JP2006079498A - Security management apparatus and security management method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve a problem that a possibility exists in that when a terminal requiring the application of a security countermeasure is detected, a security management system encounters an attack hitting on a security hole before application. <P>SOLUTION: The agent 4 of a terminal 3 transmits, through a security gate device 2, terminal information to a management apparatus 1 to determine whether or not security countermeasure processing is necessary to a terminal 3 by the management apparatus 1. When the security countermeasure processing is required for the terminal 3, the management apparatus 1 sends instructions to the security gate device 2. Network access by the terminal 3 is restricted to communication with the management apparatus 1. A restriction on the network access by the terminal 3 is released after completing the execution of the security countermeasure processing for the terminal 3. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a security management system that applies a security measure to a terminal.

  As a conventional technique, there is a “security update monitoring apparatus” described in JP-A-2003-76434 and a “security policy maintenance system” described in JP-A-2002-366525.

  A security update monitoring apparatus described in Japanese Patent Application Laid-Open No. 2003-76434 manages software information installed in a terminal in an integrated manner, and performs a batch update operation. The management apparatus is composed of an agent and an agent. The management apparatus performs update determination based on inventory information transmitted from the agent, and updates are performed when update is necessary.

In the security policy maintenance system described in JP-A-2002-366525, when a user logs in, an agent on the terminal collects inventory information and transmits it to the management server. A check is performed on the management server to determine whether network logon is permitted or not, and when it is not permitted, the logon is rejected. Machines that do not have an agent installed also refuse to log on. In addition, if the security level is low even during operation, participation in the network is rejected.
JP 2003-76434 A JP 2002-366525 A

  The security update monitoring apparatus described in Japanese Patent Laid-Open No. 2003-76434 remains connected to the network even when a terminal for which security measures have not been taken is detected, so that security measures are implemented. In the meantime, there was a problem that there was a possibility of being attacked through a security hole. In addition, since terminals that do not have an agent installed are not monitored, they remain connected to the network even if security measures are not implemented. There was a problem that it might end.

  In addition, the security policy maintenance system described in Japanese Patent Laid-Open No. 2002-366525 blocks network access when a terminal that has not been subjected to security measures is detected. There was a problem that notifications to and others could not be implemented.

  The main object of the present invention is to solve the above-mentioned problems, and implement security measures via the network while isolating terminals on which security measures are not taken and terminals on which no agent is installed from the network. The purpose is to do.

The security management device according to the present invention is:
A security management device that performs security management for the terminal device via a relay device that controls communication of the terminal device,
A receiving unit for receiving device information of the terminal device from the terminal device via the relay device;
Based on the device information of the terminal device received by the receiving unit, a measure determining unit that determines whether or not a security measure action is required for the terminal device;
A communication restriction instruction for instructing the relay device to limit communication of the terminal device to communication with the security management device when it is determined by the measure determining unit that security measures are required for the terminal device. An instruction generation unit for generating
And a transmission unit that transmits the communication restriction instruction generated by the instruction generation unit to the relay device.

  According to the present invention, when a security measure is required for a terminal device, the communication of the terminal device can be limited to the communication required for the security measure by transmitting a communication control instruction to the relay device. For this reason, it is possible to carry out the security countermeasures via the network while the terminal device requiring the security countermeasures is isolated from the network.

Embodiment 1 FIG.
FIG. 1 is a diagram illustrating a configuration example of a security management system according to the present embodiment.

  As shown in the figure, the security management system includes a management device 1, a secure gate device 2, and a terminal 3. The management device 1, the secure gate device 2, and the terminal 3 are connected via a communication line 5. The management device 1 performs security management for the terminal 3 via the secure gate device 2. The management device 1 is an example of a security management device. The secure gate device 2 controls communication of the terminal 3. The secure gate device 2 is an example of a relay device. The terminal 3 is an example of a terminal device. The terminal 3 includes an agent 4. The agent 4 collects information about the terminal and transmits the collected information as terminal information (device information) to the management device 1 via the secure gate device 2. The communication line 5 is a network such as the Internet, an intranet, or a LAN (Local Area Network).

  FIG. 2 is a block diagram illustrating a configuration example of each device of the security management system according to the first embodiment.

  In FIG. 2, reference numeral 11 denotes an information collection unit that collects (receives) information acquired by the agent 4 and the secure gate device 2 on the terminal 3 and stores the collected (received) information in the inventory information storage unit 14. The information collecting unit 11 is an example of a receiving unit.

  Reference numeral 12 denotes a measure check unit that determines whether or not a security measure measure is applied based on information collected by the information collection unit 11 and security information stored in the security information storage unit 15. The measure check unit 12 is an example of a measure determination unit.

  A countermeasure instruction unit 13 instructs the agent 4 or the secure gate device 2 on the corresponding terminal 3 to take a countermeasure when the countermeasure check unit 12 determines that the security countermeasure action is necessary. The countermeasure instruction unit 13 is an example of an instruction generation unit and a transmission unit.

  Reference numeral 14 denotes an inventory information storage unit for storing information of the terminal 3 and the secure gate device 2 collected by the information collection unit 11.

  A security information storage unit 15 stores security information issued by an OS (Operating System), an application, and a vendor of H / W (Hard Wear).

  Reference numeral 21 denotes an information acquisition unit that acquires information of the terminal 3 connected to the secure gate device 2.

  Reference numeral 22 denotes an information transmission unit that transmits information on the subordinate terminals 3 acquired by the information acquisition unit 21 to the management apparatus 1.

  Reference numeral 23 denotes a countermeasure application unit that implements a countermeasure according to the instruction when a countermeasure instruction is transmitted from the management apparatus 1.

  A relay processing unit 26 performs a relay process for communication between the management apparatus 1 and the terminal 3.

  Reference numeral 41 denotes an information acquisition unit that acquires information such as the OS, application, H / W, and security measures of the terminal 3.

  Reference numeral 42 denotes an information transmission unit that transmits information on the terminal 3 acquired by the information acquisition unit 41 to the management apparatus 1.

  Reference numeral 43 denotes a countermeasure application unit that implements countermeasure measures according to an instruction when a countermeasure instruction is transmitted from the management apparatus 1.

  Next, the operation will be described.

  3 to 5 are flowcharts of operation examples of the security management system according to the first embodiment. Here, processing of the agent 4 on the management device 1, the secure gate device 2, and the terminal 3 is shown.

  First, an operation example of the agent 4 on the terminal 3 will be described with reference to FIG.

  The information acquisition unit 41 acquires terminal information (device information) of the terminal 3 (ST101). The terminal information to be acquired includes OS name, version, applicable service pack, computer name, CPU name, memory capacity, connected device information, IP address, MAC address, service information, service activation information, accessible port number Information such as installed application information, application version, user information, system log, and application log.

  When the acquisition is completed, the information transmission unit 42 transmits the terminal information acquired in ST101 to the management apparatus 1 via the secure gate device 2 (ST102).

  Next, the countermeasure application unit 43 receives the notification from the management apparatus 1 via the secure gate apparatus 2, and confirms whether or not the security countermeasure treatment is necessary based on the notification from the management apparatus 1 (ST103). If no countermeasure is required, the process proceeds to ST101. If countermeasures are necessary, the process proceeds to ST104.

  The countermeasure application unit 43 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST104). The content of the countermeasure action transmitted is patch information and the like, and in ST104, the security countermeasure action is performed using the transmitted batch information.

  When the countermeasure application unit 43 confirms the completion of application of the security countermeasure treatment, the countermeasure application unit 43 transmits a completion notification (treatment implementation completion notification) to the management device 1 via the secure gate device 2. At this time, the information acquisition unit 41 acquires the terminal information of the terminal 3, and also transmits the contents of the terminal information (ST105).

  Next, the operation of the secure gate device 2 will be described with reference to FIG.

  The information acquisition unit 21 acquires identification information of the terminal 3 under its control (ST111). The identification information to be acquired is the IP address, MAC address, etc. of the subordinate terminal 3.

  When the acquisition is completed, the information transmission unit 22 transmits the information acquired in ST111 to the management apparatus 1 (ST112).

  The countermeasure application unit 23 receives the notification from the management apparatus 1 and confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST113). If countermeasures are required, the process proceeds to ST114. If no countermeasure is required, the process proceeds to ST111.

  The countermeasure application unit 23 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST114). The contents of the countermeasure measures transmitted are MAC address, IP address, implementation of network access restriction, release of network access restriction, and the like. That is, based on the MAC address and IP address indicated in the notification from the management apparatus 1, the terminal 3 that is the target of the countermeasure is specified, and the network access restriction is performed on the specified terminal 3 or the network access restriction is released. I do. Specifically, as will be described later, when the management device 1 determines that a security measure for a specific terminal 3 is necessary, the MAC address and IP address of the terminal 3 are indicated. An instruction to restrict the network access to the management apparatus 1 (communication control restriction instruction) is received, and the network access of the target terminal 3 is limited to the management apparatus 1 only in accordance with this instruction. Further, when the network access of a specific terminal 3 is restricted and the management device 1 determines that the security countermeasures for the terminal 3 are completed, the MAC address and IP address of the terminal 3 are displayed. Then, an instruction to release the restriction on network access of the terminal 3 (restriction release instruction) is received, and the restriction on the network access of the target terminal 3 is released according to this instruction.

  Finally, the operation of the management apparatus 1 will be described with reference to FIG.

  The information collection unit 11 transmits terminal information (OS name, version, applied service pack, computer name, CPU name, etc.) transmitted from the agent 4 via the secure gate device 2 and the secure gate device 2. Identification information (MAC address and IP address information) of the terminal 3 is collected (received), and the collected information is stored in the inventory information storage unit 14 (ST106) (receiving step).

  The countermeasure check unit 12 collates the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 to determine whether or not security countermeasures are necessary. (ST107) (measure determination step). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that security measures are necessary, the process proceeds to ST108. If it is determined that no countermeasure is required, the process proceeds to ST106.

