WO2016046920A1 - Load distribution device, load distribution method and program - Google Patents

Load distribution device, load distribution method and program Download PDF

Info

Publication number
WO2016046920A1
WO2016046920A1 PCT/JP2014/075288 JP2014075288W WO2016046920A1 WO 2016046920 A1 WO2016046920 A1 WO 2016046920A1 JP 2014075288 W JP2014075288 W JP 2014075288W WO 2016046920 A1 WO2016046920 A1 WO 2016046920A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
load
terminal device
server
security
Prior art date
Application number
PCT/JP2014/075288
Other languages
French (fr)
Japanese (ja)
Inventor
篤史 原田
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2014/075288 priority Critical patent/WO2016046920A1/en
Publication of WO2016046920A1 publication Critical patent/WO2016046920A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a load balancing technique of a server device that performs security management of a terminal device.
  • Network quarantine techniques are widely used to maintain the security of information systems in the organization.
  • data processing for security management is performed on a terminal device. More specifically, when the terminal device connects to the network in the organization, a security check is performed to verify whether or not the terminal device is safe.
  • the security check is also called a quarantine process. Only terminal devices that pass the security check are permitted to access important information systems (file server, business application server, etc.).
  • a terminal device that does not pass the security check is typically limited in an accessible information system by a network access control technique. Processing for restricting access of a terminal device that does not pass the security check is also referred to as isolation processing.
  • the quarantine process is executed again on the terminal device, and the terminal device passes the safety verification. In such a case, access to the important information system of the terminal device is permitted.
  • the process of restoring the security state of the terminal device by updating the security program is also referred to as a repair process.
  • a conventional network quarantine technique for example, there is a technique described in Patent Document 1.
  • a load may be concentrated on a server device that performs security management on the next day after distribution of an update program for eliminating a serious security defect is started.
  • a load When such a load is concentrated, the processing performance of the server device is lowered, and there is a problem that it takes a long time until the terminal device can be used for the original business. For this reason, for example, it is necessary to distribute the load of the server device.
  • load distribution technologies for server devices there are technologies described in Patent Documents 2 to 4.
  • JP 2007-235730 A Japanese Patent Laid-Open No. 2003-24866 JP 2012-174051 A JP 2007-241712 A
  • the main purpose of the present invention is to avoid such security risks and to distribute the load on the server device that performs security management.
  • the load balancer is A terminal investigation unit that investigates the security status of the terminal device; A load state information receiving unit for receiving load state information indicating each load state of the plurality of server devices; A server device that performs data processing for security management on the terminal device based on the security state of the terminal device investigated by the terminal investigation unit and the load state of each server device indicated in the load state information And a selection unit for selecting from a plurality of server devices.
  • a server device that performs security management of the terminal device is selected based on the security state of the terminal device and the load state of each server device. Therefore, according to the present invention, it is possible to avoid a security risk and to distribute the load of the server device that performs security management.
  • FIG. 3 is a diagram illustrating an example of a system configuration according to the first embodiment.
  • FIG. 3 is a diagram illustrating a general configuration example of a load distribution apparatus according to the first embodiment.
  • FIG. 3 is a diagram illustrating a detailed configuration example of the load distribution apparatus according to the first embodiment.
  • FIG. 3 shows an example of an access terminal information table according to the first embodiment.
  • FIG. 4 is a diagram showing an example of a terminal affiliation information table according to Embodiment 1. The figure which shows the example of the terminal security state information table which concerns on Embodiment 1.
  • FIG. FIG. 4 is a diagram showing an example of an update program information table according to the first embodiment.
  • FIG. 4 is a diagram showing an example of a load state information table according to the first embodiment.
  • FIG. 3 is a flowchart showing an operation example of the load distribution apparatus according to the first embodiment.
  • FIG. 4 is a diagram illustrating a detailed configuration example of a load distribution apparatus according to a second embodiment.
  • FIG. 9 is a flowchart showing an operation example of the load distribution apparatus according to the second embodiment.
  • the figure which shows the example of terminal ID of the terminal device which concerns on Embodiment 2, user ID, user name, organization ID, organization name, title ID, title, title level, confidentiality, loading OS, and the latest patch update date and time .
  • FIG. 10 shows an example of an allocation rule information table according to the third embodiment.
  • FIG. 4 is a diagram illustrating a hardware configuration example of a load distribution apparatus according to the first to third embodiments.
  • a server that performs data processing for security management during the next sunrise company time when a new software update patch is distributed or the quarantine policy in the organization is changed
  • the load is concentrated on the apparatus and the processing performance of the server apparatus is lowered.
  • the base is a management unit of the information system. Specifically, an organization such as a company is an example of the base.
  • the method (1) has an advantage that it is not necessary to prepare an extra server device.
  • the terminal device that has been postponed by the quarantine process by the server device continues to be in an insecure state or is prohibited from being used for a long time. For this reason, the method (1) has a problem in terms of security or convenience.
  • the number of terminal devices for which the quarantine process is postponed is reduced.
  • the method (3) is an extension of the method (2), and it is possible to use a server device at the base Y with a sufficient processing capability so that the base X does not have to have a surplus server device.
  • using the server device at the base Y for the network quarantine process at the base X has a security risk.
  • the security risk is a possibility that the terminal device, the server device, and the network are exposed to threats. Examples of the security risk include the following. When the terminal device at site X is infected with a computer virus and the terminal device accesses the server device at site Y, the computer virus at the terminal device attacks the server device or network at site Y.
  • the quarantine policy such as the quarantine method and the strength of quarantine is different between the base X and the base Y, and what is not recognized as safe at one base is judged as safe at the other base.
  • FIG. *** Explanation of configuration *** FIG. 1 shows a system configuration example according to the present embodiment.
  • a system composed of a base A (A00) and a base B (B00) is taken as an example.
  • the number of bases may be any number as long as it is two or more.
  • the terminal device (A-01) is a terminal device used by users belonging to the site A (A00).
  • the terminal device (A-01) transmits a packet for accessing the access destination server device via the network in the base A (A00).
  • the packet transmitted by the terminal device (A-01) is received by the load balancer (A-02).
  • the load balancer (A-02) sends the packet from the terminal device (A-01) to the repair server device (A-16) in the base A (A00) or the repair server device (B in the base B (B00)). -16)). In addition, the load balancer (A-02) transmits the packet from the terminal device (A-01) to the quarantine server device (A-17) in the site A (A00) or the quarantine server device (B00) in the site B (B00). Forward to B-17). In this way, the load distribution apparatus (A-02) performs load distribution between the server apparatus in the base A (A00) and the server apparatus in the base B (B00).
  • the repair server device (A-16) and the quarantine server device (A-17) perform data processing for security management on the terminal device.
  • Security management is a measure for preventing terminal devices, server devices, and networks from being exposed to security threats.
  • the repair server device (A-16) performs repair processing on the terminal device (A-01) or a later-described terminal device (B-01) as data processing for security management. More specifically, the repair server device (A-16) distributes an OS (Operating System) update program or an application update program to the terminal device (A-01) or the terminal device (B-01).
  • OS Operating System
  • the quarantine server apparatus (A-17) performs a quarantine process on the terminal apparatus (A-01) or a terminal apparatus (B-01) described later as data processing for security management.
  • the quarantine server device (A-17) cooperates with the network switch device or firewall device, Access from terminal devices that do not match the quarantine policy can be restricted.
  • the terminal attribute information storage device (A-18) is a data store that stores terminal attribute information that is information relating to the terminal device (A-01).
  • the terminal attribute information includes, for example, an identifier of the terminal device (A-01), software information installed in the terminal device (A-01), user information of the terminal device (A-01), and terminal device This is information on the confidential level of the data held in (A-01).
  • the terminal attribute information storage device (A-18) is described as “terminal attribute information” for reasons of drawing space.
  • the repair information storage device (A-19) is a data store that stores repair information used for repair processing.
  • the repair information is, for example, security program update information and repair processing history information for the terminal device (A-01).
  • the repair information storage device (A-19) is referred to as “repair information” for reasons of drawing space.
  • the quarantine information storage device (A-20) is a data store that stores quarantine information used for quarantine processing.
  • the quarantine information is, for example, information indicating a quarantine policy, quarantine processing history information for the terminal device (A-01), and security status information of the terminal device (A-01).
  • the quarantine information storage device (A-20) is described as “quarantine information” for reasons of drawing space.
  • the components of the base B (B00) are the same as the base A (A00). That is, the terminal device (B-01) is the same as the terminal device (A-01), and the load balancer (B-02) is the same as the load balancer (A-02).
  • the repair server device (B-16) is the same as the repair server device (A-16), and the quarantine server device (B-17) is the same as the quarantine server device (A-17).
  • the terminal attribute information storage device (B-18) is the same as the terminal attribute information storage device (A-18), and the repair information storage device (B-19) is the same as the repair information storage device (A-19).
  • the quarantine information storage device (B-20) is the same as the quarantine information storage device (A-20).
  • the terminal device (B-01), the load balancer (B-02), the repair server device (B-16), the quarantine server device (B-17), the terminal attribute information storage device (B-18), the repair Detailed descriptions of the information storage device (B-19) and the quarantine information storage device (B-20) are omitted.
  • FIG. 2 shows a general configuration example of the load distribution apparatus (A-02) according to the present embodiment.
  • the terminal investigation unit (A-100) investigates the security state of the terminal device (A-01).
  • the security state is a state of dealing with vulnerabilities such as security holes. More specifically, the terminal investigation unit (A-100) investigates the security program update state in the terminal device (A-01) as the security state of the terminal device (A-01).
  • the terminal investigation unit (A-100) receives the update program information from the repair information storage device (A-19) and the terminal attribute information from the terminal attribute information storage device (A-18). Then, the terminal investigation unit (A-100) analyzes the received update program information and terminal attribute information, and investigates the update state of the security program in the terminal device (A-01).
  • the terminal attribute information indicates the update date and time of the security program in the terminal device (A-01).
  • the update program information indicates a security program update history for each OS (Operating System).
  • the terminal check unit (A-100) checks the update status of the security program in the terminal device (A-01) by comparing the terminal attribute information with the update program information.
  • the load status information receiving unit (A-200) receives load status information indicating the load status of each of the plurality of server devices. That is, the load state information receiving unit (A-200) receives the load state information indicating the load state of the repair server device (A-16) from the repair server device (A-16), and also receives the quarantine server device ( The load status information indicating the load status of the quarantine server apparatus (A-17) is received from A-17). Also, the load status information receiving unit (A-200) receives the load indicating the load status of the repair server device (B-16) from the repair server device (B-16) via the load balancer (B-02). The status information is received, and load status information indicating the load status of the quarantine server device (B-17) is received from the quarantine server device (B-17).
  • the selection unit (A-300) Based on the security status of the terminal device (A-01) surveyed by the terminal survey unit (A-100) and the load status of each server device indicated by the load status information, the selection unit (A-300) A server device that performs security management of the device (A-01) is selected from a plurality of server devices. That is, the selection unit (A-300) selects the server device that performs the quarantine process of the terminal device (A-01) from the quarantine server device (A-17) and the quarantine server device (B-17). Further, the selection unit (A-300) selects a server device that performs the repair process of the terminal device (A-01) from the repair server device (A-16) and the repair server device (B-16).
  • FIG. 3 is a configuration diagram showing the configuration shown in FIG. 2 in more detail. That is, the configuration example of FIG. 3 is an example for realizing the load distribution apparatus (A-02) of FIG.
  • the access receiving unit (A-03) receives a packet from the terminal device (A-01). Then, the access receiving unit (A-03) passes the received packet to the terminal information collecting unit (A-21) described later. The access receiving unit (A-03) also receives a packet from the terminal device (B-01) at the site B (B00) transferred from the load distribution device (B-02) at the site B (B00). . The access receiving unit (A-03) also passes the packet from the terminal device (B-01) to the terminal information collecting unit (A-21).
  • the terminal device information collection unit (A-21) acquires a packet from the access reception unit (A-03), and acquires terminal information from the acquired packet. Then, the access receiving unit (A-03) stores the acquired terminal information in the access terminal information storage unit (A-24).
  • the access terminal information storage unit (A-24) stores the terminal information in the access terminal information table.
  • the access terminal information storage unit (A-24) is described as “access terminal information” for reasons of drawing space.
  • the access terminal information table is, for example, the table shown in FIG. In FIG. 4, the access terminal information table includes a terminal ID, an IP address, a MAC address, a terminal type, an access destination IP address, and an access time.
  • the ID column the ID (Identifier) of the terminal device of the packet transmission source extracted from the packet is described.
  • the IP address column the IP (Internet Protocol) address of the terminal device of the packet transmission source extracted from the packet is described.
  • the MAC address column describes the MAC (Media Access Control) address of the terminal device that is the packet transmission source extracted from the packet.
