduled take-out state, which indicates the inspection standard when it is in the take-out planned state scheduled to be taken out,
The terminal state determination unit
Determine whether the current state of the terminal device is a normal connection state or a scheduled take-out state,
The inspection execution unit
The inspection is performed by acquiring either inspection standard information for a normal connection state or inspection standard information for a scheduled take-out state in association with the state determined by the terminal state determination unit. Management device. The state-specific inspection standard information storage unit
As the inspection standard information by state, storing the inspection standard information for the take-out state in which the inspection standard is indicated when the terminal device is brought back from the external environment and can communicate with the management device,
The terminal state determination unit
Determine whether the current state of the terminal device is a normal connection state, a scheduled take-out state, or a take-out state,
The inspection execution unit
Corresponding to the state determined by the terminal state determination unit, inspection is performed by acquiring any of inspection standard information for a normal connection state, inspection standard information for a scheduled take-out state, and inspection standard information for a take-out state. The management device according to claim 2. The management device
Connected to the relay device connected to the terminal device, through the relay device to check the security settings of the terminal device,
The state-specific inspection standard information storage unit
Inspection standard information for the normal connection state indicating the inspection standard when the terminal device is in the normal connection state connected to the relay device, and the external environment in which the terminal device cannot connect to the relay device The inspection standard information for the scheduled take-out state, in which the inspection criteria when the planned take-out state is scheduled to be taken out, is stored.
The terminal state determination unit
Determine whether the current state of the terminal device is a normal connection state or a scheduled take-out state,
The inspection execution unit
The inspection is performed by acquiring either inspection standard information for a normal connection state or inspection standard information for a scheduled take-out state in association with the state determined by the terminal state determination unit. Management device. The state-specific inspection standard information storage unit
As the inspection standard information by state, storing the inspection standard information for the take-out state in which the inspection standard is shown when the terminal device is brought back from the external environment and connected to the relay device.
The terminal state determination unit
Determine whether the current state of the terminal device is a normal connection state, a scheduled take-out state, or a take-out state,
The inspection execution unit
Corresponding to the state determined by the terminal state determination unit, inspection is performed by acquiring any of inspection standard information for a normal connection state, inspection standard information for a scheduled take-out state, and inspection standard information for a take-out state. The management apparatus according to claim 4. The management device
Manages access to certain network resources,
The management device further includes:
Based on an instruction from the inspection execution unit, an access control unit that performs an access prohibition measure for the network resource of the terminal device;
A take-out start time management unit for managing a take-out start time at which a terminal device scheduled to be taken out is taken out to the external environment;
The inspection execution unit
The security setting information receiving unit receives security setting information from one of the terminal devices, and the terminal state determination unit determines that the current state of the terminal device is a take-out scheduled state. It is determined whether the take-out start time of the terminal device managed by the start time management unit is a time before the current time, and when the take-out start time is a time before the current time, The management apparatus according to claim 2 or 4, wherein the management apparatus instructs the access control unit to perform an access prohibition measure for prohibiting access to the network resource of the terminal apparatus. The management device
A terminal state information storage unit for storing terminal state information indicating the current state of the terminal device;
The inspection execution unit
As a result of performing an inspection on the security setting of the terminal device determined to be in the take-out state by the terminal state determination unit, the content of the security setting indicated in the security setting information of the terminal device matches the inspection standard information on the take-out state. The terminal state information of the terminal device stored in the terminal state information storage unit is updated to information indicating that the terminal device is in a normal connection state. Management device. The management device
Manages access to certain network resources,
The management device further includes:
Access control for prohibiting access to the network resource of the terminal device when the security setting content indicated in the security setting information does not match the state-specific inspection standard information as a result of the inspection by the inspection execution unit The management apparatus according to claim 1, further comprising a management unit. The management device
It is connected to the workflow server device that manages the application procedure for taking out the terminal device to the external environment and notifies that the terminal device is scheduled to be taken out when an application for taking out the terminal device to the external environment is made.
The terminal state determination unit
The management apparatus according to claim 2, wherein the management apparatus determines that the current state of the terminal apparatus is a scheduled take-out state based on a notification from the workflow server apparatus. The management device
Manage procedures for taking out terminal devices to the external environment, and take out applications unless it is determined by inspection by the inspection implementation department that the security settings indicated in the security setting information match the inspection criteria information for the scheduled take-out status Connected to a workflow server that does not complete the procedure,
The management device further includes:
5. The management apparatus according to claim 2, further comprising a workflow cooperation unit that notifies the workflow server device of a result of the inspection performed on the terminal device by the inspection execution unit. The management device
It is connected to the workflow server device that manages the take-out application procedure from the external environment of the terminal device and notifies that the terminal device has been taken home when there is a take-out application from the external environment of the terminal device,
The terminal state determination unit
The management apparatus according to claim 3 or 5, wherein the management apparatus determines that the current state of the terminal apparatus is a take-away state based on a notification from the workflow server apparatus. The management device
Manage take-out application procedures from the external environment of the terminal device, and take-out application procedures unless it is determined by the inspection by the inspection implementation department that the security setting content indicated in the security setting information matches the inspection standard information for the take-out state Connected to the workflow server device that does not complete
The management device further includes:
The management apparatus according to claim 3, further comprising a workflow cooperation unit that notifies the workflow server apparatus of a result of the inspection performed on the terminal device by the inspection execution unit. A management method in which a computer inspects a security setting of a terminal device that takes a plurality of states,
A terminal state determination step in which the computer determines a current state of the terminal device; and
A security setting information receiving step in which the computer receives security setting information indicating the content of the security setting of the terminal device;
A state-by-state inspection standard information storage area for storing state-specific inspection standard information indicating inspection standards for inspection for security settings for each state of the terminal device, according to the state determined by the terminal state determination step A test execution step for acquiring inspection standard information and comparing the acquired state-specific inspection standard information with the security setting information received in the security setting information receiving step to inspect the security settings of the terminal device; Management method characterized by. To a computer that checks the security settings of terminal devices that take multiple states,
A terminal state determination process for determining the current state of the terminal device;
Security setting information reception processing for receiving security setting information indicating the contents of the security setting of the terminal device;
State-specific inspection standard information corresponding to the state determined by the terminal state determination process from the state-specific inspection standard information storage area for storing state-specific inspection standard information indicating the inspection standard for the security setting for each terminal device state And performing an inspection execution process for performing an inspection on the security setting of the terminal device by comparing the acquired inspection reference information by state with the security setting information received by the security setting information receiving process. Program.