  When a security countermeasure action is required, the countermeasure instruction unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take the countermeasure action, and instructs that the network access restriction for the terminal 3 be performed. A countermeasure instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under control of the terminal 3 that needs to perform the security countermeasure (ST108) (instruction generation step) (Sending step). As a result, as described in ST114 of FIG. 4, secure gate device 2 restricts network access, and corresponding terminal 3 is restricted to network access to management device 1 only.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification (notification of completion of action execution) for notifying the completion of the security countermeasure treatment in the terminal 3 to be transmitted from the agent 4 on the terminal 3 via the secure gate device 2 (ST109). . When a measure completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. As a result, when it is determined that the security countermeasures are correctly implemented and no further security countermeasures are required for the terminal 3, the information on the MAC address and IP address of the terminal 3 is displayed, and the network access restriction is released. A countermeasure instruction (limit release instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that had to perform the countermeasure (ST110). As a result, as described in ST114 of FIG. 4, the secure gate device 2 releases the network access restriction.

  FIG. 6 is a diagram illustrating a data flow between the management device 1, the secure gate device 2, and the terminal 3 / agent 4.

  First, terminal information is collected by the terminal 3 / agent 4, the terminal information is transmitted from the terminal 3 / agent 4 to the secure gate device 2 (ST61), and the terminal information is transmitted from the secure gate device 2 to the management device 1. (ST62). Also, identification information of terminal 3 such as the IP address of the terminal is transmitted from secure gate apparatus 2 to management apparatus 1 (ST63). In the management apparatus 1, it is determined whether or not security countermeasures need to be performed on the terminal 3. If it is determined that countermeasures are required, a communication restriction instruction is transmitted from the management device 1 to the secure gate device 2 (ST64), and as a result, communication of the terminal 3 is restricted to communication with the management device 1. Further, in the management apparatus 1, a treatment execution instruction for the terminal 3 is generated and transmitted to the secure gate apparatus 2 (ST65). The secure gate device 2 transmits a treatment execution instruction to the target terminal 3 (ST66). The terminal 3 / agent 4 executes the security countermeasure processing based on the processing execution instruction, generates a processing execution completion notification, and transmits it to the secure gate device 2 (ST67). The secure gate device 2 transmits a treatment execution completion notification from the terminal 3 to the management device 1 (ST68). The management device 1 determines whether or not further security countermeasures need to be performed based on the notification of the completion of the processing, and if it is determined that the countermeasures are unnecessary, transmits a restriction release instruction to the secure gate device 2 (ST69). The secure gate device 2 releases the communication restriction of the terminal 3 based on the restriction release instruction.

  As described above, according to the first embodiment, when a terminal 3 that requires a security measure is detected, the network access of the terminal 3 is restricted for the secure gate device 2, and the security is improved. When the application of the countermeasure is confirmed, the restriction on the network access of the terminal 3 is released, so that it is possible to perform the security countermeasure via the network while isolating the terminal that has not implemented the security countermeasure from the network. Become.

Embodiment 2. FIG.
FIG. 7 is a block diagram illustrating a configuration example of the security management system according to the second embodiment.

  In FIG. 7, reference numeral 16 denotes a schedule setting unit that sets a transmission schedule to which the agent 4 or the secure gate device 2 on the terminal 3 should transmit information and generates transmission schedule information indicating the set transmission schedule.

  A schedule distribution unit 17 distributes the transmission schedule information of the agent 4 and the secure gate device 2 on each terminal 3 generated by the schedule setting unit 16 to the agent 4 and the secure gate device 2 on the corresponding terminal 3. The schedule distribution unit 17 is an example of a transmission unit.

  Reference numeral 24 denotes a schedule execution unit that receives transmission schedule information distributed from the schedule distribution unit 17 of the management apparatus 1 and executes information acquisition and execution according to the schedule.

  Reference numeral 44 denotes a schedule execution unit that receives the transmission schedule information distributed from the schedule distribution unit 17 of the management apparatus 1 and performs information acquisition and execution according to the schedule.

  An inventory information storage unit 45 stores information acquired by the information acquisition unit 41.

  Next, the operation of the security management system according to the second embodiment will be described with reference to FIGS.

  First, the operation of the agent 4 on the terminal 3 will be described with reference to FIG.

  The schedule execution unit 44 checks whether or not the execution time of the distributed schedule has come (ST201). If the execution time has not come, wait until the execution time comes. If the execution time has come, the process proceeds to ST101.

  When the execution time comes, the schedule execution unit 44 executes information acquisition. The information acquisition unit 41 acquires terminal information (ST101). Information to be acquired includes OS name, version, applicable service pack, computer name, CPU name, memory capacity, connected device information, IP address, MAC address, service information, service activation information, accessible port number, Installed application information, application version, user information, system log, application log, and the like.

  When the acquisition is completed, the information transmission unit 42 transmits the information acquired in ST101 to the management apparatus 1 and simultaneously writes the acquired information in the inventory information storage unit 45 (ST102). Here, not all the information may be sent, and only the changed part may be sent by comparison with the data at the time of previous transmission written in the inventory information storage unit 45 at the time of transmission. If there is no change, data indicating no change may be transmitted.

  The countermeasure application unit 43 confirms whether or not security countermeasures are necessary based on the notification from the management apparatus 1 (ST103). If no countermeasure is required, the process proceeds to ST101. If countermeasures are necessary, the process proceeds to ST104.

  The countermeasure application unit 43 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST104). The content of the countermeasure action transmitted is patch information or the like.

  The countermeasure application unit 43 transmits a completion notification to the management apparatus 1 when the completion of the application of the security countermeasure is confirmed. At this time, terminal information is acquired by information acquisition unit 41, and the contents are also transmitted (ST105).

  The schedule execution unit 44 checks whether a new schedule is distributed from the management apparatus 1 (ST202). If there is no distribution, the process proceeds to ST201. If there is distribution, the process proceeds to ST203.

  If a new schedule is distributed, the schedule execution unit 44 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST203).

  Next, the operation of the secure gate device 2 will be described with reference to FIG.

  The schedule execution unit 24 checks whether or not the execution time of the distributed schedule has come (ST207). If the execution time has not come, wait until the execution time comes. If the execution time has come, the process proceeds to ST111.

  The information acquisition unit 21 acquires identification information of the terminal 3 under its control (ST111). The identification information to be acquired is the IP address, MAC address, etc. of the subordinate terminal 3.

  When the acquisition is completed, the information transmission unit 22 transmits the information acquired in ST111 to the management apparatus 1 (ST112).

  The countermeasure application unit 23 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST113). If countermeasures are required, the process proceeds to ST114. If no countermeasure is required, the process proceeds to ST208.

  The countermeasure application unit 23 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST114). The contents of the countermeasure measures transmitted are MAC address, IP address, implementation of network access restriction, release of network access restriction, and the like.

  The schedule execution unit 24 checks whether a new schedule is distributed from the management apparatus 1 (ST208). If there is no distribution, the process proceeds to ST207. If there is distribution, the process proceeds to ST209.

  If a new schedule is distributed, the schedule execution unit 24 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST209).

  Finally, the operation of the management apparatus 1 will be described with reference to FIG.

  The schedule setting unit 16 checks whether there is a change in the setting of the schedule for the agent 4 or the secure gate device 2 to acquire information (ST204). If there is a schedule change, a transmission schedule indicating the schedule after the change is generated, and the process proceeds to ST205. If not, the process proceeds to ST206.

  The schedule distribution unit 17 transmits the transmission schedule information to the target agent 4 or the secure gate device 2 whose schedule has been changed (ST205).

  The information collecting unit 11 checks whether information is transmitted from the agent 4 or the secure gate device 2 when the schedule is reached (ST206). If it is transmitted as scheduled, the process proceeds to ST106. If it is not transmitted at the scheduled time, the process proceeds to ST110.

  The information collection unit 11 collects information transmitted as scheduled from the agent 4 or the secure gate device 2, and stores the information in the inventory information storage unit 14 (ST106).

  The countermeasure check unit 12 collates the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 and checks whether or not security countermeasures are necessary. (ST107). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that countermeasures are required, the process proceeds to ST108. If it is determined that no countermeasure is required, the process proceeds to ST204.

  When countermeasures are required, the countermeasure instructing unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take countermeasures, and instructs to implement network access restriction on the terminal 3 An instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that needs to perform the countermeasure (ST108). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification from the agent 4 on the terminal 3 (ST109). When a completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. When it is determined that the security countermeasures are correctly applied, the MAC address and IP address information of the terminal 3 is shown, and a countermeasure instruction (restriction release instruction) for instructing the release of the network access restriction is generated and generated. The countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 that had to take the countermeasure (ST110). As a result, the secure gate device 2 releases the restriction on network access.

  On the other hand, if it is determined in step ST206 that no information is transmitted from the agent 4 at the scheduled time, the MAC address of the terminal 3 and the IP address of the secure gate device 2 connected to the terminal 3 are controlled. A countermeasure instruction (communication restriction instruction) indicating the address information and instructing that the network access restriction for the terminal 3 is to be performed is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 (ST110). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  The secure gate device 2 may be configured not to be scheduled and operate according to the flow of the first embodiment.

  FIG. 11 is a diagram showing a data flow among the management device 1, the secure gate device 2, and the terminal 3 / agent 4.

  First, a transmission schedule is set by the management apparatus 1, and transmission schedule information indicating the set transmission schedule is transmitted to the secure gate apparatus 2 (ST1101). Next, secure gate device 2 transmits transmission schedule information to terminal 3 / agent 4 (ST1102). If management apparatus 1 determines that terminal information has not been transmitted from terminal 3 / agent 4 as scheduled, communication control information is transmitted to secure gate apparatus 2 (ST1103). As a result, the secure gate device 2 performs communication restriction that restricts communication of the terminal 3 / agent 4 to communication with the management device 1.