  • the terminal type column the device category (such as personal computer or tablet terminal) of the terminal device of the packet transmission source extracted from the packet is described.
  • the access receiving unit (A-03) also generates an access terminal information table similar to that in FIG. 4 for the packet from the terminal device (B-01) at the base B (B00), and the generated access terminal information table Is stored in the access terminal information storage unit (A-24).
  • the terminal information management unit (A-12) receives the terminal attribute information from the terminal attribute information storage device (A-18), and stores the received terminal attribute information in the terminal attribute information storage unit (A-06). Specifically, in the present embodiment, the terminal information management unit (A-12) receives the terminal affiliation information table and the terminal security state information table as terminal attribute information.
  • the terminal attribute information storage unit (A-06) stores terminal attribute information.
  • the terminal attribute information storage unit (A-06) is described as “terminal attribute information” for reasons of drawing space.
  • FIG. 5 shows an example of the terminal affiliation information table.
  • the user ID indicates an identifier of a user who uses the terminal device specified by the terminal ID.
  • the organization ID indicates the identifier of the organization to which the user specified by the user ID belongs.
  • the confidentiality indicates the confidential level of information held by the terminal device specified by the terminal ID.
  • the installed OS indicates the OS installed in the terminal device specified by the terminal ID. In the present embodiment, in the terminal affiliation information table, information on the installed OS is essential, but information on the user ID, organization ID, and confidentiality can be omitted. It is assumed that the terminal information management unit (A-12) periodically receives the terminal affiliation information table from the terminal attribute information storage device (A-18).
  • the terminal information management unit (A-12) instead of the method of periodically receiving the terminal affiliation information table, when the access reception unit (A-03) receives the packet, the terminal that is the transmission source of the packet Only the device record may be received from the terminal attribute information storage device (A-18).
  • FIG. 6 shows an example of the terminal security state information table.
  • the terminal security status information table shows the latest patch update date and time for each terminal ID.
  • the latest patch update date and time indicates the date and time when the security program was last updated. It is assumed that the terminal information management unit (A-12) periodically receives the terminal security state information table from the terminal attribute information storage device (A-18). However, instead of the method of periodically receiving the terminal security status information table, the terminal information management unit (A-12), when the access receiving unit (A-03) receives the packet, Only the record of the terminal device may be received from the terminal attribute information storage device (A-18).
  • the update program information management unit (A-13) receives the update program information from the repair information storage device (A-19) periodically or when distributing a new update program, and receives the received update program information as an update program described later.
  • the information is stored in the information storage unit (A-07).
  • the update program information storage unit (A-07) stores the update program information acquired by the update program information management unit (A-13). In the drawing, the update program information storage unit (A-07) is described as “update program information” for the reason of the drawing space.
  • FIG. 7 shows an example of the update program information table.
  • the update program information table shows the update program ID, risk, and distribution date and time for each OS.
  • the update program ID indicates the identifier of the security program distributed for the target OS.
  • the risk indicates the degree of risk that is handled by the security program identified by the update program ID.
  • the distribution date / time indicates the distribution date / time of the security program specified by the update program ID.
  • the terminal device state evaluation unit (A-04) acquires the access terminal information table (FIG. 4) from the access terminal information storage unit (A-24), and acquires the terminal affiliation information table from the terminal attribute information storage unit (A-06). (FIG. 5) and the terminal security state information table (FIG. 6) are acquired, the update program information table (FIG. 7) is acquired from the update program information storage unit (A-07), these tables are analyzed, and the terminal Check the security status of the device (A-01). Then, the terminal state evaluation unit (A-04) calculates a risk evaluation value from the security state investigation result of the terminal device (A-01), and uses the calculated risk evaluation value as an access allocation determination unit (A-09). ). The risk evaluation value is also simply referred to as an evaluation value. Further, the terminal state evaluation unit (A-04) implements the selection unit (A-300) of FIG. 2 together with an access allocation determination unit (A-09) described later.
  • the load state information receiving unit (A-14) periodically receives load state information indicating the load state in the repair server device (A-16) from the repair server device (A-16). Further, the load status information receiving unit (A-14) periodically receives load status information indicating the load status in the quarantine server device (A-17) from the quarantine server device (A-17). Further, the load status information receiving unit (A-14) periodically receives the load status information of the repair server device (B-16) and the quarantine server device (B-17) from the load balancer (B-02). Receive. Then, the load state information receiving unit (A-14) stores the received load information in the load state information storage unit (A-15). The load state information receiving unit (A-14) implements the load state information receiving unit (A-200) of FIG.
  • the load state information storage unit (A-15) stores load state information.
  • the load state information storage unit (A-15) is described as “load state information” for reasons of drawing space.
  • the load state information storage unit (A-15) stores the load state information of the server device in the load state information table of FIG.
  • the load level (LV) of the quarantine server device (A-17) at the site A is “90”
  • the load level (LV) of the quarantine server device (B-17) at the site B is “20”. ".
  • the load state information transmission unit (A-23) periodically reads the load state information of the repair server device (A-16) stored in the load state information storage unit (A-15) and the quarantine server device (A-). 17) is transmitted to the load balancer (B-02).
  • the allocation rule information storage unit (A-08) stores allocation rule information.
  • the allocation rule information includes a server device in which an access allocation determination unit (A-09), which will be described later, performs data processing for security management, a server device in the base A (A00), and a server device in the base B (B00). A rule for selecting one of them is described.
  • the allocation rule information storage unit (A-08) is described as “allocation rule information” for reasons of drawing space.
  • the allocation rule information storage unit (A-08) stores allocation rule information in the allocation rule information table of FIG.
  • the rule ID indicates an identifier of the allocation rule.
  • the access source base ID indicates an identifier of a base to which the access source terminal device belongs.
  • the access source name indicates the name of the base specified by the access source base ID.
  • the access destination base ID indicates an identifier of a base that executes data processing for security management.
  • the risk evaluation value indicates the condition of the risk evaluation value calculated by the terminal state evaluation unit (A-04).
  • the load level (LV) indicates the condition of the load state.
  • the access allocation determination unit (A-09) is configured to determine the risk evaluation value calculated by the terminal state evaluation unit (A-04), the load state of the quarantine server device (A-17), the quarantine server device (B-17) Based on the load state, either the quarantine server device (A-17) or the quarantine server device (B-17) is selected as the server device that performs the quarantine process of the terminal device (A-01) according to the allocation rule information table (FIG. 9). Select whether or not.
  • the access allocation determination unit (A-09) also calculates the risk evaluation value calculated by the terminal state evaluation unit (A-04), the load state of the repair server device (A-16), the repair server device (B-16). ) In accordance with the allocation rule information table (FIG.
  • the server device that performs the repair processing of the terminal device (A-01) is the repair server device (A-16) or the repair server device (B-16). Select one of these.
  • the access allocation determination unit (A-09) implements the selection unit (A-300) of FIG. 2 together with the terminal state evaluation unit (A-04).
  • the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the server device selected by the access allocation determination unit (A-09). Specifically, when the repair server device (A-16) is selected by the access allocation determination unit (A-09), the server communication unit (A-10) receives the request from the terminal device (A-01). The packet is transferred to the repair server device (A-16). The server communication unit (A-10) quarantines the packet from the terminal device (A-01) when the quarantine server device (A-17) is selected by the access allocation determination unit (A-09). Transfer to server device (A-17).
  • the server communication unit (A-10) The packet from A-01) is transferred to the load balancer (B-02).
  • the load balancer (B-02) sends a packet from the terminal device (A-01) transferred from the server communication unit (A-10) to the repair server device (B-16) or the quarantine server device (B-17). Forward to.
  • the terminal attribute information of the terminal device (A-01) is stored in the terminal attribute information storage unit (A-06).
  • the update program information management unit (A-13) periodically acquires update program information from the repair information storage device (A-19), and from the terminal device (A-01).
  • update program information is stored in the update program information storage unit (A-07).
  • the load of the quarantine server device (A-17) is stored in the load status information storage unit (A-15). Assume that state information and load state information of the quarantine server apparatus (B-17) are stored.
  • the terminal device (A-01) transmits a packet for accessing the file server device in the base A (A00).
  • the packet from the terminal device (A-01) is received by the access receiver (A-03) of the load balancer (A-02) (S01).
  • the access receiving unit (A-03) passes the received packet to the terminal information collecting unit (A-21).
  • the terminal information collection unit (A-21) acquires the terminal ID, IP address, MAC address, terminal type, access destination IP address, and access time from the packet as terminal information (S02).
  • the terminal information is stored in the access terminal information table of FIG. 4 in the access terminal information storage unit (A-24).
  • the terminal state evaluation unit (A-04) acquires the terminal ID of the terminal device (A-01) from the access terminal information table. Further, the terminal state evaluation unit (A-04) obtains terminal attribute information corresponding to the terminal ID value of the terminal device (A-01) obtained from the access terminal information table from the terminal attribute information storage unit (A-06). Obtain (S03). More specifically, the terminal state evaluation unit (A-04) acquires the value of the installed OS corresponding to the value of the terminal ID of the terminal device (A-01) from the terminal belonging information table (FIG. 5). Further, the terminal state evaluation unit (A-04) obtains the latest patch update date and time corresponding to the terminal ID value of the terminal device (A-01) from the terminal security state information table (FIG. 6).
  • the terminal state evaluation unit (A-04) sets “OS-8” as the installed OS from the terminal affiliation information table (FIG. 5). Further, “2014/03/01 17:21:52” is acquired as the latest patch update date and time from the terminal security state information table (FIG. 6).
  • the terminal ID, installed OS, and latest patch update date and time of the terminal device (A-01) are summarized as shown in FIG.
  • the terminal state evaluation unit (A-04) acquires update program information corresponding to the OS installed in the terminal device (A-01) and the latest patch update date and time from the update program information storage unit (A-07) (S04). ).
  • OS-8 is acquired as the installed OS
  • 2014/03/01 17:21:52 is acquired as the latest patch update date and time.
  • the terminal state evaluation unit (A-04) reads the records whose target OS is “OS-8” and whose distribution date and time is after “2014/03/01 17:21:52” from the update program information table ( Obtained from FIG.
  • the terminal state evaluation unit (A-04) acquires records of the update programs “UPD001”, “UPD002”, and “UPD003”.
  • the update programs “UPD001”, “UPD002”, and “UPD003” are security programs that have not been updated in the terminal device (A-01).
  • the terminal state evaluation unit (A-04) calculates a risk state evaluation value of the security state of the terminal device (A-01) based on a predetermined evaluation rule (S05).
  • a predetermined evaluation rule is assumed in which two evaluation values are counted for each update program for risk “HIGH” and one evaluation value is recorded for each update program for risk “LOW”.
  • the risks of the update programs “UPD001” and “UPD002” are “HIGH” from FIG. 7, respectively, and the risk of the update program “UPD003” is “LOW” from FIG. Therefore, the terminal state evaluation unit (A-04) calculates 5 points as the risk evaluation value of the terminal device (A-01).
  • the terminal state evaluation unit (A-04) notifies the calculated evaluation value to the access allocation determination unit (A-09).
  • the access allocation determination unit (A-09) acquires the load status information of the quarantine server device (A-17) and the quarantine server device (B-17) from the load status information storage unit (A-15) ( S06). For example, it is assumed that the access allocation determination unit (A-09) acquires the load state information shown in FIG.
  • the access allocation determination unit (A-09) acquires the allocation rule information table from the allocation rule information storage unit (A-08), and based on the risk evaluation value and the load state information, the terminal device (A ⁇ The quarantine server device (A-17) or the quarantine server device (B-17) is selected as the server device for performing the quarantine process of (01) (S07). Since the access source terminal device (A-01) belongs to the base A (A00), the access allocation determination unit (A-09) has the rule ID “ARL001” from the allocation rule information table of FIG. A record and a record whose rule ID is “ARL002” are acquired.
  • the quarantine server device (A-17) if the risk evaluation value is 7 points or less and the load level of the quarantine server device (A-17) is 70 or less, the quarantine server device (A-17) ( This is a rule of selecting access destination name: base A).
  • the rule described in the record “ARL002” is that if the risk evaluation value is 5 points or less and the load level of the quarantine server device (A-17) is 50 or less, the quarantine server device (B-17) ( This is a rule of selecting access destination name: base B).
  • the risk evaluation value calculated by the terminal state evaluation unit (A-04) is “5 points”, and in the example of FIG. 8, the load level of the quarantine server device (A-17) is “90”.
  • the load level of the quarantine server device (B-17) is “20”. Since the risk evaluation value is “5 points”, it matches the conditions of the risk evaluation values of “ARL001” and “ARL002”. However, since the load level of the quarantine server apparatus (A-17) is “90”, the load level condition of “ARL001” is not met. On the other hand, since the load level of the quarantine server apparatus (B-17) is “20”, the load level condition of “ARL002” is met. For this reason, the access allocation determination unit (A-09) selects the quarantine server device (B-17) according to the rule of “ARL002” as the server device that performs the quarantine process of the terminal device (A-01).