  As described above, according to the second embodiment, when there is a terminal that does not transmit information as scheduled, it is determined that the terminal is a terminal in which no agent is installed or an agent is not operating. Then, it becomes possible to limit the network access of the terminal. This makes it possible to restrict network access even if a terminal that is not installed with an agent and has a possibility of not implementing security measures or a virus holding possibility is connected.

Embodiment 3 FIG.
FIG. 12 is a block diagram illustrating a configuration example of the security management system according to the third embodiment.

  In FIG. 12, reference numeral 18 denotes an immediate request unit for causing the agent 4 and the secure gate device 2 to immediately acquire information and collecting information. Specifically, the immediate request unit 18 generates and generates an information acquisition request (terminal information transmission request) for requesting information transmission when there is no information transmission from the agent 4 or the secure gate device 2 according to the transmission schedule. The information acquisition request is transmitted to the target agent 4 and the secure gate device 2. The immediate request unit 18 is an example of a transmission request generation unit and a transmission unit.

  An immediate execution unit 25 executes information acquisition in response to a request from the management apparatus 1.

  An immediate execution unit 46 executes information acquisition in response to a request from the management apparatus 1.

  Next, the operation of the security management system according to the third embodiment will be described with reference to FIGS.

  First, the operation of the agent 4 on the terminal 3 will be described with reference to FIG.

  The immediate execution unit 46 checks whether an information acquisition request is received from the management device 1 (ST301). If an information acquisition request is received, the process proceeds to ST101. If an information acquisition request has not been received, the process proceeds to ST201.

  The schedule execution unit 44 checks whether or not the execution time of the distributed schedule has come (ST201). If the execution time has not come, the process proceeds to ST301. If the execution time has come, the process proceeds to ST101.

  When the execution time comes, the schedule execution unit 44 executes the information acquisition unit. The information acquisition unit 41 acquires terminal information (ST101). Information to be acquired includes OS name, version, applicable service pack, computer name, CPU name, memory capacity, connected device information, IP address, MAC address, service information, service activation information, accessible port number, Installed application information, application version, user information, system log, application log, and the like.

  When the acquisition is completed, the information transmission unit 42 transmits the information acquired in ST101 to the management apparatus 1 and simultaneously writes the acquired information in the inventory information storage unit 45 (ST102). Here, not all the information may be sent, and only the changed part may be sent by comparison with the data at the time of previous transmission written in the inventory information storage unit 45 at the time of transmission. If there is no change, data indicating no change may be transmitted.

  The countermeasure application unit 43 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST103). If no countermeasure is required, the process proceeds to ST202. If countermeasures are necessary, the process proceeds to ST104.

  The countermeasure application unit 43 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST104). The content of the countermeasure action transmitted is patch information or the like.

  The countermeasure application unit 43 transmits a completion notification to the management apparatus 1 when the application completion is confirmed. At this time, terminal information is acquired by information acquisition unit 41, and the contents are also transmitted (ST105).

  The schedule execution unit 44 checks whether a new schedule is distributed from the management apparatus 1 (ST202). If there is no distribution, the process proceeds to ST301. If there is distribution, the process proceeds to ST203.

  If a new schedule is distributed, the schedule execution unit 44 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST203).

  Next, the operation of the secure gate device 2 will be described with reference to FIG.

  The immediate execution unit 25 checks whether an information acquisition request is received from the management apparatus 1 (ST304). If an information acquisition request is received, the process proceeds to ST111. If an information acquisition request has not been received, the process proceeds to ST207.

  The schedule execution unit 24 checks whether or not the execution time of the distributed schedule has come (ST207). If the execution time has not come, the process proceeds to ST304. If the execution time has come, the process proceeds to ST111.

  The information acquisition unit 21 acquires identification information of the terminal 3 under its control (ST111). The identification information to be acquired is the IP address, MAC address, etc. of the subordinate terminal 3.

  When the acquisition is completed, the information transmission unit 22 transmits the information acquired in ST111 to the management apparatus 1 (ST112).

  The countermeasure application unit 23 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST113). If countermeasures are required, the process proceeds to ST114. If no countermeasure is required, the process proceeds to ST208.

  The countermeasure application unit 23 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST114). The contents of the countermeasure measures transmitted are MAC address, IP address, implementation of network access restriction, release of network access restriction, and the like.

  The schedule execution unit 24 checks whether a new schedule is distributed from the management apparatus 1 (ST208). If there is no distribution, the process proceeds to ST304. If there is distribution, the process proceeds to ST209.

  If a new schedule is distributed, the schedule execution unit 24 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST209).

  Finally, the operation of the management apparatus 1 will be described with reference to FIG.

  The schedule setting unit 16 checks whether there is a change in the setting of the schedule for the agent 4 or the secure gate device 2 to acquire information (ST204). If there is a schedule change, the process proceeds to ST205. If not, the process proceeds to ST206.

  The schedule distribution unit 17 transmits the transmission schedule information to the target agent 4 or the secure gate device 2 whose schedule has been changed (ST205).

  The information collecting unit 11 checks whether information is transmitted from the agent 4 or the secure gate device 2 when the schedule is reached (ST206). If it is transmitted as scheduled, the process proceeds to ST106. If it is not transmitted at the scheduled time, the process proceeds to ST302.

  If it is not transmitted at the scheduled time, the immediate request unit 18 generates an information acquisition request for the agent 4 on the corresponding terminal 3, and sends the generated information acquisition request to the agent on the corresponding terminal 3. It transmits to (ST302).

  The immediate request unit 18 checks whether information has come (ST303). If information is transmitted, the process proceeds to ST107. If no information has been transmitted, the process proceeds to ST110.

  The information collection unit 11 collects information transmitted as scheduled from the agent 4 or the secure gate device 2, and stores the information in the inventory information storage unit 14 (ST106).

  The countermeasure check unit 12 checks the necessity of countermeasure measures by comparing the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 ( ST107). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that countermeasures are required, the process proceeds to ST108. If it is determined that no countermeasure is required, the process proceeds to ST204.

  When countermeasures are required, the countermeasure instructing unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take countermeasures, and instructs to implement network access restriction on the terminal 3 An instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that needs to perform the countermeasure (ST108). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification from the agent 4 on the terminal 3 (ST109). When a completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. When it is determined that the security countermeasures are correctly applied, the MAC address and IP address information of the terminal 3 is shown, and a countermeasure instruction (restriction release instruction) for instructing the release of the network access restriction is generated and generated. The countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 that had to take the countermeasure (ST110).

  Further, when there is no information transmission from the agent 4 even at the scheduled time, and there is no information transmission in response to an immediate request, the information on the MAC address and IP address of the terminal 3 is shown. A countermeasure instruction (communication restriction instruction) for instructing to perform network access restriction is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 under control (ST110).

  The secure gate device 2 may be configured not to be scheduled and operate in combination with the flow of the first embodiment.

  FIG. 16 is a diagram illustrating a data flow among the management device 1, the secure gate device 2, and the terminal 3 / agent 4.

  First, a transmission schedule is set by the management apparatus 1, and transmission schedule information indicating the set transmission schedule is transmitted to the secure gate apparatus 2 (ST1601). Next, secure gate apparatus 2 transmits transmission schedule information to terminal 3 / agent 4 (ST1602). If management apparatus 1 determines that terminal information has not been transmitted from terminal 3 / agent 4 as scheduled, an information acquisition request is transmitted to secure gate apparatus 2 (ST1603). Further, secure gate apparatus 2 transmits an information acquisition request to terminal 3 / agent 4 (ST1604). If it is determined that terminal information has not been transmitted from terminal 3 / agent 4 in response to the information acquisition request, management apparatus 1 transmits communication control information to secure gate apparatus 2 (ST1605). As a result, the secure gate device 2 performs communication restriction that restricts communication of the terminal 3 / agent 4 to communication with the management device 1.

  As described above, according to the third embodiment, when there is a terminal that does not transmit information as scheduled, an immediate confirmation is performed and the result is received, and no agent is installed on the terminal. Alternatively, it is possible to determine that the agent is a non-operating terminal and to restrict network access of the terminal. This makes it possible to restrict network access even if a terminal that is not installed with an agent and has a possibility of not implementing security measures or a virus holding possibility is connected.

Embodiment 4 FIG.
FIG. 17 is a block diagram illustrating a configuration example of the security management system according to the fourth embodiment.

  In FIG. 17, reference numeral 47 denotes a countermeasure display unit that displays the countermeasure contents transmitted from the management apparatus 1 so that the user can carry out the countermeasure contents.

  Next, the operation will be described.

  The flowchart of the operation uses FIG. 13 for explaining the operation of the agent 4.

  The immediate execution unit 46 checks whether an information acquisition request is received from the management device 1 (ST301). If an information acquisition request is received, the process proceeds to ST101. If no request has been received, the process proceeds to ST201.

  The schedule execution unit 44 checks whether or not the execution time of the distributed schedule has come (ST201). If the execution time has not come, the process proceeds to ST301. If the execution time has come, the process proceeds to ST101.

  When the execution time comes, the schedule execution unit 44 executes the information acquisition unit. The information acquisition unit 41 acquires terminal information (ST101). Information to be acquired includes OS name, version, applicable service pack, computer name, CPU name, memory capacity, connected device information, IP address, MAC address, service information, service activation information, accessible port number, Installed application information, application version, user information, system log, application log, and the like.

  When the acquisition is completed, the information transmission unit 42 transmits the information acquired in ST101 to the management apparatus 1 and simultaneously writes the acquired information in the inventory information storage unit 45 (ST102). Here, not all the information may be sent, and only the changed part may be sent by comparison with the data at the time of previous transmission written in the inventory information storage unit 45 at the time of transmission. If there is no change, data indicating no change may be transmitted.

  The countermeasure application unit 43 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST103). If no countermeasure is required, the process proceeds to ST202. If countermeasures are necessary, the process proceeds to ST104.

  The countermeasure application unit 43 applies the content of the countermeasure action transmitted from the management device 1. When the content of the countermeasure measures sent is patch information or the like, it is automatically applied. When the content of the countermeasure measure transmitted is a procedure, the measure display unit 47 displays the measure procedure on the screen, and the user can implement the measure measure (ST104).

  The countermeasure application unit 43 transmits a completion notification to the management apparatus 1 when the application completion is confirmed. At this time, terminal information is acquired by information acquisition unit 41, and the contents are also transmitted (ST105).

  The schedule execution unit 44 checks whether a new schedule is distributed from the management apparatus 1 (ST202). If there is no distribution, the process proceeds to ST301. If there is distribution, the process proceeds to ST203.

  If a new schedule is distributed, the schedule execution unit 44 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST203).

  As described above, according to the fourth embodiment, in the case of a countermeasure measure that is difficult to apply automatically, or in a system that requires the user to implement a countermeasure measure according to a security policy, Is displayed and the security measures are taken in a state where access for application is possible while the network access is restricted, and after the completion of the implementation, the restriction on the network access can be released.

Embodiment 5. FIG.
FIG. 18 is a flowchart of the operation of the security management system according to the fifth embodiment. Here, the operation of the management apparatus 1 will be described. The configuration of the management apparatus 1 is the same as that in FIG.

  The measure check unit 12 checks whether or not the information stored in the security information storage unit 15 has been updated (ST401). If an update has been performed, the process proceeds to ST302. If no change has been made, the process proceeds to ST204.

  The schedule setting unit 16 checks whether there is a change in the setting of the schedule for the agent 4 or the secure gate device 2 to acquire information (ST204). If there is a schedule change, the process proceeds to ST205. If not, the process proceeds to ST206.

  The schedule distribution unit 17 transmits schedule information to the target agent 4 or the secure gate device 2 whose schedule has been changed (ST205).

  The information collecting unit 11 checks whether information is transmitted from the agent 4 or the secure gate device 2 when the schedule is reached (ST206). If it is transmitted as scheduled, the process proceeds to ST106. If it is not transmitted at the scheduled time, the process proceeds to ST302.

  If it has not been transmitted even at the scheduled time, or if it is confirmed in step ST401 that the security information has been updated, the immediate request unit 18 issues an information acquisition request to the agent 4 on the terminal 3 ( ST302).

  The immediate request unit 18 checks whether information has come (ST303). If information is transmitted, the process proceeds to ST107. If no information has been transmitted, the process proceeds to ST110.

  The information collection unit 11 collects information transmitted as scheduled from the agent 4 or the secure gate device 2, and stores the information in the inventory information storage unit 14 (ST106).

  The countermeasure check unit 12 checks the necessity of countermeasure measures by comparing the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 ( ST107). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that countermeasures are required, the process proceeds to ST108. If it is determined that no countermeasure is required, the process proceeds to ST401.

  When countermeasures are required, the countermeasure instructing unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take countermeasures, and instructs to implement network access restriction on the terminal 3 An instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that needs to perform the countermeasure (ST108). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification from the agent 4 on the terminal 3 (ST109). When a completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. When it is determined that the security countermeasures are correctly applied, the MAC address and IP address information of the terminal 3 is shown, and a countermeasure instruction (restriction release instruction) for instructing the release of the network access restriction is generated and generated. The countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 that had to take the countermeasure (ST110).

  Further, when there is no information transmission in response to an immediate request, a countermeasure instruction (communication restriction) indicating information on the MAC address and IP address of the terminal 3 and instructing to perform network access restriction on the terminal 3 is provided. (Instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 (ST110).

  Note that when security information is changed in ST401, it may be possible to go to ST107 and check the countermeasure measures from the information stored in the inventory information storage unit 14.

  FIG. 19 is a diagram illustrating a data flow among the management device 1, the secure gate device 2, and the terminal 3 / agent 4.

  First, the management device 1 checks whether or not the security information has been changed. If the security information has been changed, an information acquisition request is transmitted to the secure gate device 2 (ST1901). Further, secure gate apparatus 2 transmits an information acquisition request to terminal 3 / agent 4 (ST1902). If it is determined that terminal information has not been transmitted from terminal 3 / agent 4 in response to the information acquisition request, management apparatus 1 transmits communication control information to secure gate apparatus 2 (ST1903). As a result, the secure gate device 2 performs communication restriction that restricts communication of the terminal 3 / agent 4 to communication with the management device 1.

  As described above, according to the fifth embodiment, when security information is updated, it is possible to immediately take countermeasures, reflect the security countermeasures in real time, and have not implemented security countermeasures. It is possible to prevent the terminal from being connected to the network.

Embodiment 6 FIG.
FIG. 20 is a block diagram illustrating a configuration example of the security management system according to the sixth embodiment.

  In FIG. 20, reference numeral 48 denotes a status notification unit that notifies the status of the start of the agent 4 and the end of the operation.

  Next, the operation of the security management system according to the sixth embodiment will be described with reference to FIG. 21 and FIG.

  First, the operation of the agent 4 will be described with reference to FIG.

  The agent 4 is implemented in the form of a Windows (registered trademark) service or a UNIX (registered trademark) daemon, and is activated when the terminal 3 is activated and terminated when the terminal 3 is shut down.

  The status notification unit 48 checks whether the agent 4 is activated (ST501). In the case of startup, the process proceeds to ST503. If it is not at the time of activation, the process proceeds to ST502.

  The status notification unit 48 checks whether or not the agent 4 is finished (ST502). In the case of termination, the process proceeds to ST503. If it is not at the end, the process proceeds to ST301.

  In the case of activation or termination, the status notification unit 48 generates a status notification for notifying activation or termination of the agent 4, and transmits the status notification to the management apparatus 1 via the secure gate device 2 (ST503).

  The immediate execution unit 46 checks whether an information acquisition request is received from the management device 1 (ST301). If an information acquisition request is received, the process proceeds to ST101. If an information acquisition request has not been received, the process proceeds to ST201.

  The schedule execution unit 44 checks whether or not the execution time of the distributed schedule has come (ST201). If the execution time has not come, the process proceeds to ST501. If the execution time has come, the process proceeds to ST101.

  When the execution time comes, the schedule execution unit 44 executes the information acquisition unit. The information acquisition unit 41 acquires terminal information (ST101). Information to be acquired includes OS name, version, applicable service pack, computer name, CPU name, memory capacity, connected device information, IP address, MAC address, service information, service activation information, accessible port number, Installed application information, application version, user information, system log, application log, and the like.

  When the acquisition is completed, the information transmission unit 42 transmits the information acquired in ST101 to the management apparatus 1 and simultaneously writes the acquired information in the inventory information storage unit 45 (ST102). Here, not all the information may be sent, and only the changed part may be sent by comparison with the data at the time of previous transmission written in the inventory information storage unit 45 at the time of transmission. If there is no change, data indicating no change may be transmitted.

  The countermeasure application unit 43 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST103). If no countermeasure is required, the process proceeds to ST202. If countermeasures are necessary, the process proceeds to ST104.

  The countermeasure application unit 43 applies the content of the countermeasure action transmitted from the management device 1. When the content of the countermeasure measures sent is patch information or the like, it is automatically applied. When the content of the countermeasure measure transmitted is a procedure, the measure display unit 47 displays the measure procedure on the screen, and the user can implement the measure measure (ST104).

  The countermeasure application unit 43 transmits a completion notification to the management apparatus 1 when the application completion is confirmed. At this time, terminal information is acquired by information acquisition unit 41, and the contents are also transmitted (ST105).

  The schedule execution unit 44 checks whether a new schedule is distributed from the management apparatus 1 (ST202). If there is no distribution, the process proceeds to ST501. If there is distribution, the process proceeds to ST203.

  If a new schedule is distributed, the schedule execution unit 44 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST203).

  Next, the operation of the management apparatus 1 will be described with reference to FIG.

  The measure check unit 12 checks whether an activation or termination status notification has been transmitted from the agent 4 on the terminal 3 (ST504). When the status notification is transmitted, the process proceeds to ST110. If no status notification has been received, the process proceeds to ST401.

  The measure check unit 12 checks whether or not the information stored in the security information storage unit 15 has been updated (ST401). If a change has been made, the process proceeds to ST302. If no change has been made, the process proceeds to ST204.

  The schedule setting unit 16 checks whether there is a change in the setting of the schedule for the agent 4 or the secure gate device 2 to acquire information (ST204). If there is a schedule change, the process proceeds to ST205. If not, the process proceeds to ST206.

  The schedule distribution unit 17 transmits the transmission schedule information to the target agent 4 or the secure gate device 2 whose schedule has been changed (ST205).

  The information collecting unit 11 checks whether information is transmitted from the agent 4 or the secure gate device 2 when the schedule is reached (ST206). If it is transmitted as scheduled, the process proceeds to ST106. If it is not transmitted at the scheduled time, the process proceeds to ST302.

  If it has not been transmitted even at the scheduled time, the immediate request unit 18 issues an information acquisition request to the agent 4 on the terminal 3 (ST302).

  The immediate request unit 18 checks whether information has come (ST303). If information is transmitted, the process proceeds to ST107. If no information has been transmitted, the process proceeds to ST110.

  The information collection unit 11 collects information transmitted as scheduled from the agent 4 or the secure gate device 2, and stores the information in the inventory information storage unit 14 (ST106).

  The countermeasure check unit 12 checks the necessity of countermeasure measures by comparing the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 ( ST107). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that countermeasures are required, the process proceeds to ST108. If it is determined that no countermeasure is required, the process proceeds to ST504.

  When countermeasures are required, the countermeasure instructing unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take countermeasures, and instructs to implement network access restriction on the terminal 3 An instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that needs to perform the countermeasure (ST108). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification from the agent 4 on the terminal 3 (ST109). When a completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. When it is determined that the security countermeasures are correctly applied, the MAC address and IP address information of the terminal 3 is shown, and a countermeasure instruction (restriction release instruction) for instructing the release of the network access restriction is generated and generated. The countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 that had to take the countermeasure (ST110).