  • the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17) selected by the access allocation determination unit (A-09) (S08). ). More specifically, the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the load balancer (B-02). Then, the load balancer (B-02) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17), and causes the quarantine server device (B-17) to perform the quarantine process.
  • the access allocation determination unit (A-09) selects, for example, a server device with a low load level.
  • the evaluation value calculated by the terminal state evaluation unit (A-04) is “5 points”
  • the load level of the load state information of the quarantine server device (A-17) is “30”
  • the quarantine server device If the load level in the load state of B-17) is “40”, the quarantine server apparatus (A-17) having a low load level is selected.
  • the access allocation determining unit (A-09) selects the server device at the base A (A00). select. For example, if the evaluation value calculated by the terminal state evaluation unit (A-04) is “8 points”, it does not match both the “ARL001” condition and the “ARL002” condition. A-17) is selected.
  • Embodiment 2 an example in which an attribute of a terminal device is used as a parameter for determining a server device that performs data processing for security management will be described.
  • the terminal device attribute is, for example, an attribute of a user of the terminal device or presence / absence of confidential information in the terminal device.
  • the user attribute is, for example, the job title of the user or the organization to which the user belongs.
  • a system configuration example according to the present embodiment is as shown in FIG.
  • a general configuration example of the load distribution apparatus (A-02) according to the present embodiment is as shown in FIG.
  • the terminal investigation unit (A-100) investigates the attributes of the terminal device in addition to the security state of the terminal device.
  • the selection unit (A-300) according to the present embodiment performs security management based on the security status of the terminal device, the attribute of the terminal device, and the load status of each server device indicated in the load status information.
  • a server device that performs data processing on the terminal device is selected from a plurality of server devices.
  • the selection unit (A-300) calculates an evaluation value based on the security state of the terminal device and the attribute of the terminal device.
  • the selection unit (A-300) derives the priority of the terminal device from the attribute of the terminal device, and calculates the evaluation value based on the security state and the priority of the terminal device. Then, the selection unit (A-300) selects, from the plurality of server devices, a server device that performs data processing for security management on the terminal device based on the calculated evaluation value and the load state of each server device. .
  • the load distribution apparatus (A-02) according to the present embodiment has, for example, the configuration shown in FIG.
  • a quarantine level information storage unit (A-05) and a quarantine level information management unit (A-11) are added as compared to the configuration of FIG.
  • the quarantine level information management unit (A-11) receives the quarantine level information from the quarantine information storage device (A-20).
  • the quarantine level information storage unit (A-05) stores the quarantine level information received by the quarantine level information management unit (A-11).
  • the quarantine level information is, for example, a quarantine level information table shown in FIG. In the quarantine level information table, conditions 1 and 2 are defined for each quarantine level ID, and a quarantine level is defined by a combination of conditions 1 and 2.
  • Condition 1 is a condition regarding the confidentiality of information held by the terminal device
  • condition 2 is a condition regarding the job title of the user of the terminal device.
  • the quarantine level is the priority of the terminal device when performing the quarantine process.
  • a low quarantine level is defined when the confidentiality of information held by the terminal device is low and the job title of the user of the terminal device is low.
  • a high quarantine level is defined when the confidentiality of information held by the terminal device is high and the job title of the user of the terminal device is high.
  • the quarantine level information management unit (A-11) periodically receives the quarantine level information table from the quarantine information storage device (A-20). In the drawing, the quarantine level information storage unit (A-05) is described as “quarantine level information” for reasons of drawing space.
  • the terminal information management unit (A-12) stores the terminal attribute information in the terminal affiliation information table (FIG. 5) and the terminal security status information table (FIG. 6) shown in the first embodiment.
  • the user information table (FIG. 14), the post information table (FIG. 15), and the organization information table (FIG. 16) are received from the terminal attribute information storage device (A-18).
  • the user ID, organization ID, and confidentiality can be omitted in the terminal affiliation information table (FIG. 4).
  • the user ID and confidentiality are essential.
  • the organization ID can be omitted.
  • a user name, an organization ID, and a post ID are defined for the user ID.
  • the post name and post level (LV) are defined for the post ID.
  • the organization information table (FIG. 16) an organization name is defined for the organization ID. Note that the terminal information management unit (A-12) periodically receives these tables. The terminal information management unit (A-12) stores these tables received from the terminal attribute information storage device (A-18) in the terminal attribute information storage unit (A-06).
  • the terminal state evaluation unit (A-04) analyzes the terminal attribute information to investigate the security state of the terminal device, as well as the terminal device attribute, as in the first embodiment. investigate.
  • the terminal state evaluation unit (A-04) calculates a risk evaluation value based on the security state of the terminal device and the attribute of the terminal device, and the risk evaluation value and the server of the load balancer (A-02)
  • the server device is selected based on the load state of the device and the load state of the server device of the load balancer (B-02).
  • the server in which the terminal device (A-01) tries to access the file server device (not shown in FIG. 12) in the base A (A00) and the load distribution device (A-02) performs the quarantine process The description will proceed using an example in which one of the quarantine server device (A-17) and the quarantine server device (B-17) is selected as the device.
  • the terminal information management unit (A-12) periodically acquires terminal attribute information from the terminal attribute information storage device (A-18), and the file server device from the terminal device (A-01). When the terminal is accessed, the terminal attribute information of the terminal device (A-01) is stored in the terminal attribute information storage unit (A-06).
  • the update program information management unit (A-13) periodically acquires update program information from the repair information storage device (A-19), and from the terminal device (A-01).
  • update program information is stored in the update program information storage unit (A-07).
  • the quarantine level information management unit (A-11) periodically acquires quarantine level information from the quarantine information storage device (A-20), and from the terminal device (A-01). It is assumed that the quarantine level information is stored in the quarantine level information storage unit (A-05) when the file server apparatus is accessed.
  • the load of the quarantine server device (A-17) is stored in the load status information storage unit (A-15). Assume that state information and load state information of the quarantine server apparatus (B-17) are stored.
  • the terminal device (A-01) transmits a packet for accessing the file server device in the base A (A00).
  • the packet from the terminal device (A-01) is received by the access receiver (A-03) of the load balancer (A-02) (S01).
  • the access receiving unit (A-03) passes the received packet to the terminal information collecting unit (A-21).
  • the terminal information collection unit (A-21) acquires the terminal ID, IP address, MAC address, terminal type, access destination IP address, and access time from the packet as terminal information (S02).
  • the terminal information is stored in the access terminal information table of FIG. 4 in the access terminal information storage unit (A-24).
  • the terminal state evaluation unit (A-04) acquires the terminal ID of the terminal device (A-01) from the access terminal information table of the terminal information collection unit (A-21). Further, the terminal state evaluation unit (A-04) obtains terminal attribute information corresponding to the terminal ID value of the terminal device (A-01) obtained from the access terminal information table from the terminal attribute information storage unit (A-06). Obtain (S11). More specifically, the terminal state evaluation unit (A-04) displays the user ID, confidentiality, and installed OS value corresponding to the terminal ID value of the terminal device (A-01) in the terminal affiliation information table (see FIG. Obtain from 5).
  • the terminal state evaluation unit (A-04) obtains the latest patch update date and time corresponding to the terminal ID value of the terminal device (A-01) from the terminal security state information table (FIG. 6). Further, the terminal state evaluation unit (A-04) obtains the user name value, organization ID value, and post ID value corresponding to the user ID value acquired from the terminal affiliation information table (FIG. 5). Obtained from the information table (FIG. 14). Further, the terminal state evaluation unit (A-04) displays the position name value and position level (LV) value corresponding to the position ID value acquired from the user information table (FIG. 14) in the position information table (FIG. 15).
  • the terminal state evaluation unit (A-04) acquires the value of the organization name corresponding to the value of the organization ID acquired from the user information table (FIG. 14) from the organization information table (FIG. 16). For example, if the terminal ID of the terminal device (A-01) is “TRM01”, the terminal ID, user ID, user name, organization ID, organization name, title ID, title of the terminal device (A-01) FIG. 18 summarizes the name, position level, confidentiality, installed OS, and latest patch update date and time.
  • the terminal state evaluation unit (A-04) acquires quarantine level information from the quarantine level information storage unit (A-05) (S12). More specifically, the terminal state evaluation unit (A-04) acquires a record of quarantine level information that matches the confidentiality and job title level acquired in S11. In the example of FIG. 18, since the confidentiality is “LOW” and the job title level is “LOW”, the terminal state evaluation unit (A-04) acquires the record of the quarantine level ID: QPL001.
  • the terminal state evaluation unit (A-04) acquires update program information corresponding to the OS installed in the terminal device (A-01) and the latest patch update date and time from the update program information storage unit (A-07) (S04). ).
  • OS-8 is acquired as the installed OS
  • 2014/03/01 17:21:52 is acquired as the latest patch update date and time.
  • the terminal state evaluation unit (A-04) reads the records whose target OS is “OS-8” and whose distribution date and time is after “2014/03/01 17:21:52” from the update program information table ( Obtained from FIG.
  • the terminal state evaluation unit (A-04) acquires records of the update programs “UPD001”, “UPD002”, and “UPD003”.
  • the update programs “UPD001”, “UPD002”, and “UPD003” are security programs that have not been updated in the terminal device (A-01).
  • the terminal state evaluation unit (A-04) calculates a security state risk evaluation value of the terminal device (A-01) based on a predetermined evaluation rule (S13).
  • 2 evaluation values are counted for each update program for risk “HIGH”, 1 evaluation value is recorded for each update program for risk “LOW”, and 1 evaluation value is assigned for quarantine level “HIGH”.
  • an evaluation rule of counting and counting 0 points for the quarantine level “LOW”.
  • the risks of the update programs “UPD001” and “UPD002” are “HIGH” from FIG. 7, respectively, and the risk of the update program “UPD003” is “LOW” from FIG.
  • the quarantine level is “LOW” from FIG. Therefore, the terminal state evaluation unit (A-04) calculates 5 points as the risk evaluation value of the terminal device (A-01).
  • the terminal state evaluation unit (A-04) notifies the calculated evaluation value to the access allocation determination unit (A-09).
  • the access allocation determination unit (A-09) acquires the load status information of the quarantine server device (A-17) and the quarantine server device (B-17) from the load status information storage unit (A-15) ( S06). For example, it is assumed that the access allocation determination unit (A-09) acquires the load state information shown in FIG.
  • the access allocation determination unit (A-09) acquires the allocation rule information table from the allocation rule information storage unit (A-08), and based on the risk evaluation value and the load state information, the terminal device (A ⁇ The quarantine server device (A-17) or the quarantine server device (B-17) is selected as the server device for performing the quarantine process of (01) (S07). Since the access source terminal device (A-01) belongs to the base A (A00), the access allocation determination unit (A-09) has the rule ID “ARL001” from the allocation rule information table of FIG. A record and a record whose rule ID is “ARL002” are acquired.
  • the quarantine server device (A-17) if the risk evaluation value is 7 points or less and the load level of the quarantine server device (A-17) is 70 or less, the quarantine server device (A-17) ( This is a rule of selecting access destination name: base A).
  • the rule described in the record “ARL002” is that if the risk evaluation value is 5 points or less and the load level of the quarantine server device (A-17) is 50 or less, the quarantine server device (B-17) ( This is a rule of selecting access destination name: base B).
  • the risk evaluation value calculated by the terminal state evaluation unit (A-04) is “5 points”, and in the example of FIG. 8, the load level of the quarantine server device (A-17) is “90”.
  • the load level of the quarantine server device (B-17) is “20”. Since the risk evaluation value is “5 points”, it matches the conditions of the risk evaluation values of “ARL001” and “ARL002”. However, since the load level of the quarantine server apparatus (A-17) is “90”, the load level condition of “ARL001” is not met. On the other hand, since the load level of the quarantine server apparatus (B-17) is “20”, the load level condition of “ARL002” is met. For this reason, the access allocation determination unit (A-09) selects the quarantine server device (B-17) according to the rule of “ARL002” as the server device that performs the quarantine process of the terminal device (A-01).
  • the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17) selected by the access allocation determination unit (A-09) (S08). ). More specifically, the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the load balancer (B-02). Then, the load balancer (B-02) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17), and causes the quarantine server device (B-17) to perform the quarantine process.
  • the server device in addition to the security state of the terminal device and the load state of the server device, the server device is selected using the attribute of the terminal device as a parameter. For this reason, in addition to the effects of the first embodiment, it is possible to avoid a situation in which a terminal device that holds information with a high secret level or a terminal device that is used by a user in an important position is allocated to a server device at another base. can do.
  • Embodiment 3 FIG. In the present embodiment, an example will be described in which the allocation rule information table used by the access allocation determination unit (A-09) is different from those in the first and second embodiments.
  • a system configuration example according to the present embodiment is as shown in FIG.
  • a general configuration example of the load distribution apparatus (A-02) according to the present embodiment is as shown in FIG.
  • a detailed configuration example of the load distribution apparatus (A-02) according to the present embodiment is as shown in FIG.
  • FIG. 19 shows an example of an allocation rule information table according to the present embodiment.
  • the selection unit (A-300) access allocation determination unit (A-09)
  • A-300 access allocation determination unit (A-09)
  • a server device is selected by adding a priority that reflects the confidential level of information held in the terminal device and the job title level of the user of the terminal device to the parameters. For this reason, it is possible to avoid a situation in which a terminal device that holds information with a high confidentiality level or a terminal device that is used by a user in an important position is allocated to a server device at another base more directly than in the second embodiment. can do.
  • the load balancer (A-02) is a computer, and each element of the load balancer (A-02) can be realized by a program.
  • the hardware configuration of the load balancer (A-02) includes a bus, an arithmetic unit (901), an external storage unit (902), a main storage unit (903), a communication unit (904), and an input / output unit (905). Is connected.
  • the arithmetic device (901) is a CPU (Central Processing Unit) that executes a program.
  • the external storage device (902) is, for example, a ROM (Read Only Memory), a flash memory, or a hard disk device.
  • the main storage device (903) is a RAM (Random Access Memory).
  • the communication device (904) is, for example, a NIC (Network Interface Card), and includes an access receiving unit (A-03), a server communication unit (A-10), a load state information receiving unit (A-14), and load state information. This corresponds to the physical layer of the transmission unit (A-23).
  • the program is normally stored in the external storage device (902), and is loaded into the main storage device (903) and sequentially read into the arithmetic device (901) and executed.
  • the program is a program that realizes the functions described as “ ⁇ unit” (except for “ ⁇ storage unit”, the same applies hereinafter) shown in FIG. 2, FIG. 3 and FIG.
  • an operating system (OS) is also stored in the external storage device (902), at least a part of the OS is loaded into the main storage device (903), and the arithmetic unit (901) executes the OS while 2, a program for realizing the functions of “ ⁇ unit” shown in FIGS. 3 and 12 is executed.
  • FIG. 20 is merely an example of the hardware configuration of the load balancer (A-02), and the hardware configuration of the load balancer (A-02) is limited to the configuration shown in FIG. Alternatively, other configurations may be used.
  • the load distribution method according to the present invention can be realized by the procedure shown in the first to third embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A terminal investigation unit (A-100) investigates a security state of a terminal device. A load state information reception unit (A-200) receives load state information indicating respective load states of a plurality of server devices. A selection unit (A-300) selects, from among the plurality of server devices, a server device which performs data processing for security management on the terminal device on the basis of the security state investigated by the terminal investigation unit (A-100) of the terminal device and the respective load states indicated by the load state information of the server devices.

Description

負荷分散装置及び負荷分散方法及びプログラムLoad distribution apparatus, load distribution method, and program
 本発明は、端末装置のセキュリティ管理を行うサーバ装置の負荷分散技術に関する。 The present invention relates to a load balancing technique of a server device that performs security management of a terminal device.
 組織内の情報システムのセキュリティを維持するために、ネットワーク検疫技術が広く利用されている。
 ネットワーク検疫技術では、セキュリティ管理のためのデータ処理が端末装置に行われる。
 より具体的には、端末装置が組織内のネットワークに接続する際に、当該端末装置が安全であるか否かを検証するセキュリティチェックが行われる。
 セキュリティチェックは検疫処理ともいう。
 そして、セキュリティチェックに合格した端末装置のみ重要な情報システム(ファイルサーバや、業務アプリケーションサーバ等)へのアクセスが許可される。
 ここで、セキュリティチェックに合格しなかった端末装置は、典型的には、ネットワークアクセス制御技術により、アクセス可能な情報システムが制限される。
 セキュリティチェックに合格しなかった端末装置のアクセスを制限する処理は、隔離処理ともいう。
 セキュリティプログラムのソフトウェアバージョンを更新するなど、端末装置の安全性を回復させる処理が端末装置に実行された後に、端末装置に対して再度検疫処理が実行されて、端末装置が安全性の検証に合格した場合は、当該端末装置の重要な情報システムへのアクセスが許可される。
 セキュリティプログラムの更新などによって端末装置のセキュリティ状態を回復させる処理は、修復処理ともいう。
 なお、従来のネットワーク検疫技術として、例えば、特許文献1に記載の技術がある。 Network quarantine techniques are widely used to maintain the security of information systems in the organization.
In the network quarantine technology, data processing for security management is performed on a terminal device.
More specifically, when the terminal device connects to the network in the organization, a security check is performed to verify whether or not the terminal device is safe.
The security check is also called a quarantine process.
Only terminal devices that pass the security check are permitted to access important information systems (file server, business application server, etc.).
Here, a terminal device that does not pass the security check is typically limited in an accessible information system by a network access control technique.
Processing for restricting access of a terminal device that does not pass the security check is also referred to as isolation processing.
After a process that restores the safety of the terminal device, such as updating the software version of the security program, is executed on the terminal device, the quarantine process is executed again on the terminal device, and the terminal device passes the safety verification. In such a case, access to the important information system of the terminal device is permitted.
The process of restoring the security state of the terminal device by updating the security program is also referred to as a repair process.
As a conventional network quarantine technique, for example, there is a technique described in Patent Document 1.
 ネットワーク検疫技術を利用した環境では、例えば、重大なセキュリティ欠陥を解消するための更新プログラムの配布が開始された翌日に、セキュリティ管理を行うサーバ装置に負荷が集中することがある。
 このような負荷の集中があると、サーバ装置の処理性能が低下してしまい、端末装置を本来の業務に利用できるようになるまで長い時間がかかるという課題がある。
 このため、例えば、サーバ装置の負荷を分散させることが必要になる。
 サーバ装置の負荷分散技術として、特許文献2~4に記載の技術がある。 In an environment using a network quarantine technique, for example, a load may be concentrated on a server device that performs security management on the next day after distribution of an update program for eliminating a serious security defect is started.
When such a load is concentrated, the processing performance of the server device is lowered, and there is a problem that it takes a long time until the terminal device can be used for the original business.
For this reason, for example, it is necessary to distribute the load of the server device.
As load distribution technologies for server devices, there are technologies described in Patent Documents 2 to 4.
特開2007-235730号公報JP 2007-235730 A 特開2003-24866号公報Japanese Patent Laid-Open No. 2003-24866 特開2012-174051号公報JP 2012-174051 A 特開2007-241712号公報JP 2007-241712 A
 検疫処理、隔離処理、修復処理を、複数のサーバ装置に振り分けて負荷分散を図る場合には、以下のような課題がある。
 例えば、ある拠点の端末装置の検疫処理、隔離処理及び修復処理を、他の拠点のサーバ装置に行わせて負荷分散を図るシステムにおいて、ある拠点の端末装置がセキュリティ上危険な状態にある場合に、当該端末装置が他の拠点のサーバ装置及びネットワークにアクセスすることになれば、他の拠点にセキュリティ上の問題が引き起こされる可能性がある。 When load distribution is performed by distributing quarantine processing, isolation processing, and repair processing to a plurality of server devices, there are the following problems.
For example, in a system that distributes loads by performing quarantine processing, quarantine processing, and repair processing of a terminal device at a certain base on a server device at another base, and the terminal device at a certain base is in a state of security risk If the terminal device accesses a server device and a network at another base, there is a possibility that a security problem may be caused at the other base.
 本発明は、このようなセキュリティ上のリスクを回避して、セキュリティ管理を行うサーバ装置の負荷分散を図ることを主な目的とする。 The main purpose of the present invention is to avoid such security risks and to distribute the load on the server device that performs security management.
 本発明に係る負荷分散装置は、
 端末装置のセキュリティ状態を調査する端末調査部と、
 複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信する負荷状態情報受信部と、
 前記端末調査部により調査された前記端末装置のセキュリティ状態と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択する選択部とを有する。 The load balancer according to the present invention is
A terminal investigation unit that investigates the security status of the terminal device;
A load state information receiving unit for receiving load state information indicating each load state of the plurality of server devices;
A server device that performs data processing for security management on the terminal device based on the security state of the terminal device investigated by the terminal investigation unit and the load state of each server device indicated in the load state information And a selection unit for selecting from a plurality of server devices.
 本発明では、端末装置のセキュリティ状態と各サーバ装置の負荷状態に基づき、端末装置のセキュリティ管理を行うサーバ装置が選択される。
 このため、本発明によれば、セキュリティ上のリスクを回避し、セキュリティ管理を行うサーバ装置の負荷分散を図ることができる。 In the present invention, a server device that performs security management of the terminal device is selected based on the security state of the terminal device and the load state of each server device.
Therefore, according to the present invention, it is possible to avoid a security risk and to distribute the load of the server device that performs security management.
実施の形態1に係るシステム構成例を示す図。FIG. 3 is a diagram illustrating an example of a system configuration according to the first embodiment. 実施の形態1に係る負荷分散装置の概括的な構成例を示す図。FIG. 3 is a diagram illustrating a general configuration example of a load distribution apparatus according to the first embodiment. 実施の形態1に係る負荷分散装置の詳細な構成例を示す図。FIG. 3 is a diagram illustrating a detailed configuration example of the load distribution apparatus according to the first embodiment. 実施の形態1に係るアクセス端末情報テーブルの例を示す図。FIG. 3 shows an example of an access terminal information table according to the first embodiment. 実施の形態1に係る端末所属情報テーブルの例を示す図。FIG. 4 is a diagram showing an example of a terminal affiliation information table according to Embodiment 1. 実施の形態1に係る端末セキュリティ状態情報テーブルの例を示す図。The figure which shows the example of the terminal security state information table which concerns on Embodiment 1. FIG. 実施の形態1に係る更新プログラム情報テーブルの例を示す図。FIG. 4 is a diagram showing an example of an update program information table according to the first embodiment. 実施の形態1に係る負荷状態情報テーブルの例を示す図。FIG. 4 is a diagram showing an example of a load state information table according to the first embodiment. 実施の形態1に係る割り振りルール情報テーブルの例を示す図。The figure which shows the example of the allocation rule information table which concerns on Embodiment 1. FIG. 実施の形態1に係る負荷分散装置の動作例を示すフローチャート図。FIG. 3 is a flowchart showing an operation example of the load distribution apparatus according to the first embodiment. 実施の形態1に係る端末装置の端末ID、搭載OS及び最新パッチ更新日時の例を示す図。The figure which shows the example of terminal ID of the terminal device which concerns on Embodiment 1, mounted OS, and the latest patch update date. 実施の形態2に係る負荷分散装置の詳細な構成例を示す図。FIG. 4 is a diagram illustrating a detailed configuration example of a load distribution apparatus according to a second embodiment. 実施の形態2に係る検疫レベル情報テーブルの例を示す図。The figure which shows the example of the quarantine level information table which concerns on Embodiment 2. FIG. 実施の形態2に係る利用者情報テーブルの例を示す図。The figure which shows the example of the user information table which concerns on Embodiment 2. FIG. 実施の形態2に係る役職情報テーブルの例を示す図。The figure which shows the example of the post information table which concerns on Embodiment 2. FIG. 実施の形態2に係る組織情報テーブルの例を示す図。The figure which shows the example of the organization information table which concerns on Embodiment 2. FIG. 実施の形態2に係る負荷分散装置の動作例を示すフローチャート図。FIG. 9 is a flowchart showing an operation example of the load distribution apparatus according to the second embodiment. 実施の形態2に係る端末装置の端末ID、利用者ID、利用者名、組織ID、組織名、役職ID、役職名、役職レベル、機密度、搭載OS及び最新パッチ更新日時の例を示す図。The figure which shows the example of terminal ID of the terminal device which concerns on Embodiment 2, user ID, user name, organization ID, organization name, title ID, title, title level, confidentiality, loading OS, and the latest patch update date and time . 実施の形態3に係る割り振りルール情報テーブルの例を示す図。FIG. 10 shows an example of an allocation rule information table according to the third embodiment. 実施の形態1~3に係る負荷分散装置のハードウェア構成例を示す図。FIG. 4 is a diagram illustrating a hardware configuration example of a load distribution apparatus according to the first to third embodiments.