  Further, when there is no information transmission in response to the immediate request, a countermeasure instruction (communication restriction instruction) indicating the MAC address and IP address information of the terminal 3 and instructing that the network access restriction on the terminal 3 is performed. ) And the generated countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 (ST110).

  Further, when the activation notification is received by the status notification, a countermeasure instruction (restriction release instruction) indicating the MAC address and IP address information of the corresponding terminal 3 and instructing release of the network access restriction is generated, and the generated countermeasure The instruction is transmitted to the secure gate device 2 connecting the corresponding terminal 3 under the control (ST110). In addition, when an end notification is received as a status notification, a countermeasure instruction (communication restriction instruction) indicating the MAC address and IP address information of the terminal 3 and instructing that the network access restriction for the terminal 3 is performed is given. The generated countermeasure instruction is transmitted to the secure gate device 2 connecting the terminal 3 under its control (ST110).

  Note that when security information is changed in ST401, it may be possible to go to ST107 and check the countermeasure measures from the information stored in the inventory information storage unit 14.

  FIG. 23 is a diagram illustrating a data flow among the management device 1, the secure gate device 2, and the terminal 3 / agent 4.

  First, when the agent is activated in the terminal 3, a status notification for notifying activation of the agent is transmitted to the secure gate device 2 (ST2301). At this point, the secure gate device 2 is restricting communication with the terminal 3. Next, secure gate device 2 transmits a status notification to management device 1 (ST2302). The management apparatus 1 receives the status notification, confirms that the agent has started, and transmits a restriction release instruction to the secure gate apparatus 2 (ST2303). The secure gate device 2 releases the communication restriction for the terminal 3 / agent 4 according to the restriction release instruction.

  On the other hand, when the agent operation is terminated in terminal 3, a status notification for notifying the completion of the agent operation is transmitted to secure gate device 2 (ST2304). At this time, communication restriction for the terminal 3 by the secure gate device 2 is not performed. Next, secure gate device 2 transmits a status notification to management device 1 (ST2305). The management apparatus 1 receives the status notification, confirms that the agent operation has ended, and transmits a communication control instruction to the secure gate apparatus 2 (ST2306). The secure gate device 2 performs communication restriction on the terminal 3 / agent 4 in accordance with the communication control instruction.

  As described above, according to the sixth embodiment, when a terminal in which an agent is installed is started, the network access restriction of the terminal is canceled, and the network access restriction is performed when the terminal is terminated. Even if a terminal is illegally connected, it is possible to place a network access restriction on the terminal from the beginning, and there is a possibility that security measures have not been implemented or a virus may be retained. It is possible to prevent the terminal from being connected to the network.

Embodiment 7 FIG.
24 and 25 are flowcharts of the operation of the security management system according to the seventh embodiment.

  First, the operation of the agent 4 will be described with reference to FIG.

  The agent 4 is implemented in the form of a Windows (registered trademark) service or a UNIX (registered trademark) daemon, and is activated when the terminal 3 is activated and terminated when the terminal 3 is shut down.

  The status notification unit 48 checks whether the agent 4 is activated (ST501). In the case of startup, the process proceeds to ST503. If it is not at the time of activation, the process proceeds to ST502.

  The status notification unit 48 checks whether or not the agent 4 is finished (ST502). In the case of termination, the process proceeds to ST503. If it is not at the end, the process proceeds to ST601.

  In the case of activation or termination, the status notification unit 48 notifies the management device 1 of activation and termination status (ST503).

  The immediate execution unit 46 checks whether the configuration on the terminal has changed. Examples of the configuration change include a new application installed and a new H / W added (ST601). If there is a change, the process proceeds to ST101. If there is no change, the process proceeds to ST301.

  The immediate execution unit 46 checks whether a request is received from the management apparatus 1 (ST301). If a request comes, the process proceeds to ST101. If no request has been received, the process proceeds to ST201.

  The schedule execution unit 44 checks whether or not the execution time of the distributed schedule has come (ST201). If the execution time has not come, the process proceeds to ST501. If the execution time has come, the process proceeds to ST101.

  When the execution time comes, the schedule execution unit 44 executes the information acquisition unit. The information acquisition unit 41 acquires terminal information (ST101). Information to be acquired includes OS name, version, applicable service pack, computer name, CPU name, memory capacity, connected device information, IP address, MAC address, service information, service activation information, accessible port number, Installed application information, application version, user information, system log, application log, and the like.

  In Step ST601, when it is determined that the configuration of the terminal 3 has been changed, the terminal information is acquired by reflecting the changed configuration. Thereby, in the management apparatus 1, when the structure of the terminal 3 has changed, the terminal information which reflected the structure after a change can be received immediately.

  When the acquisition is completed, the information transmission unit 42 transmits the information acquired in ST101 to the management apparatus 1 and simultaneously writes the acquired information in the inventory information storage unit 45 (ST102). Here, not all the information may be sent, and only the changed part may be sent by comparison with the data at the time of previous transmission written in the inventory information storage unit 45 at the time of transmission. If there is no change, data indicating no change may be transmitted.

  The countermeasure application unit 43 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST103). If no countermeasure is required, the process proceeds to ST202. If countermeasures are necessary, the process proceeds to ST104.

  The countermeasure application unit 43 applies the content of the countermeasure action transmitted from the management device 1. When the content of the countermeasure measures sent is patch information or the like, it is automatically applied. When the content of the countermeasure measure transmitted is a procedure, the measure display unit 47 displays the measure procedure on the screen, and the user can implement the measure measure (ST104).

  When the countermeasure application unit 43 confirms the completion of application, the countermeasure application unit 43 proceeds to notify the management apparatus 1 of completion. Send. At this time, terminal information is acquired by information acquisition unit 41, and the contents are also transmitted (ST105).

  The schedule execution unit 44 checks whether a new schedule is distributed from the management apparatus 1 (ST202). If there is no distribution, the process proceeds to ST501. If there is distribution, the process proceeds to ST203.

  If a new schedule is distributed, the schedule execution unit 44 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST203).

  Next, the secure gate device 2 will be described with reference to FIG.

  The immediate execution unit 25 checks whether there is a change in the information of the terminal connected to the subordinate. The content of the change is that a new terminal is connected, the terminal is disconnected from the network, etc. (ST602). If there is a configuration change, the process proceeds to ST111. If there is no configuration change, the process proceeds to ST304.

  The immediate execution unit 25 checks whether a request is received from the management device 1 (ST304). If a request comes, the process proceeds to ST111. If no request has been received, the process proceeds to ST207.

  The schedule execution unit 24 checks whether or not the execution time of the distributed schedule has come (ST207). If the execution time has not come, the process proceeds to ST602. If the execution time has come, the process proceeds to ST111.

  The information acquisition unit 21 acquires identification information of the terminal 3 under its control (ST111). The identification information to be acquired is the IP address, MAC address, etc. of the subordinate terminal 3.

  When the acquisition is completed, the information transmission unit 22 transmits the information acquired in ST111 to the management apparatus 1 (ST112).

  The countermeasure application unit 23 confirms whether or not countermeasure measures are necessary based on the notification from the management apparatus 1 (ST113). If countermeasures are required, the process proceeds to ST114. If no countermeasure is required, the process proceeds to ST208.

  The countermeasure application unit 23 applies the content of the countermeasure action transmitted from the management apparatus 1 (ST114). The contents of the countermeasure measures transmitted are MAC address, IP address, implementation of network access restriction, release of network access restriction, and the like.

  The schedule execution unit 24 checks whether a new schedule is distributed from the management apparatus 1 (ST208). If there is no distribution, the process proceeds to ST602. If there is distribution, the process proceeds to ST209.

  If a new schedule is distributed, the schedule execution unit 24 updates the current schedule information based on the contents, and performs information acquisition with the new schedule (ST209).

  As described above, according to the seventh embodiment, when a configuration change occurs, it is possible to immediately check whether security measures are applied, and a terminal to which no security measures are applied is connected to the network. It becomes possible to prevent this.

Embodiment 8 FIG.
FIG. 26 is a block diagram illustrating a configuration example of a security management system according to the eighth embodiment.

  In FIG. 26, reference numeral 19 denotes a notification unit that notifies the operator of the management apparatus 1 of the information when the agent 4 is not installed or the terminal 3 that is not activated is connected. The notification unit 19 is an example of an operator notification unit.

  Next, the operation will be described.

  FIG. 27 is a flowchart of the operation of the security management system according to the eighth embodiment. The operation of the management apparatus 1 will be described.

  The measure check unit 12 checks whether an activation or termination status notification has been transmitted from the agent 4 on the terminal 3 (ST504). When the status notification is transmitted, the process proceeds to ST110. If no status notification has been received, the process proceeds to ST401.

  The measure check unit 12 checks whether or not the information stored in the security information storage unit 15 has been updated (ST401). If a change has been made, the process proceeds to ST302. If no change has been made, the process proceeds to ST204.

  The schedule setting unit 16 checks whether there is a change in the setting of the schedule for the agent 4 or the secure gate device 2 to acquire information (ST204). If there is a schedule change, the process proceeds to ST205. If not, the process proceeds to ST206.

  The schedule distribution unit 17 transmits the transmission schedule information to the target agent 4 or the secure gate device 2 whose schedule has been changed (ST205).

  The information collecting unit 11 checks whether information is transmitted from the agent 4 or the secure gate device 2 when the schedule is reached (ST206). If it is transmitted as scheduled, the process proceeds to ST106. If it is not transmitted at the scheduled time, the process proceeds to ST302.

  If it has not been transmitted even at the scheduled time, the immediate request unit 18 issues an information acquisition request to the agent 4 on the terminal 3 (ST302).

  The immediate request unit 18 checks whether information has come (ST303). If information is transmitted, the process proceeds to ST107. If no information has been transmitted, the process proceeds to ST701.

  When the terminal 3 that cannot perform communication is connected, the notification unit 19 notifies the operator of the management apparatus that a terminal in which the agent 4 is not operating is connected by e-mail or the like. Further, since the agent is not installed on the terminal by performing display using the function of the OS, notification that the network connection is impossible is performed (ST701).