 前述したように、ネットワーク検疫技術が導入された組織において、新しいソフトウェア更新パッチの配布又は組織内の検疫ポリシーの変更があった翌日の出社時間帯等において、セキュリティ管理のためのデータ処理を行うサーバ装置に負荷が集中して、サーバ装置の処理性能が低下する場合がある。
 サーバ装置の負荷を分散する方法として、(1)同じサーバにおいて処理時間帯を分散させる方法、(2)同じ拠点内の複数サーバに対して処理を振り分ける方法、(3)異なる拠点間の複数サーバに対して処理を振り分ける方法がある。
 なお、拠点とは、情報システムの管理単位であり、具体的には、企業等の組織が拠点の例である。
 上記の(1)~(3)のサーバ負荷分散方法を、ネットワーク検疫に適用する場合には、それぞれ以下のような課題が考えられる。 As described above, in an organization where network quarantine technology has been introduced, a server that performs data processing for security management during the next sunrise company time when a new software update patch is distributed or the quarantine policy in the organization is changed There is a case where the load is concentrated on the apparatus and the processing performance of the server apparatus is lowered.
As a method of distributing the load on the server device, (1) a method of distributing processing time zones on the same server, (2) a method of distributing processing to a plurality of servers in the same base, and (3) a plurality of servers between different bases There is a method to distribute the processing.
The base is a management unit of the information system. Specifically, an organization such as a company is an example of the base.
When the above server load distribution methods (1) to (3) are applied to network quarantine, the following problems can be considered.
 (1)の方法は、余剰のサーバ装置を準備する必要がないというメリットがある。
 しかし、(1)の方法では、サーバ装置による検疫処理を後回しにされた端末装置は、安全でない状態が継続するか、長期間利用が禁止されることとなる。
 このため、(1)の方法は、セキュリティの点又は利便性の点で課題がある。 The method (1) has an advantage that it is not necessary to prepare an extra server device.
However, in the method (1), the terminal device that has been postponed by the quarantine process by the server device continues to be in an insecure state or is prohibited from being used for a long time.
For this reason, the method (1) has a problem in terms of security or convenience.
 (2)の方法では、検疫処理が後回しにされる端末装置は少なくなる。
 しかし、(2)の方法では、新たなセキュリティプログラムなどが公開されていない平常時にも、処理の分散のための余剰のサーバ装置を維持する必要がある。
 このため、(2)の方法では、非効率であるという課題がある。
 通常、重大なセキュリティ更新が公開されるのは1カ月~数カ月間隔であり、その間の余剰のサーバ装置の処理能力は無用である。 In the method (2), the number of terminal devices for which the quarantine process is postponed is reduced.
However, in the method (2), it is necessary to maintain an extra server device for distribution of processing even in a normal time when a new security program or the like is not disclosed.
For this reason, the method (2) has a problem of inefficiency.
Normally, a significant security update is released every month to several months, and the surplus server device processing capacity during that period is useless.
 (3)の方法は、(2)の方法の発展形であり、処理能力に余裕がある拠点Yのサーバ装置を利用可能とすることで拠点Xに余剰のサーバ装置を持たなくてもよいというメリットがある。
 しかし、拠点Xのネットワーク検疫処理に拠点Yのサーバ装置を利用することは、セキュリティ上のリスクがある。
 セキュリティ上のリスクとは、端末装置、サーバ装置、ネットワークが脅威に晒される可能性であり、セキュリティ上のリスクには、例えば以下のようなものがある。
 ・拠点Xの端末装置がコンピュータウィルスに感染しており、当該端末装置が拠点Yのサーバ装置にアクセスした際に、当該端末装置のコンピュータウィルスが拠点Yのサーバ装置やネットワークに攻撃を行う。
 ・拠点Xの重要機密を保持する端末装置が、コンピュータウィルスに感染した拠点Yのサーバ装置にアクセスすることにより、拠点Xの重要機密が拠点Yのサーバ装置を介して漏えいする。
 ・拠点Xと拠点Yで、検疫方法や検疫の強度などの検疫ポリシーが異なっており、一方の拠点では安全と認められないものが、他方の拠点で安全と判断されてしまう。 The method (3) is an extension of the method (2), and it is possible to use a server device at the base Y with a sufficient processing capability so that the base X does not have to have a surplus server device. There are benefits.
However, using the server device at the base Y for the network quarantine process at the base X has a security risk.
The security risk is a possibility that the terminal device, the server device, and the network are exposed to threats. Examples of the security risk include the following.
When the terminal device at site X is infected with a computer virus and the terminal device accesses the server device at site Y, the computer virus at the terminal device attacks the server device or network at site Y.
When the terminal device holding the important secret of the base X accesses the server device of the base Y infected with the computer virus, the important secret of the base X leaks through the server device of the base Y.
The quarantine policy such as the quarantine method and the strength of quarantine is different between the base X and the base Y, and what is not recognized as safe at one base is judged as safe at the other base.
 以下の実施の形態1~3では、複数の拠点に配置されている複数のサーバ装置を利用してサーバ装置の負荷分散を図る構成において、セキュリティ上のリスクを回避する方法を説明する。 In the following first to third embodiments, a method for avoiding a security risk in a configuration in which load distribution of server devices is performed using a plurality of server devices arranged at a plurality of bases will be described.
 実施の形態1.
***構成の説明***
 図1は、本実施の形態に係るシステム構成例を示す。
 本実施の形態では、拠点A(A00)と拠点B(B00)で構成されるシステムを例とする。
 なお、拠点数は、2つ以上であれば、いくつであってもよい。 Embodiment 1 FIG.
*** Explanation of configuration ***
FIG. 1 shows a system configuration example according to the present embodiment.
In this embodiment, a system composed of a base A (A00) and a base B (B00) is taken as an example.
The number of bases may be any number as long as it is two or more.
 拠点A(A00)において、端末装置(A-01)は、拠点A(A00)に属する利用者が利用する端末装置である。
 端末装置(A-01)は、拠点A(A00)内のネットワークを介してアクセス先のサーバ装置にアクセスするためのパケットを送信する。
 端末装置(A-01)が送信したパケットは、負荷分散装置(A-02)が受信する。 At the site A (A00), the terminal device (A-01) is a terminal device used by users belonging to the site A (A00).
The terminal device (A-01) transmits a packet for accessing the access destination server device via the network in the base A (A00).
The packet transmitted by the terminal device (A-01) is received by the load balancer (A-02).
 負荷分散装置(A-02)は、端末装置(A-01)からのパケットを、拠点A(A00)内の修復サーバ装置(A-16)又は拠点B(B00)内の修復サーバ装置(B-16))に転送する。
 また、負荷分散装置(A-02)は端末装置(A-01)からのパケットを、拠点A(A00)内の検疫サーバ装置(A-17)又は拠点B(B00)内の検疫サーバ装置(B-17)に転送する。
 負荷分散装置(A-02)は、このように、拠点A(A00)内のサーバ装置と拠点B(B00)内のサーバ装置との間で負荷分散を行う。 The load balancer (A-02) sends the packet from the terminal device (A-01) to the repair server device (A-16) in the base A (A00) or the repair server device (B in the base B (B00)). -16)).
In addition, the load balancer (A-02) transmits the packet from the terminal device (A-01) to the quarantine server device (A-17) in the site A (A00) or the quarantine server device (B00) in the site B (B00). Forward to B-17).
In this way, the load distribution apparatus (A-02) performs load distribution between the server apparatus in the base A (A00) and the server apparatus in the base B (B00).
 修復サーバ装置(A-16)及び検疫サーバ装置(A-17)は、セキュリティ管理のためのデータ処理を端末装置に行う。
 セキュリティ管理とは、端末装置、サーバ装置、ネットワークがセキュリティ上の脅威に晒されないための対策である。
 修復サーバ装置(A-16)は、セキュリティ管理のためのデータ処理として、端末装置(A-01)又は後述の端末装置(B-01)に修復処理を行う。
 より具体的には、修復サーバ装置(A-16)は、端末装置(A-01)又は端末装置(B-01)に、OS(Operating System)の更新プログラム又はアプリケーションの更新プログラムを配布する。 The repair server device (A-16) and the quarantine server device (A-17) perform data processing for security management on the terminal device.
Security management is a measure for preventing terminal devices, server devices, and networks from being exposed to security threats.
The repair server device (A-16) performs repair processing on the terminal device (A-01) or a later-described terminal device (B-01) as data processing for security management.
More specifically, the repair server device (A-16) distributes an OS (Operating System) update program or an application update program to the terminal device (A-01) or the terminal device (B-01).
 検疫サーバ装置(A-17)は、セキュリティ管理のためのデータ処理として、端末装置(A-01)又は後述の端末装置(B-01)に検疫処理を行う。
 検疫サーバ装置(A-17)は、検疫処理の結果、端末装置(A-01)又は端末装置(B-01)が検疫ポリシーに合致しない場合は、ネットワークスイッチ装置やファイアウォール装置などと連携し、検疫ポリシーに合致しない端末装置からのアクセスに制限をかけることができる。 The quarantine server apparatus (A-17) performs a quarantine process on the terminal apparatus (A-01) or a terminal apparatus (B-01) described later as data processing for security management.
When the terminal device (A-01) or the terminal device (B-01) does not match the quarantine policy as a result of the quarantine process, the quarantine server device (A-17) cooperates with the network switch device or firewall device, Access from terminal devices that do not match the quarantine policy can be restricted.
 端末属性情報記憶装置(A-18)は、端末装置(A-01)に関する情報である端末属性情報を記憶するデータストアである。
 端末属性情報は、例えば、端末装置(A-01)の識別子、端末装置(A-01)に搭載されているソフトウェアの情報、及び端末装置(A-01)の利用者の情報、及び端末装置(A-01)で保持されているデータの機密レベルの情報である。
 なお、図面では、作図スペースの理由により、端末属性情報記憶装置(A-18)を、「端末属性情報」と表記している。 The terminal attribute information storage device (A-18) is a data store that stores terminal attribute information that is information relating to the terminal device (A-01).
The terminal attribute information includes, for example, an identifier of the terminal device (A-01), software information installed in the terminal device (A-01), user information of the terminal device (A-01), and terminal device This is information on the confidential level of the data held in (A-01).
In the drawing, the terminal attribute information storage device (A-18) is described as “terminal attribute information” for reasons of drawing space.
 修復情報記憶装置(A-19)は、修復処理に用いられる修復情報を記憶するデータストアである。
 修復情報は、例えば、セキュリティプログラムの更新情報、及び端末装置(A-01)への修復処理の履歴情報である。
 なお、図面では、作図スペースの理由により、修復情報記憶装置(A-19)を、「修復情報」と表記している。 The repair information storage device (A-19) is a data store that stores repair information used for repair processing.
The repair information is, for example, security program update information and repair processing history information for the terminal device (A-01).
In the drawing, the repair information storage device (A-19) is referred to as “repair information” for reasons of drawing space.
 検疫情報記憶装置(A-20)は、検疫処理に用いられる検疫情報を記憶するデータストアである。
 検疫情報は、例えば、検疫ポリシーが示される情報、端末装置(A-01)への検疫処理の履歴情報、及び端末装置(A-01)のセキュリティ状態情報である。
 なお、図面では、作図スペースの理由により、検疫情報記憶装置(A-20)を、「検疫情報」と表記している。 The quarantine information storage device (A-20) is a data store that stores quarantine information used for quarantine processing.
The quarantine information is, for example, information indicating a quarantine policy, quarantine processing history information for the terminal device (A-01), and security status information of the terminal device (A-01).
In the drawing, the quarantine information storage device (A-20) is described as “quarantine information” for reasons of drawing space.
 拠点B(B00)の構成要素は、拠点A(A00)と同じである。
 つまり、端末装置(B-01)は端末装置(A-01)と同様であり、負荷分散装置(B-02)は負荷分散装置(A-02)と同様である。
 また、修復サーバ装置(B-16)は修復サーバ装置(A-16)と同様であり、検疫サーバ装置(B-17)は検疫サーバ装置(A-17)と同様である。
 また、端末属性情報記憶装置(B-18)は端末属性情報記憶装置(A-18)と同様であり、修復情報記憶装置(B-19)は修復情報記憶装置(A-19)と同様であり、検疫情報記憶装置(B-20)は検疫情報記憶装置(A-20)と同様である。
 このため、端末装置(B-01)、負荷分散装置(B-02)、修復サーバ装置(B-16)、検疫サーバ装置(B-17)、端末属性情報記憶装置(B-18)、修復情報記憶装置(B-19)及び検疫情報記憶装置(B-20)の詳細な説明は省略する。 The components of the base B (B00) are the same as the base A (A00).
That is, the terminal device (B-01) is the same as the terminal device (A-01), and the load balancer (B-02) is the same as the load balancer (A-02).
The repair server device (B-16) is the same as the repair server device (A-16), and the quarantine server device (B-17) is the same as the quarantine server device (A-17).
The terminal attribute information storage device (B-18) is the same as the terminal attribute information storage device (A-18), and the repair information storage device (B-19) is the same as the repair information storage device (A-19). Yes, the quarantine information storage device (B-20) is the same as the quarantine information storage device (A-20).
Therefore, the terminal device (B-01), the load balancer (B-02), the repair server device (B-16), the quarantine server device (B-17), the terminal attribute information storage device (B-18), the repair Detailed descriptions of the information storage device (B-19) and the quarantine information storage device (B-20) are omitted.
 図2は、本実施の形態に係る負荷分散装置(A-02)の概括的な構成例を示す。 FIG. 2 shows a general configuration example of the load distribution apparatus (A-02) according to the present embodiment.
 端末調査部(A-100)は、端末装置(A-01)のセキュリティ状態を調査する。
 セキュリティ状態とは、セキュリティホール等の脆弱性に対する対処状況である。
 より具体的には、端末調査部(A-100)は、端末装置(A-01)のセキュリティ状態として、端末装置(A-01)におけるセキュリティプログラムの更新状態を調査する。
 端末調査部(A-100)は、修復情報記憶装置(A-19)から更新プログラム情報を受信し、端末属性情報記憶装置(A-18)から端末属性情報を受信する。
 そして、端末調査部(A-100)は、受信した更新プログラム情報と端末属性情報を解析して、端末装置(A-01)におけるセキュリティプログラムの更新状態を調査する。
 端末属性情報には、端末装置(A-01)におけるセキュリティプログラムの更新日時が示される。
 更新プログラム情報には、OS(Operating System)ごとにセキュリティプログラムの更新履歴が示される。
 端末調査部(A-100)は、端末属性情報と更新プログラム情報とを照合して、端末装置(A-01)でのセキュリティプログラムの更新状態を調査する。 The terminal investigation unit (A-100) investigates the security state of the terminal device (A-01).
The security state is a state of dealing with vulnerabilities such as security holes.
More specifically, the terminal investigation unit (A-100) investigates the security program update state in the terminal device (A-01) as the security state of the terminal device (A-01).
The terminal investigation unit (A-100) receives the update program information from the repair information storage device (A-19) and the terminal attribute information from the terminal attribute information storage device (A-18).
Then, the terminal investigation unit (A-100) analyzes the received update program information and terminal attribute information, and investigates the update state of the security program in the terminal device (A-01).
The terminal attribute information indicates the update date and time of the security program in the terminal device (A-01).
The update program information indicates a security program update history for each OS (Operating System).
The terminal check unit (A-100) checks the update status of the security program in the terminal device (A-01) by comparing the terminal attribute information with the update program information.
 負荷状態情報受信部(A-200)は、複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信する。
 つまり、負荷状態情報受信部(A-200)は、修復サーバ装置(A-16)から修復サーバ装置(A-16)の負荷状態が示される負荷状態情報を受信し、また、検疫サーバ装置(A-17)から検疫サーバ装置(A-17)の負荷状態が示される負荷状態情報を受信する。
 また、負荷状態情報受信部(A-200)は、負荷分散装置(B-02)を介して、修復サーバ装置(B-16)から修復サーバ装置(B-16)の負荷状態が示される負荷状態情報を受信し、また、検疫サーバ装置(B-17)から検疫サーバ装置(B-17)の負荷状態が示される負荷状態情報を受信する。 The load status information receiving unit (A-200) receives load status information indicating the load status of each of the plurality of server devices.
That is, the load state information receiving unit (A-200) receives the load state information indicating the load state of the repair server device (A-16) from the repair server device (A-16), and also receives the quarantine server device ( The load status information indicating the load status of the quarantine server apparatus (A-17) is received from A-17).
Also, the load status information receiving unit (A-200) receives the load indicating the load status of the repair server device (B-16) from the repair server device (B-16) via the load balancer (B-02). The status information is received, and load status information indicating the load status of the quarantine server device (B-17) is received from the quarantine server device (B-17).
 選択部(A-300)は、端末調査部(A-100)により調査された端末装置(A-01)のセキュリティ状態と、負荷状態情報に示される各サーバ装置の負荷状態とに基づき、端末装置(A-01)のセキュリティ管理を行うサーバ装置を複数のサーバ装置の中から選択する。
 つまり、選択部(A-300)は、検疫サーバ装置(A-17)及び検疫サーバ装置(B-17)の中から、端末装置(A-01)の検疫処理を行うサーバ装置を選択する。
 また、選択部(A-300)は、修復サーバ装置(A-16)及び修復サーバ装置(B-16)の中から、端末装置(A-01)の修復処理を行うサーバ装置を選択する。 Based on the security status of the terminal device (A-01) surveyed by the terminal survey unit (A-100) and the load status of each server device indicated by the load status information, the selection unit (A-300) A server device that performs security management of the device (A-01) is selected from a plurality of server devices.
That is, the selection unit (A-300) selects the server device that performs the quarantine process of the terminal device (A-01) from the quarantine server device (A-17) and the quarantine server device (B-17).
Further, the selection unit (A-300) selects a server device that performs the repair process of the terminal device (A-01) from the repair server device (A-16) and the repair server device (B-16).
 図3は、図2に示した構成をより詳細に表した構成図である。
 つまり、図3の構成例は、図2の負荷分散装置(A-02)を実現するための一例である。 FIG. 3 is a configuration diagram showing the configuration shown in FIG. 2 in more detail.
That is, the configuration example of FIG. 3 is an example for realizing the load distribution apparatus (A-02) of FIG.
 アクセス受信部(A-03)は、端末装置(A-01)からのパケットを受信する。
 そして、アクセス受信部(A-03)は、受信したパケットを後述の端末情報収集部(A-21)に渡す。
 また、アクセス受信部(A-03)は、拠点B(B00)の負荷分散装置(B-02)から転送された、拠点B(B00)の端末装置(B-01)からのパケットも受信する。
 アクセス受信部(A-03)は、端末装置(B-01)からのパケットも端末情報収集部(A-21)に渡す。 The access receiving unit (A-03) receives a packet from the terminal device (A-01).
Then, the access receiving unit (A-03) passes the received packet to the terminal information collecting unit (A-21) described later.
The access receiving unit (A-03) also receives a packet from the terminal device (B-01) at the site B (B00) transferred from the load distribution device (B-02) at the site B (B00). .
The access receiving unit (A-03) also passes the packet from the terminal device (B-01) to the terminal information collecting unit (A-21).
 端末装置情報収集部(A-21)は、アクセス受信部(A-03)からパケットを取得し、取得したパケットから、端末情報を取得する。
 そして、アクセス受信部(A-03)は、取得した端末情報をアクセス端末情報記憶部(A-24)に格納する。 The terminal device information collection unit (A-21) acquires a packet from the access reception unit (A-03), and acquires terminal information from the acquired packet.
Then, the access receiving unit (A-03) stores the acquired terminal information in the access terminal information storage unit (A-24).
 アクセス端末情報記憶部(A-24)は、端末情報を、アクセス端末情報テーブルに記憶する。
 なお、図面では、作図スペースの理由により、アクセス端末情報記憶部(A-24)を、「アクセス端末情報」と表記している。 The access terminal information storage unit (A-24) stores the terminal information in the access terminal information table.
In the drawing, the access terminal information storage unit (A-24) is described as “access terminal information” for reasons of drawing space.
 アクセス端末情報テーブルは、例えば、図4に示すテーブルである。
 図4では、アクセス端末情報テーブルは、端末IDと、IPアドレスと、MACアドレスと、端末タイプと、アクセス先IPアドレスと、アクセス時刻で構成される。
 端末IDの欄には、パケットから抽出した、パケット送信元の端末装置のID(Identifier)が記述される。
 IPアドレスの欄には、パケットから抽出した、パケット送信元の端末装置のIP(Internet Protocol)アドレスが記述される。
 MACアドレスの欄には、パケットから抽出した、パケット送信元の端末装置のMAC(Media Access Control)アドレスが記述される。
 端末タイプの欄には、パケットから抽出した、パケット送信元の端末装置の装置カテゴリー(パーソナルコンピュータかタブレット端末か等)が記述される。
 アクセス先IPアドレスの欄には、パケットから抽出した、パケットの送信先のIPアドレスが記述される。
 アクセス時刻の欄には、パケットがアクセス受信部(A-03)に到着した時点の時刻が記述される。
 また、アクセス受信部(A-03)は、拠点B(B00)の端末装置(B-01)からのパケットについても、図4と同様のアクセス端末情報テーブルを生成し、生成したアクセス端末情報テーブルをアクセス端末情報記憶部(A-24)に格納する。 The access terminal information table is, for example, the table shown in FIG.
In FIG. 4, the access terminal information table includes a terminal ID, an IP address, a MAC address, a terminal type, an access destination IP address, and an access time.
In the terminal ID column, the ID (Identifier) of the terminal device of the packet transmission source extracted from the packet is described.
In the IP address column, the IP (Internet Protocol) address of the terminal device of the packet transmission source extracted from the packet is described.
The MAC address column describes the MAC (Media Access Control) address of the terminal device that is the packet transmission source extracted from the packet.
In the terminal type column, the device category (such as personal computer or tablet terminal) of the terminal device of the packet transmission source extracted from the packet is described.
In the column of access destination IP address, the IP address of the transmission destination of the packet extracted from the packet is described.
The access time column describes the time when the packet arrives at the access receiving unit (A-03).
The access receiving unit (A-03) also generates an access terminal information table similar to that in FIG. 4 for the packet from the terminal device (B-01) at the base B (B00), and the generated access terminal information table Is stored in the access terminal information storage unit (A-24).
 端末情報管理部(A-12)は、端末属性情報記憶装置(A-18)から端末属性情報を受信し、受信した端末属性情報を端末属性情報記憶部(A-06)に格納する。
 具体的には、本実施の形態では、端末情報管理部(A-12)は、端末所属情報テーブルと端末セキュリティ状態情報テーブルを、端末属性情報として受信する。
 端末情報管理部(A-12)は、後述の更新プログラム情報管理部(A-13)とともに、図2の端末調査部(A-100)を実現する。 The terminal information management unit (A-12) receives the terminal attribute information from the terminal attribute information storage device (A-18), and stores the received terminal attribute information in the terminal attribute information storage unit (A-06).
Specifically, in the present embodiment, the terminal information management unit (A-12) receives the terminal affiliation information table and the terminal security state information table as terminal attribute information.
The terminal information management unit (A-12), together with an update program information management unit (A-13) described later, realizes the terminal investigation unit (A-100) of FIG.
 端末属性情報記憶部(A-06)は、端末属性情報を記憶する。
 なお、図面では、作図スペースの理由により、端末属性情報記憶部(A-06)を、「端末属性情報」と表記している。 The terminal attribute information storage unit (A-06) stores terminal attribute information.
In the drawing, the terminal attribute information storage unit (A-06) is described as “terminal attribute information” for reasons of drawing space.
 図5は、端末所属情報テーブルの例を示す。
 端末所属情報テーブルには、端末IDごとに、利用者ID、組織ID、機密度、搭載OSが示される。
 利用者IDは、端末IDで特定される端末装置を利用する利用者の識別子を示す。
 組織IDは、利用者IDで特定される利用者が所属する組織の識別子を示す。
 機密度は、端末IDで特定される端末装置が保持している情報の機密レベルを示す。
 搭載OSは、端末IDで特定される端末装置に搭載されているOSを示す。
 なお、本実施の形態では、端末所属情報テーブルにおいて、搭載OSの情報は必須であるが、利用者ID、組織ID、機密度の情報は省略可能である。
 端末情報管理部(A-12)は、端末属性情報記憶装置(A-18)から定期的に端末所属情報テーブルを受信しているものとする。
 但し、端末情報管理部(A-12)は、定期的に端末所属情報テーブルを受信する方法に代えて、アクセス受信部(A-03)がパケットを受信した際に、パケットの送信元の端末装置のレコードのみを端末属性情報記憶装置(A-18)から受信するようにしてもよい。 FIG. 5 shows an example of the terminal affiliation information table.
In the terminal affiliation information table, the user ID, organization ID, confidentiality, and installed OS are shown for each terminal ID.
The user ID indicates an identifier of a user who uses the terminal device specified by the terminal ID.
The organization ID indicates the identifier of the organization to which the user specified by the user ID belongs.
The confidentiality indicates the confidential level of information held by the terminal device specified by the terminal ID.
The installed OS indicates the OS installed in the terminal device specified by the terminal ID.
In the present embodiment, in the terminal affiliation information table, information on the installed OS is essential, but information on the user ID, organization ID, and confidentiality can be omitted.
It is assumed that the terminal information management unit (A-12) periodically receives the terminal affiliation information table from the terminal attribute information storage device (A-18).
However, the terminal information management unit (A-12), instead of the method of periodically receiving the terminal affiliation information table, when the access reception unit (A-03) receives the packet, the terminal that is the transmission source of the packet Only the device record may be received from the terminal attribute information storage device (A-18).