  The information collection unit 11 collects information transmitted as scheduled from the agent 4 or the secure gate device 2, and stores the information in the inventory information storage unit 14 (ST106).

  The countermeasure check unit 12 checks the necessity of countermeasure measures by comparing the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 ( ST107). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that countermeasures are required, the process proceeds to ST108. If it is determined that no countermeasure is required, the process proceeds to ST504.

  When countermeasures are required, the countermeasure instructing unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take countermeasures, and instructs to implement network access restriction on the terminal 3 An instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that needs to perform the countermeasure (ST108). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification from the agent 4 on the terminal 3 (ST109). When a completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. When it is determined that the security countermeasures are correctly applied, the MAC address and IP address information of the terminal 3 is shown, and a countermeasure instruction (restriction release instruction) for instructing the release of the network access restriction is generated and generated. The countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 that had to take the countermeasure (ST110).

  Further, when there is no information transmission in response to the immediate request, a countermeasure instruction (communication restriction instruction) indicating the MAC address and IP address information of the terminal 3 and instructing that the network access restriction on the terminal 3 is performed. ) And the generated countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 (ST110).

  Further, when the activation notification is received by the status notification, a countermeasure instruction (restriction release instruction) indicating the MAC address and IP address information of the corresponding terminal 3 and instructing release of the network access restriction is generated, and the generated countermeasure The instruction is transmitted to the secure gate device 2 connecting the corresponding terminal 3 under the control (ST110). In addition, when an end notification is received as a status notification, a countermeasure instruction (communication restriction instruction) indicating the MAC address and IP address information of the terminal 3 and instructing that the network access restriction for the terminal 3 is performed is given. The generated countermeasure instruction is transmitted to the secure gate device 2 connecting the terminal 3 under its control (ST110).

  Note that when security information is changed in ST401, it may be possible to go to ST107 and check the countermeasure measures from the information stored in the inventory information storage unit 14.

  As described above, according to the eighth embodiment, when a terminal in which no agent is installed is connected, it is possible to notify the management operator or the like, and recognize an unauthorized terminal. It is possible to take measures.

Embodiment 9 FIG.
FIG. 28 is a flowchart of the operation of the security management system according to the ninth embodiment. The operation of the management apparatus 1 will be described. The configuration of the management apparatus 1 is the same as that shown in FIG.

  The measure check unit 12 checks whether an activation or termination status notification has been transmitted from the agent 4 on the terminal 3 (ST504). When the status notification is transmitted, the process proceeds to ST110. If no status notification has been received, the process proceeds to ST401.

  The measure check unit 12 checks whether or not the information stored in the security information storage unit 15 has been updated (ST401). If a change has been made, the process proceeds to ST302. If no change has been made, the process proceeds to ST204.

  The schedule setting unit 16 checks whether there is a change in the setting of the schedule for the agent 4 or the secure gate device 2 to acquire information (ST204). If there is a schedule change, the process proceeds to ST205. If not, the process proceeds to ST206.

  The schedule distribution unit 17 transmits the transmission schedule information to the target agent 4 or the secure gate device 2 whose schedule has been changed (ST205).

  The information collecting unit 11 checks whether information is transmitted from the agent 4 or the secure gate device 2 when the schedule is reached (ST206). If it is transmitted as scheduled, the process proceeds to ST106. If it is not transmitted at the scheduled time, the process proceeds to ST302.

  If it has not been transmitted even at the scheduled time, the immediate request unit 18 issues an information acquisition request to the agent 4 on the terminal 3 (ST302).

  The immediate request unit 18 checks whether information has come (ST303). If information is transmitted, the process proceeds to ST107. If no information has been transmitted, the process proceeds to ST701.

  When the terminal 3 that cannot perform communication is connected, the notification unit 19 notifies the operator of the management apparatus 1 that a terminal where the agent 4 is not operating is connected by e-mail or the like. Further, since the agent is not installed on the terminal by performing display using the function of the OS, notification that the network connection is impossible is performed (ST701).

  The information collection unit 11 collects information transmitted as scheduled from the agent 4 or the secure gate device 2, and stores the information in the inventory information storage unit 14 (ST106).

  The countermeasure check unit 12 checks the necessity of countermeasure measures by comparing the terminal information from the agent 4 collected by the information collecting unit 11 with the contents of the security information stored in the security information storage unit 15 ( ST107). The information stored in the security information storage unit 15 reflects the security information issued by the OS, application, and H / W vendor as appropriate through the Internet or a medium such as a CD-ROM. If it is determined that countermeasures are required, the process proceeds to ST108. If it is determined that the countermeasure is unnecessary or unknown, the process proceeds to ST801.

  The countermeasure check unit 12 checks whether there is a lack of information for determining whether or not a security countermeasure is necessary (ST801). If it is determined that the information is insufficient, the process proceeds to ST802. If the information is sufficient, the process proceeds to ST504.

  When the information is insufficient, the immediate request unit 18 requests the agent 4 to transmit information necessary for the countermeasure check unit 12 to determine whether the countermeasure action is necessary (apparatus information transmission request). And an additional information request is transmitted to the agent 4 (ST802).

  When countermeasures are required, the countermeasure instructing unit 13 indicates information on the MAC address and IP address of the terminal 3 that needs to take countermeasures, and instructs to implement network access restriction on the terminal 3 An instruction (communication restriction instruction) is generated, and the generated countermeasure instruction is transmitted to the secure gate device 2 connected under the control of the terminal 3 that needs to perform the countermeasure (ST108). As a result, the secure gate device 2 restricts network access, and the corresponding terminal 3 is restricted only to network access to the management device 1.

  Next, the countermeasure instruction unit 13 generates a countermeasure instruction (treatment execution instruction) for instructing the agent 4 on the terminal 3 to perform the security countermeasure treatment, and the generated countermeasure instruction is processed via the secure gate device 2. It transmits to the terminal 3 which becomes. This is, for example, patch information (ST108).

  The countermeasure instruction unit 13 waits for a countermeasure completion notification from the agent 4 on the terminal 3 (ST109). When a completion notification is received, the process proceeds to ST110.

  When a countermeasure completion notification is transmitted from the agent 4 on the terminal 3, the countermeasure instructing unit 13 checks again whether or not a security countermeasure is necessary based on the transmitted terminal information. When it is determined that the security countermeasures are correctly applied, the MAC address and IP address information of the terminal 3 is shown, and a countermeasure instruction (restriction release instruction) for instructing the release of the network access restriction is generated and generated. The countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 that had to take the countermeasure (ST110).

  Further, when there is no information transmission in response to the immediate request, a countermeasure instruction (communication restriction instruction) indicating the MAC address and IP address information of the terminal 3 and instructing that the network access restriction on the terminal 3 is performed. ) And the generated countermeasure instruction is transmitted to the secure gate device 2 connected to the terminal 3 (ST110).

  Further, when the activation notification is received as the status notification, a countermeasure instruction (restriction cancellation instruction) indicating the MAC address and IP address information of the corresponding terminal 3 and indicating the cancellation of the network access restriction is generated, and the generated countermeasure The instruction is transmitted to the secure gate device 2 connecting the corresponding terminal 3 under the control (ST110). In addition, when an end notification is received as a status notification, a countermeasure instruction (communication restriction instruction) indicating the MAC address and IP address information of the terminal 3 and instructing that the network access restriction for the terminal 3 is performed is given. The generated countermeasure instruction is transmitted to the secure gate device 2 connecting the terminal 3 under its control (ST110).

  Note that when security information is changed in ST401, it may be possible to go to ST107 and check the countermeasure measures from the information stored in the inventory information storage unit 14.

  FIG. 29 is a diagram illustrating a data flow among the management device 1, the secure gate device 2, and the terminal 3 / agent 4.

  First, terminal information is collected by the terminal 3 / agent 4, the terminal information is transmitted from the terminal 3 / agent 4 to the secure gate apparatus 2 (ST2901), and the terminal information is transmitted from the secure gate apparatus 2 to the management apparatus 1. (ST2902). Also, identification information of terminal 3 such as the IP address of the terminal is transmitted from secure gate apparatus 2 to management apparatus 1 (ST 2903). In the management apparatus 1, it is determined whether or not security countermeasures need to be performed on the terminal 3. Here, when the management apparatus 1 determines that the information is insufficient, the management apparatus 1 transmits an additional information request to the secure gate apparatus 2 (ST2904), and the secure gate apparatus 2 transmits the additional information request to the terminal 3 / agent 4. (ST2905). Terminal 3 / agent 4 collects additional terminal information and transmits the additional terminal information to secure gate apparatus 2 (ST2906). The secure gate device 2 transmits additional terminal information to the management device 1 (ST2907). Thereafter, in the management apparatus 1, it is determined whether or not it is possible to determine whether or not a security countermeasure is necessary based on the additional terminal information.

  As described above, according to the ninth embodiment, since it is possible to reliably collect and check information necessary for confirming the implementation of security countermeasures, it is possible to implement security countermeasures without omission.

  In each of the embodiments described above, the management device 1, the secure gate device 2, and the terminal 3 can be realized by a computer.

  Although not shown, the management device 1, the secure gate device 2, and the terminal 3 include a CPU (Central Processing Unit) that executes a program.

  For example, the CPU is connected to a ROM (Read Only Memory), a RAM (Random Access Memory), a communication board, a display device, a K / B (keyboard), a mouse, an FDD (Flexible Disk Drive), and a CDD (Compact Disc) via a bus. Drive), magnetic disk device, optical disk device, printer device, scanner device and the like.

  The RAM is an example of a volatile memory. ROM, FDD, CDD, magnetic disk device, and optical disk device are examples of nonvolatile memory. These are examples of a storage device or a storage unit.

  Data and information handled by the management device 1, secure gate device 2, and terminal 3 of each embodiment described above are stored in a storage device or storage unit and recorded by each unit of the management device 1, secure gate device 2, and terminal 3. And read out.