 図6は、端末セキュリティ状態情報テーブルの例を示す。
 端末セキュリティ状態情報テーブルには、端末IDごとに、最新パッチ更新日時が示される。
 最新パッチ更新日時は、セキュリティプログラムを最後に更新した日時を示す。
 端末情報管理部(A-12)は、端末属性情報記憶装置(A-18)から定期的に端末セキュリティ状態情報テーブルを受信しているものとする。
 但し、端末情報管理部(A-12)は、定期的に端末セキュリティ状態情報テーブルを受信する方法に代えて、アクセス受信部(A-03)がパケットを受信した際に、パケットの送信元の端末装置のレコードのみを端末属性情報記憶装置(A-18)から受信するようにしてもよい。 FIG. 6 shows an example of the terminal security state information table.
The terminal security status information table shows the latest patch update date and time for each terminal ID.
The latest patch update date and time indicates the date and time when the security program was last updated.
It is assumed that the terminal information management unit (A-12) periodically receives the terminal security state information table from the terminal attribute information storage device (A-18).
However, instead of the method of periodically receiving the terminal security status information table, the terminal information management unit (A-12), when the access receiving unit (A-03) receives the packet, Only the record of the terminal device may be received from the terminal attribute information storage device (A-18).
 更新プログラム情報管理部(A-13)は、更新プログラム情報を、定期的あるいは新しい更新プログラムの配布時に修復情報記憶装置(A-19)から受信し、受信した更新プログラム情報を、後述の更新プログラム情報記憶部(A-07)に格納する。
 更新プログラム情報管理部(A-13)は、端末情報管理部(A-12)とともに、図2の端末調査部(A-100)を実現する。 The update program information management unit (A-13) receives the update program information from the repair information storage device (A-19) periodically or when distributing a new update program, and receives the received update program information as an update program described later. The information is stored in the information storage unit (A-07).
The update program information management unit (A-13), together with the terminal information management unit (A-12), realizes the terminal investigation unit (A-100) of FIG.
 更新プログラム情報記憶部(A-07)は、更新プログラム情報管理部(A-13)により取得された更新プログラム情報を記憶する。
 なお、図面では、作図スペースの理由により、更新プログラム情報記憶部(A-07)を、「更新プログラム情報」と表記している。 The update program information storage unit (A-07) stores the update program information acquired by the update program information management unit (A-13).
In the drawing, the update program information storage unit (A-07) is described as “update program information” for the reason of the drawing space.
 図7は、更新プログラム情報テーブルの例を示す。
 更新プログラム情報テーブルには、OSごとに、更新プログラムID、リスク、配布日時が示される。
 更新プログラムIDは、対象OSについて配布されたセキュリティプログラムの識別子を示す。
 リスクは、更新プログラムIDで特定されるセキュリティプログラムが対処しているリスクの程度を示す。
 配布日時は、更新プログラムIDで特定されるセキュリティプログラムの配布日時を示す。 FIG. 7 shows an example of the update program information table.
The update program information table shows the update program ID, risk, and distribution date and time for each OS.
The update program ID indicates the identifier of the security program distributed for the target OS.
The risk indicates the degree of risk that is handled by the security program identified by the update program ID.
The distribution date / time indicates the distribution date / time of the security program specified by the update program ID.
 端末装置状態評価部(A-04)は、アクセス端末情報記憶部(A-24)からアクセス端末情報テーブル(図4)を取得し、端末属性情報記憶部(A-06)から端末所属情報テーブル(図5)及び端末セキュリティ状態情報テーブル(図6)を取得し、更新プログラム情報記憶部(A-07)から更新プログラム情報テーブル(図7)を取得し、これらのテーブルを解析して、端末装置(A-01)のセキュリティ状態を調査する。
 そして、端末状態評価部(A-04)は、端末装置(A-01)のセキュリティ状態の調査結果から危険度評価値を算出し、算出した危険度評価値をアクセス割り振り決定部(A-09)に通知する。
 危険度評価値は、単に評価値ともいう。
 また、端末状態評価部(A-04)は、後述のアクセス割り振り決定部(A-09)とともに、図2の選択部(A-300)を実現する。 The terminal device state evaluation unit (A-04) acquires the access terminal information table (FIG. 4) from the access terminal information storage unit (A-24), and acquires the terminal affiliation information table from the terminal attribute information storage unit (A-06). (FIG. 5) and the terminal security state information table (FIG. 6) are acquired, the update program information table (FIG. 7) is acquired from the update program information storage unit (A-07), these tables are analyzed, and the terminal Check the security status of the device (A-01).
Then, the terminal state evaluation unit (A-04) calculates a risk evaluation value from the security state investigation result of the terminal device (A-01), and uses the calculated risk evaluation value as an access allocation determination unit (A-09). ).
The risk evaluation value is also simply referred to as an evaluation value.
Further, the terminal state evaluation unit (A-04) implements the selection unit (A-300) of FIG. 2 together with an access allocation determination unit (A-09) described later.
 負荷状態情報受信部(A-14)は、定期的に、修復サーバ装置(A-16)から修復サーバ装置(A-16)における負荷状態が示される負荷状態情報を受信する。
 また、負荷状態情報受信部(A-14)は、定期的に、検疫サーバ装置(A-17)から検疫サーバ装置(A-17)における負荷状態が示される負荷状態情報を受信する。
 また、負荷状態情報受信部(A-14)は、定期的に、負荷分散装置(B-02)から、修復サーバ装置(B-16)及び検疫サーバ装置(B-17)の負荷状態情報を受信する。
 そして、負荷状態情報受信部(A-14)は、受信した負荷情報を負荷状態情報記憶部(A-15)に格納する。
 負荷状態情報受信部(A-14)は、図2の負荷状態情報受信部(A-200)を実現する。 The load state information receiving unit (A-14) periodically receives load state information indicating the load state in the repair server device (A-16) from the repair server device (A-16).
Further, the load status information receiving unit (A-14) periodically receives load status information indicating the load status in the quarantine server device (A-17) from the quarantine server device (A-17).
Further, the load status information receiving unit (A-14) periodically receives the load status information of the repair server device (B-16) and the quarantine server device (B-17) from the load balancer (B-02). Receive.
Then, the load state information receiving unit (A-14) stores the received load information in the load state information storage unit (A-15).
The load state information receiving unit (A-14) implements the load state information receiving unit (A-200) of FIG.
 負荷状態情報記憶部(A-15)は、負荷状態情報を記憶する。
 なお、図面では、作図スペースの理由により、負荷状態情報記憶部(A-15)を、「負荷状態情報」と表記している。
 負荷状態情報記憶部(A-15)は、例えば、サーバ装置の負荷状態情報を、図8の負荷状態情報テーブルに記憶している。
 図8の例は、拠点Aの検疫サーバ装置(A-17)の負荷レベル(LV)が「90」であり、拠点Bの検疫サーバ装置(B-17)の負荷レベル(LV)が「20」であることを示している。 The load state information storage unit (A-15) stores load state information.
In the drawing, the load state information storage unit (A-15) is described as “load state information” for reasons of drawing space.
For example, the load state information storage unit (A-15) stores the load state information of the server device in the load state information table of FIG.
In the example of FIG. 8, the load level (LV) of the quarantine server device (A-17) at the site A is “90”, and the load level (LV) of the quarantine server device (B-17) at the site B is “20”. ".
 負荷状態情報送信部(A-23)は、定期的に、負荷状態情報記憶部(A-15)に記憶されている修復サーバ装置(A-16)の負荷状態情報及び検疫サーバ装置(A-17)の負荷状態情報を負荷分散装置(B-02)に送信する。 The load state information transmission unit (A-23) periodically reads the load state information of the repair server device (A-16) stored in the load state information storage unit (A-15) and the quarantine server device (A-). 17) is transmitted to the load balancer (B-02).
 割り振りルール情報記憶部(A-08)は、割り振りルール情報を記憶している。
 割り振りルール情報は、後述のアクセス割り振り決定部(A-09)がセキュリティ管理のためのデータ処理を行うサーバ装置を、拠点A(A00)内のサーバ装置及び拠点B(B00)内のサーバ装置のいずれにするかを選択するためのルールが記述されている。
 なお、図面では、作図スペースの理由により、割り振りルール情報記憶部(A-08)を、「割り振りルール情報」と表記している。
 割り振りルール情報記憶部(A-08)は、例えば、割り振りルール情報を、図9の割り振りルール情報テーブルに記憶している。
 図9において、ルールIDは、割り振りルールの識別子を示す。
 アクセス元拠点IDとは、アクセス元の端末装置が属する拠点の識別子を示す。
 アクセス元名称は、アクセス元拠点IDで特定される拠点の名称を示す。
 アクセス先拠点IDとは、セキュリティ管理のためのデータ処理を実行させる拠点の識別子を示す。
 危険度評価値は、端末状態評価部(A-04)で算出された危険度評価値の条件を示す。
 負荷レベル(LV)は、負荷状態の条件を示す。 The allocation rule information storage unit (A-08) stores allocation rule information.
The allocation rule information includes a server device in which an access allocation determination unit (A-09), which will be described later, performs data processing for security management, a server device in the base A (A00), and a server device in the base B (B00). A rule for selecting one of them is described.
In the drawing, the allocation rule information storage unit (A-08) is described as “allocation rule information” for reasons of drawing space.
For example, the allocation rule information storage unit (A-08) stores allocation rule information in the allocation rule information table of FIG.
In FIG. 9, the rule ID indicates an identifier of the allocation rule.
The access source base ID indicates an identifier of a base to which the access source terminal device belongs.
The access source name indicates the name of the base specified by the access source base ID.
The access destination base ID indicates an identifier of a base that executes data processing for security management.
The risk evaluation value indicates the condition of the risk evaluation value calculated by the terminal state evaluation unit (A-04).
The load level (LV) indicates the condition of the load state.
 アクセス割り振り決定部(A-09)は、端末状態評価部(A-04)で算出された危険度評価値、検疫サーバ装置(A-17)の負荷状態、検疫サーバ装置(B-17)の負荷状態に基づき、割り振りルール情報テーブル(図9)に従って、端末装置(A-01)の検疫処理を行わせるサーバ装置を検疫サーバ装置(A-17)又は検疫サーバ装置(B-17)のいずれにするかを選択する。
 また、アクセス割り振り決定部(A-09)は、端末状態評価部(A-04)で算出された危険度評価値、修復サーバ装置(A-16)の負荷状態、修復サーバ装置(B-16)の負荷状態に基づき、割り振りルール情報テーブル(図9)に従って、端末装置(A-01)の修復処理を行わせるサーバ装置を修復サーバ装置(A-16)又は修復サーバ装置(B-16)のいずれにするかを選択する。
 アクセス割り振り決定部(A-09)は、端末状態評価部(A-04)とともに、図2の選択部(A-300)を実現する。 The access allocation determination unit (A-09) is configured to determine the risk evaluation value calculated by the terminal state evaluation unit (A-04), the load state of the quarantine server device (A-17), the quarantine server device (B-17) Based on the load state, either the quarantine server device (A-17) or the quarantine server device (B-17) is selected as the server device that performs the quarantine process of the terminal device (A-01) according to the allocation rule information table (FIG. 9). Select whether or not.
The access allocation determination unit (A-09) also calculates the risk evaluation value calculated by the terminal state evaluation unit (A-04), the load state of the repair server device (A-16), the repair server device (B-16). ) In accordance with the allocation rule information table (FIG. 9), the server device that performs the repair processing of the terminal device (A-01) is the repair server device (A-16) or the repair server device (B-16). Select one of these.
The access allocation determination unit (A-09) implements the selection unit (A-300) of FIG. 2 together with the terminal state evaluation unit (A-04).
 サーバ通信部(A-10)は、端末装置(A-01)からのパケットを、アクセス割り振り決定部(A-09)によって選択されたサーバ装置に転送する。
 具体的には、サーバ通信部(A-10)は、アクセス割り振り決定部(A-09)により修復サーバ装置(A-16)が選択された場合には、端末装置(A-01)からのパケットを修復サーバ装置(A-16)に転送する。
 また、サーバ通信部(A-10)は、アクセス割り振り決定部(A-09)により検疫サーバ装置(A-17)が選択された場合には、端末装置(A-01)からのパケットを検疫サーバ装置(A-17)に転送する。
 また、サーバ通信部(A-10)は、アクセス割り振り決定部(A-09)により修復サーバ装置(B-16)又は検疫サーバ装置(B-17)が選択された場合には、端末装置(A-01)からのパケットを負荷分散装置(B-02)に転送する。
 負荷分散装置(B-02)は、サーバ通信部(A-10)から転送された端末装置(A-01)からのパケットを修復サーバ装置(B-16)又は検疫サーバ装置(B-17)に転送する。 The server communication unit (A-10) transfers the packet from the terminal device (A-01) to the server device selected by the access allocation determination unit (A-09).