  The communication board is connected to a WAN (Wide Area Network) such as a LAN, the Internet, or ISDN.

  The magnetic disk device stores an operating system (OS), a window system, a program group, and a file group (database).

  The program group is executed by a CPU, OS, and window system.

  Each part of the management device 1, the secure gate device 2, and the terminal 3 may be configured by a program that can be partially or entirely operated by a computer. Alternatively, it may be realized by firmware stored in the ROM. Alternatively, it may be implemented by software, hardware, or a combination of software, hardware, and firmware.

  The program group stores a program that causes the CPU to execute the processing described as “˜unit” in the description of the embodiment. These programs are created by computer languages, such as C language, HTML, SGML, and XML, for example.

The program is stored in another recording medium such as a magnetic disk device, FD (Flexible Disk), optical disk, CD (compact disk), MD (mini disk), DVD (Digital Versatile Disk), and read by the CPU. And executed.
Here, the features of the security management system described in the above embodiment will be described below.

The security management system described in the above embodiment is a security management system in which a terminal including an agent, a secure gate device, and a management device are connected to each other via a network.
The agent on the terminal is
An information acquisition unit that acquires terminal information necessary for applying security measures;
An information transmission unit for transmitting the collected information to the management device;
A countermeasure application unit that receives the security countermeasures transmitted from the management device and implements the countermeasures;
The secure gate device is:
An information acquisition unit that acquires terminal information of the subordinate,
An information transmission unit for transmitting the collected information to the management device;
A countermeasure application unit that receives countermeasure information transmitted from the management device, and implements or cancels network access restrictions on the terminals to which the security countermeasures under control are applied;
The management device
An information collection unit that collects terminal information transmitted from each terminal and subordinate terminal information transmitted from each secure gate device;
An inventory information storage unit storing information collected by the information collection unit;
A security information storage unit storing security information;
A measure check unit that determines whether security measures are implemented from the terminal information stored in the inventory information storage unit and the security information stored in the security information storage unit;
And a countermeasure instruction section for instructing a corresponding countermeasure when the countermeasure check section determines that a countermeasure is necessary.

  The agent on the terminal acquires OS information, H / W information, S / W information, network information, and security countermeasure application information of the terminal, and transmits the acquired information to the management apparatus, whereby a countermeasure check unit on the management apparatus This makes it possible to determine the necessity of implementing security measures.

  The secure gate device acquires network information of terminals connected under the secure gate device and transmits the network information to the management device, so that a countermeasure instruction unit on the management device issues a network access restriction instruction to the security countermeasure implementation terminal. It is possible to identify the secure gate device to be issued.

  When the countermeasure check unit determines that there is a terminal to which countermeasures need to be applied, the management device sends a network of the target terminals to the countermeasure application unit of the secure gate device under control of the target terminals. Instruct the access restriction to the agent countermeasure application section on the target terminal, and after the security countermeasure is completed, release the network access restriction on the target terminal to the countermeasure application section of the secure gate device. It is characterized by carrying out.

  The management device automatically applies a countermeasure by the agent countermeasure application unit on the terminal by transmitting a correction program for implementing the security countermeasure to the agent on the terminal in the countermeasure instruction unit. It is characterized by doing.

  The agent on the terminal receives the modified program transmitted by the countermeasure instruction unit and automatically executes the modified program to apply the security countermeasure.

  The management apparatus transmits a security countermeasure execution procedure to the agent on the terminal in the countermeasure instruction section, so that the agent countermeasure application section on the terminal issues a countermeasure application instruction to the user. And

  The agent on the terminal receives the transmitted countermeasure implementation procedure at the countermeasure instruction unit, displays a countermeasure application instruction for the user, and prompts the user to implement the countermeasure by the user performing the security countermeasure. It is characterized by that.

The management device
A schedule setting unit configured to set transmission of periodic information for the agent on the terminal and the secure gate device;
A schedule distribution unit that applies the schedule set by the schedule setting unit to each terminal or secure gate device;
The secure gate device is:
In accordance with the schedule information distributed from the management device, the information acquisition unit, and a schedule execution unit that executes the information transmission unit,
The agent on the terminal is
In accordance with the schedule information distributed from the management device, the information acquisition unit, and a schedule execution unit that executes the information transmission unit,
The management device periodically collects terminal information.

  When the management device does not perform periodic communication from the agent according to the schedule distributed by the schedule distribution unit, the countermeasure instruction unit restricts network access of the corresponding terminal to the corresponding secure gate device It is characterized by giving an instruction to perform.

  The agent on the terminal includes an inventory information storage unit that stores the terminal information acquired by the information acquisition unit, and the information acquisition unit, when acquiring the terminal information, compares the information with the information stored in the inventory information storage unit. When there is no change, the information transmission unit transmits only information that there is no change.

  The agent on the terminal compares the terminal information acquired by the information acquisition unit with the information stored in the inventory information storage unit, and if there is a change, the inventory information based on the information acquired this time The storage unit is updated, and the information transmission unit transmits only difference information.

The management device
With an immediate request unit that immediately requests acquisition of information to the agent on the terminal and the secure gate device,
The secure gate device is:
Receives an immediate request from the management device, and includes an information acquisition unit and an immediate execution unit that executes an information transmission unit,
The agent on the terminal is
It is characterized by receiving an immediate request from the management device, and having an information acquisition unit and an immediate execution unit for executing the information transmission unit, and collecting terminal information in response to the request from the management device immediately.

  When the communication from the agent according to the schedule distributed by the schedule distribution unit is not performed, the immediate request unit makes an information acquisition request to a terminal that has not performed communication. When the acquisition is not possible, the countermeasure instruction unit instructs the corresponding secure gate device to perform network access restriction of the corresponding terminal.

The management device
In the countermeasure instruction unit, a correction procedure for security countermeasure implementation is transmitted to the agent on the terminal,
The agent on the terminal is
It has a countermeasure display section that displays the sent correction procedure,
It is characterized in that it is possible to notify a user of application of a security measure that is difficult to apply automatically and to apply it.

  In the management device, when updating the information stored in the security information storage unit, the countermeasure check unit checks the update contents and information of each terminal stored in the collected inventory information storage unit, and a countermeasure is required. It is characterized in that measures are applied when a terminal is detected.

  When the information stored in the security information storage unit is updated, the management device checks the information of each terminal stored in the inventory information storage unit collected by the countermeasure check unit and needs the latest information. Select the terminal, the immediate request unit requests the relevant terminal to obtain the current information, detect the terminal that requires countermeasures based on the information collected by the countermeasure check unit, and apply countermeasures at the time of detection It is characterized by doing.

  The agent on the terminal includes a status notification unit that notifies the management device of activation information when the terminal is activated, and the management device that has received the terminal activation notification determines that the security check has been applied by the countermeasure check unit. The countermeasure instructing unit instructs the corresponding secure gate device to release the network access restriction of the activated terminal.

  The agent on the terminal notifies the management device of the activation information when the status notification unit terminates the terminal, so that the management device that has received the terminal termination notification provides the corresponding secure gate device with the countermeasure instruction unit. It is characterized by giving an instruction to perform network access restriction of the activated terminal.

  The management device makes an information acquisition request from the immediate request unit when a terminal is connected to a network but there is a terminal to which an activation notification is not transmitted.

  If the terminal is connected to the network but the activation notification is not transmitted, or the management apparatus does not respond to the request from the immediate request unit, the agent is not installed in the corresponding terminal or the agent is activated. It is determined that the terminal is not, and the countermeasure instruction unit instructs the corresponding secure gate device to perform network access restriction of the corresponding terminal.

The secure gate device is:
When a change occurs in information of a terminal under control, the information transmission unit notifies the management device.

The agent on the terminal is
When there is a change in information to be acquired by the information acquisition unit, terminal information is acquired and information acquired by the information transmission unit is transmitted.

  If the terminal is connected to the network but the activation notification is not transmitted, or the management apparatus does not respond to the request from the immediate request unit, the agent is not installed in the corresponding terminal or the agent is activated. And a notification unit that notifies the administrator, and notifies the administrator of the presence of the agent-uninstalled terminal.

  If the terminal is connected to the network but the activation notification is not transmitted, or the management apparatus does not respond to the request from the immediate request unit, the agent is not installed in the corresponding terminal or the agent is activated. When it is determined that the terminal is not a terminal, the notification unit uses the function of the OS to notify the corresponding terminal, and if the agent is not installed, the user is informed that the terminal cannot be connected to the network. To do.

The management apparatus is added when the countermeasure check unit determines from the information stored in the security information storage unit that the information stored in the inventory information storage unit cannot check the implementation of the security countermeasures Provided with an additional information request unit for requesting information,
The immediate execution unit of the agent on the terminal performs acquisition of the additional information requested from the additional information request unit by the information acquisition unit, and transmits the acquired information by the information transmission unit. It is characterized by that.

  When the management device determines that the countermeasure check unit is in an abnormal state such as a virus infection from the content of the terminal information transmitted from the terminal, the countermeasure instruction unit takes the corresponding terminal under control. A network access restriction is instructed to the secure gate device.

1 is a diagram illustrating a system configuration example of a security management system according to Embodiment 1. FIG. 2 is a block diagram illustrating a configuration example of each device of the security management system according to Embodiment 1. FIG. 6 is a flowchart showing an operation example of a terminal / agent according to the first embodiment. 4 is a flowchart illustrating an operation example of the secure gate device according to the first embodiment. 6 is a flowchart illustrating an operation example of the management device according to the first embodiment. It is a figure which shows the data flow between the management apparatus by Embodiment 1, a secure gate apparatus, and a terminal / agent. FIG. 10 is a block diagram illustrating a configuration example of each device of a security management system according to a second embodiment. 10 is a flowchart illustrating an operation example of a terminal / agent according to the second embodiment. 10 is a flowchart illustrating an operation example of the secure gate device according to the second embodiment. 10 is a flowchart illustrating an operation example of the management device according to the second embodiment. It is a figure which shows the data flow between the management apparatus by Embodiment 2, a secure gate apparatus, and a terminal / agent. FIG. 10 is a block diagram illustrating a configuration example of each device of a security management system according to a third embodiment. 10 is a flowchart showing an operation example of a terminal / agent according to the third embodiment. 12 is a flowchart illustrating an operation example of the secure gate device according to the third embodiment. 10 is a flowchart illustrating an operation example of the management device according to the third embodiment. FIG. 10 is a diagram illustrating a data flow between a management device, a secure gate device, and a terminal / agent according to a third embodiment. FIG. 10 is a block diagram illustrating a configuration example of each device of a security management system according to a fourth embodiment. 10 is a flowchart illustrating an operation example of the management device according to the fifth embodiment. FIG. 10 is a diagram illustrating a data flow between a management device, a secure gate device, and a terminal / agent according to a fifth embodiment. FIG. 20 is a block diagram illustrating a configuration example of each device of a security management system according to a sixth embodiment. 18 is a flowchart illustrating an operation example of a terminal / agent according to the sixth embodiment. 18 is a flowchart illustrating an operation example of the management device according to the sixth embodiment. FIG. 20 is a diagram illustrating a data flow between a management device, a secure gate device, and a terminal / agent according to a sixth embodiment. 18 is a flowchart showing an operation example of a terminal / agent according to the seventh embodiment. 18 is a flowchart illustrating an operation example of the secure gate device according to the seventh embodiment. FIG. 20 is a block diagram illustrating a configuration example of each device of a security management system according to an eighth embodiment. 25 is a flowchart illustrating an operation example of the management device according to the eighth embodiment. 25 is a flowchart illustrating an operation example of the management device according to the ninth embodiment. FIG. 25 is a diagram illustrating a data flow between a management device, a secure gate device, and a terminal / agent according to the ninth embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Management apparatus, 2 Secure gate apparatus, 3 Terminal, 4 Agent, 5 Communication line, 11 Information collection part, 12 Countermeasure check part, 13 Countermeasure instruction part, 14 Inventory information storage part, 15 Security information storage part, 16 Schedule setting part , 17 Schedule distribution unit, 18 Immediate request unit, 19 Notification unit, 21 Information acquisition unit, 22 Information transmission unit, 23 Countermeasure application unit, 24 Schedule execution unit, 25 Immediate execution unit, 26 Relay processing unit, 41 Information acquisition unit, 42 Information transmission unit, 43 Countermeasure application unit, 44 Schedule execution unit, 45 Inventory information storage unit, 46 Immediate execution unit, 47 Countermeasure display unit, 48 Status notification unit.

Claims (18)

A security management device that performs security management for the terminal device via a relay device that controls communication of the terminal device,
A receiving unit for receiving device information of the terminal device from the terminal device via the relay device;
Based on the device information of the terminal device received by the receiving unit, a measure determining unit that determines whether or not a security measure action is required for the terminal device;
A communication restriction instruction for instructing the relay device to limit communication of the terminal device to communication with the security management device when it is determined by the measure determining unit that security measures are required for the terminal device. An instruction generation unit for generating
A security management apparatus comprising: a transmission unit that transmits a communication restriction instruction generated by the instruction generation unit to the relay apparatus. The instruction generation unit
When the countermeasure determining unit determines that a security countermeasure action is required for the terminal device, generates a processing execution instruction that instructs the terminal device to perform a security countermeasure action,
The transmitter is
The security management device according to claim 1, wherein the processing execution instruction generated by the instruction generation unit is transmitted to the terminal device via the relay device. The instruction generation unit
When the security measure measure for the terminal device is no longer necessary after the measure determining unit determines that the security measure measure for the terminal device is necessary, the communication restriction for the terminal device is released to the relay device. Generate a restriction release instruction that instructs
The transmitter is
The security management apparatus according to claim 1, wherein the restriction release instruction generated by the instruction generation unit is transmitted to the relay apparatus. The receiver is
Received from the terminal device via the relay device a processing execution completion notification notifying that the security measure has been implemented in the terminal device,
The countermeasure determination unit
Based on the action execution completion notification received by the receiving unit, determine whether further security measures for the terminal device are necessary,
The instruction generation unit
Generating a restriction release instruction for instructing the relay apparatus to release the communication restriction for the terminal device when the countermeasure determining unit determines that further security countermeasures for the terminal device are unnecessary; The security management device according to claim 3. The security management device includes:
Each of them has jurisdiction over at least one terminal device, and can communicate with a plurality of relay devices that control the communication of each of the terminal devices in charge.
The receiver is
The device information including the identification information of the terminal device is received from each terminal device via the responsible relay device, and the identification information of the terminal device managed by each relay device is obtained from each relay device,
The instruction generation unit
When the countermeasure determining unit determines that a security measure for any terminal device is necessary, based on the identification information of the terminal device, the relay that has jurisdiction over the terminal device determined to require the security measure Identifying a device, generating a communication restriction instruction that instructs the identified relay device to limit communication of a terminal device that is determined to require security measures to communication with the security management device;
The transmitter is
The security management apparatus according to claim 1, wherein a communication restriction instruction is transmitted to the relay apparatus identified by the instruction generation unit. The instruction generation unit
When a security measure measure is not required for a terminal device that is determined to require a security measure measure by the measure determining unit, a relay device that has jurisdiction over the terminal device that does not require a security measure measure is identified. , Generating a restriction release instruction that instructs the specified relay device to release the communication restriction for the terminal device that no longer requires the security measure,
The transmitter is
The security management apparatus according to claim 5, wherein a restriction release instruction is transmitted to the relay apparatus identified by the instruction generation unit. The security management device further includes:
The terminal device sets a transmission schedule for transmitting device information, and has a schedule setting unit for generating transmission schedule information indicating the set transmission schedule,
The transmitter is
The security management device according to claim 1, wherein the transmission schedule information generated by the schedule setting unit is transmitted to the terminal device via the relay device. The instruction generation unit
When the receiving unit cannot receive device information from the terminal device according to the transmission schedule set by the schedule setting unit, communication of the terminal device is limited to communication with the security management device with respect to the relay device. The security management apparatus according to claim 7, wherein a communication restriction instruction is issued to instruct to do so. The security management device further includes:
Transmission that generates a device information transmission request for requesting the terminal device to transmit device information when the receiving unit cannot receive device information from the terminal device according to the transmission schedule set by the schedule setting unit A request generation unit,
The transmitter is
8. The security management device according to claim 7, wherein the device information transmission request generated by the transmission request generation unit is transmitted to the terminal device via the relay device. The security management device further includes:
A security information storage unit for storing security information to be checked against device information from the terminal device in order to determine whether or not a security measure is required for the terminal device;
A transmission request generation unit that generates a device information transmission request for requesting the terminal device to transmit device information when security information stored in the security information storage unit is updated;
The transmitter is
The security management device according to claim 1, wherein the device information transmission request generated by the transmission request generation unit is transmitted to the terminal device via the relay device. The instruction generation unit
Communication that instructs the relay device to limit communication of the terminal device to communication with a security management device when the receiving unit cannot receive device information from the terminal device after transmitting the device information transmission request The security management apparatus according to claim 9 or 10, wherein a restriction instruction is generated. The security management device includes:
Perform security management for the terminal device with an agent that collects device information through the relay device,
The receiver is
Receiving a status notification from the terminal device via the relay device to notify the activation of the agent of the terminal device;
The instruction generation unit
2. The security according to claim 1, wherein when the status notification is received by the receiving unit, a restriction release instruction is generated to instruct the relay apparatus to release the communication restriction on the terminal apparatus. Management device. The security management device includes:
Perform security management for the terminal device with an agent that collects device information through the relay device,
The receiver is
Receiving a status notification from the terminal device via the relay device to notify the end of the operation of the agent of the terminal device;
The instruction generation unit
When the status notification is received by the receiving unit, a communication restriction instruction is generated to instruct the relay device to limit communication of the terminal device to communication with a security management device. Item 4. The security management device according to Item 1. The receiver is
The security management device according to claim 1, wherein when there is a change in the configuration of the terminal device, device information reflecting the changed configuration is received from the terminal device via the relay device. . The security management device further includes:
An operator notifying unit for notifying the operator of the security management device that the device information cannot be received from the terminal device when the receiving unit cannot receive the device information from the terminal device after transmitting the device information transmission request; The security management apparatus according to claim 9 or 10, characterized in that The security management device further includes:
If the device information of the terminal device received by the receiving unit does not meet a predetermined condition, the terminal cannot determine whether the security measure for the terminal device is necessary or not. A transmission request generation unit that generates a device information transmission request for requesting transmission of device information that matches the predetermined condition to the device;
The transmitter is
The security management device according to claim 1, wherein the device information transmission request generated by the transmission request generation unit is transmitted to the terminal device via the relay device. A security management method for performing security management for the terminal device via a relay device that controls communication of the terminal device,
A receiving step of receiving device information of the terminal device from the terminal device via the relay device;
Based on the device information of the terminal device received by the receiving step, a measure determining step for determining whether a security measure measure for the terminal device is necessary,
A communication restriction instruction for instructing the relay device to limit communication of the terminal device to communication related to the security measure measure when it is determined by the measure determining step that a security measure measure is required for the terminal device. An instruction generation step to generate;
A security management method comprising: a transmission step of transmitting the communication restriction instruction generated by the instruction generation step to the relay device. A program that causes a computer to execute security management for the terminal device via a relay device that controls communication of the terminal device,
A receiving process for receiving device information of the terminal device from the terminal device via the relay device;
Based on the device information of the terminal device received by the reception processing, countermeasure determination processing for determining whether or not a security countermeasure action is required for the terminal device;
A communication restriction instruction for instructing the relay device to limit communication of the terminal device to communication related to the security countermeasure treatment when it is determined by the countermeasure determination processing that a security countermeasure treatment is required for the terminal device. Instruction generation processing to generate,
A program for causing a computer to execute a transmission process for transmitting a communication restriction instruction generated by the instruction generation process to the relay device.

Images