Specifically, when the repair server device (A-16) is selected by the access allocation determination unit (A-09), the server communication unit (A-10) receives the request from the terminal device (A-01). The packet is transferred to the repair server device (A-16).
The server communication unit (A-10) quarantines the packet from the terminal device (A-01) when the quarantine server device (A-17) is selected by the access allocation determination unit (A-09). Transfer to server device (A-17).
Further, when the repair server device (B-16) or the quarantine server device (B-17) is selected by the access allocation determination unit (A-09), the server communication unit (A-10) The packet from A-01) is transferred to the load balancer (B-02).
The load balancer (B-02) sends a packet from the terminal device (A-01) transferred from the server communication unit (A-10) to the repair server device (B-16) or the quarantine server device (B-17). Forward to.
 なお、負荷分散装置(B-02)の構成も負荷分散装置(A-02)と同様であるため、負荷分散装置(B-02)の構成の説明は省略する。 Since the configuration of the load balancer (B-02) is the same as that of the load balancer (A-02), the description of the configuration of the load balancer (B-02) is omitted.
***動作の説明***
 次に、負荷分散装置(A-02)における動作例を図10のフローチャートを用いて説明する。
 以下では、端末装置(A-01)が拠点A(A00)内のファイルサーバ装置(図1に不図示)にアクセスを試み、負荷分散装置(A-02)が検疫処理を行わせるサーバ装置として検疫サーバ装置(A-17)及び検疫サーバ装置(B-17)のうちのいずれかを選択する例を用いて説明を進める。
 また、以下では、端末情報管理部(A-12)は、定期的に端末属性情報記憶装置(A-18)から端末属性情報を取得しており、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、端末属性情報記憶部(A-06)に端末装置(A-01)の端末属性情報が格納されているものとする。
 また、同様に、以下では、更新プログラム情報管理部(A-13)は、定期的に修復情報記憶装置(A-19)から更新プログラム情報を取得しており、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、更新プログラム情報記憶部(A-07)に更新プログラム情報が格納されているものとする。
 また、同様に、以下では、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、負荷状態情報記憶部(A-15)に検疫サーバ装置(A-17)の負荷状態情報及び検疫サーバ装置(B-17)の負荷状態情報が格納されているものとする。 *** Explanation of operation ***
Next, an operation example in the load balancer (A-02) will be described with reference to the flowchart of FIG.
Hereinafter, as a server device in which the terminal device (A-01) tries to access a file server device (not shown in FIG. 1) in the base A (A00) and the load distribution device (A-02) performs a quarantine process. The description proceeds using an example in which one of the quarantine server apparatus (A-17) and the quarantine server apparatus (B-17) is selected.
In the following, the terminal information management unit (A-12) periodically acquires terminal attribute information from the terminal attribute information storage device (A-18), and the file server device from the terminal device (A-01). When the terminal is accessed, the terminal attribute information of the terminal device (A-01) is stored in the terminal attribute information storage unit (A-06).
Similarly, in the following, the update program information management unit (A-13) periodically acquires update program information from the repair information storage device (A-19), and from the terminal device (A-01). When the file server apparatus is accessed, update program information is stored in the update program information storage unit (A-07).
Similarly, in the following description, when the terminal device (A-01) accesses the file server device, the load of the quarantine server device (A-17) is stored in the load status information storage unit (A-15). Assume that state information and load state information of the quarantine server apparatus (B-17) are stored.
 端末装置(A-01)が拠点A(A00)内のファイルサーバ装置にアクセスするためのパケットを送信する。
 端末装置(A-01)からのパケットは、負荷分散装置(A-02)のアクセス受信部(A-03)が受信する(S01)。
 アクセス受信部(A-03)は、受信したパケットを端末情報収集部(A-21)に渡す。 The terminal device (A-01) transmits a packet for accessing the file server device in the base A (A00).
The packet from the terminal device (A-01) is received by the access receiver (A-03) of the load balancer (A-02) (S01).
The access receiving unit (A-03) passes the received packet to the terminal information collecting unit (A-21).
 次に、端末情報収集部(A-21)が、パケットから、端末ID、IPアドレス、MACアドレス、端末タイプ、アクセス先IPアドレス、アクセス時刻を端末情報として取得する(S02)。
 端末情報は、アクセス端末情報記憶部(A-24)にて、図4のアクセス端末情報テーブルに保存される。 Next, the terminal information collection unit (A-21) acquires the terminal ID, IP address, MAC address, terminal type, access destination IP address, and access time from the packet as terminal information (S02).
The terminal information is stored in the access terminal information table of FIG. 4 in the access terminal information storage unit (A-24).
 次に、端末状態評価部(A-04)がアクセス端末情報テーブルから端末装置(A-01)の端末IDを取得する。
 更に、端末状態評価部(A-04)は、アクセス端末情報テーブルから得た端末装置(A-01)の端末IDの値に対応する端末属性情報を端末属性情報記憶部(A-06)から取得する(S03)。
 より具体的には、端末状態評価部(A-04)は、端末装置(A-01)の端末IDの値に対応する搭載OSの値を端末所属情報テーブル(図5)から取得する。
 また、端末状態評価部(A-04)は、端末装置(A-01)の端末IDの値に対応する最新パッチ更新日時を端末セキュリティ状態情報テーブル(図6)から取得する。
 例えば、端末装置(A-01)の端末IDが「TRM01」であるとすると、端末状態評価部(A-04)は、端末所属情報テーブル(図5)から搭載OSとして「OS-8」を取得し、また、端末セキュリティ状態情報テーブル(図6)から最新パッチ更新日時として「2014/03/01 17:21:52」を取得する。
 端末装置(A-01)の端末ID、搭載OS、最新パッチ更新日時をまとめると、図11のようになる。 Next, the terminal state evaluation unit (A-04) acquires the terminal ID of the terminal device (A-01) from the access terminal information table.
Further, the terminal state evaluation unit (A-04) obtains terminal attribute information corresponding to the terminal ID value of the terminal device (A-01) obtained from the access terminal information table from the terminal attribute information storage unit (A-06). Obtain (S03).
More specifically, the terminal state evaluation unit (A-04) acquires the value of the installed OS corresponding to the value of the terminal ID of the terminal device (A-01) from the terminal belonging information table (FIG. 5).
Further, the terminal state evaluation unit (A-04) obtains the latest patch update date and time corresponding to the terminal ID value of the terminal device (A-01) from the terminal security state information table (FIG. 6).
For example, assuming that the terminal ID of the terminal device (A-01) is “TRM01”, the terminal state evaluation unit (A-04) sets “OS-8” as the installed OS from the terminal affiliation information table (FIG. 5). Further, “2014/03/01 17:21:52” is acquired as the latest patch update date and time from the terminal security state information table (FIG. 6).
The terminal ID, installed OS, and latest patch update date and time of the terminal device (A-01) are summarized as shown in FIG.
 また、端末状態評価部(A-04)は、端末装置(A-01)の搭載OSと最新パッチ更新日時に対応する更新プログラム情報を更新プログラム情報記憶部(A-07)から取得する(S04)。
 前述のように、S03において、搭載OSとして「OS-8」が取得され、最新パッチ更新日時として「2014/03/01 17:21:52」が取得されている。
 端末状態評価部(A-04)は、対象OSが「OS-8」となっており、配布日時が「2014/03/01 17:21:52」より後のレコードを、更新プログラム情報テーブル(図7)から取得する。
 この結果、端末状態評価部(A-04)は、更新プログラム「UPD001」、「UPD002」及び「UPD003」のレコードを取得する。
 更新プログラム「UPD001」、「UPD002」及び「UPD003」は、端末装置(A-01)で更新されていないセキュリティプログラムである。 Further, the terminal state evaluation unit (A-04) acquires update program information corresponding to the OS installed in the terminal device (A-01) and the latest patch update date and time from the update program information storage unit (A-07) (S04). ).
As described above, in S03, “OS-8” is acquired as the installed OS, and “2014/03/01 17:21:52” is acquired as the latest patch update date and time.
The terminal state evaluation unit (A-04) reads the records whose target OS is “OS-8” and whose distribution date and time is after “2014/03/01 17:21:52” from the update program information table ( Obtained from FIG.
As a result, the terminal state evaluation unit (A-04) acquires records of the update programs “UPD001”, “UPD002”, and “UPD003”.
The update programs “UPD001”, “UPD002”, and “UPD003” are security programs that have not been updated in the terminal device (A-01).
 次に、端末状態評価部(A-04)は、予め定められた評価ルールに基づき、端末装置(A-01)のセキュリティ状態の危険度評価値を計算する(S05)。
 ここでは、リスク「HIGH」の更新プログラム1個につき評価値2点を計上し、リスク「LOW」の更新プログラム1個につき評価値1点を計上する評価ルールを想定する。
 更新プログラム「UPD001」及び「UPD002」のリスクは、図7より、それぞれ「HIGH」であり、更新プログラム「UPD003」のリスクは、図7より、「LOW」である。
 このため、端末状態評価部(A-04)は、端末装置(A-01)の危険度評価値として5点を算出する。
 端末状態評価部(A-04)は、算出した評価値をアクセス割り振り決定部(A-09)に通知する。 Next, the terminal state evaluation unit (A-04) calculates a risk state evaluation value of the security state of the terminal device (A-01) based on a predetermined evaluation rule (S05).
Here, an evaluation rule is assumed in which two evaluation values are counted for each update program for risk “HIGH” and one evaluation value is recorded for each update program for risk “LOW”.
The risks of the update programs “UPD001” and “UPD002” are “HIGH” from FIG. 7, respectively, and the risk of the update program “UPD003” is “LOW” from FIG.
Therefore, the terminal state evaluation unit (A-04) calculates 5 points as the risk evaluation value of the terminal device (A-01).
The terminal state evaluation unit (A-04) notifies the calculated evaluation value to the access allocation determination unit (A-09).
 次に、アクセス割り振り決定部(A-09)は負荷状態情報記憶部(A-15)から、検疫サーバ装置(A-17)及び検疫サーバ装置(B-17)の負荷状態情報を取得する(S06)。
 アクセス割り振り決定部(A-09)は、例えば、図8に示す負荷状態情報を取得したものとする。 Next, the access allocation determination unit (A-09) acquires the load status information of the quarantine server device (A-17) and the quarantine server device (B-17) from the load status information storage unit (A-15) ( S06).
For example, it is assumed that the access allocation determination unit (A-09) acquires the load state information shown in FIG.
 次に、アクセス割り振り決定部(A-09)は、割り振りルール情報記憶部(A-08)から割り振りルール情報テーブルを取得し、危険度評価値と負荷状態情報とに基づき、端末装置(A-01)の検疫処理を行わせるサーバ装置として検疫サーバ装置(A-17)又は検疫サーバ装置(B-17)を選択する(S07)。
 アクセス元である端末装置(A-01)は拠点A(A00)に属することから、アクセス割り振り決定部(A-09)は、図9の割り振りルール情報テーブルから、ルールIDが「ARL001」であるレコードと、ルールIDが「ARL002」であるレコードを取得する。
 「ARL001」のレコードに記載されているルールは、危険度評価値が7点以下で、検疫サーバ装置(A-17)の負荷レベルが70以下であれば、検疫サーバ装置(A-17)(アクセス先名称:拠点A)を選択するというルールである。
 「ARL002」のレコードに記載されているルールは、危険度評価値が5点以下で、検疫サーバ装置(A-17)の負荷レベルが50以下であれば、検疫サーバ装置(B-17)(アクセス先名称:拠点B)を選択するというルールである。
 端末状態評価部(A-04)により算出された危険度評価値は「5点」であり、また、図8の例では、検疫サーバ装置(A-17)の負荷レベルは「90」であり、検疫サーバ装置(B-17)の負荷レベルは「20」である。
 危険度評価値は「5点」であるため、「ARL001」及び「ARL002」の危険度評価値の条件に合致する。
 しかし、検疫サーバ装置(A-17)の負荷レベルは「90」であるため、「ARL001」の負荷レベルの条件に合致しない。
 一方、検疫サーバ装置(B-17)の負荷レベルは「20」であるため、「ARL002」の負荷レベルの条件に合致する。
 このため、アクセス割り振り決定部(A-09)は、端末装置(A-01)の検疫処理を行わせるサーバ装置として、「ARL002」のルールにより、検疫サーバ装置(B-17)を選択する。 Next, the access allocation determination unit (A-09) acquires the allocation rule information table from the allocation rule information storage unit (A-08), and based on the risk evaluation value and the load state information, the terminal device (A− The quarantine server device (A-17) or the quarantine server device (B-17) is selected as the server device for performing the quarantine process of (01) (S07).
Since the access source terminal device (A-01) belongs to the base A (A00), the access allocation determination unit (A-09) has the rule ID “ARL001” from the allocation rule information table of FIG. A record and a record whose rule ID is “ARL002” are acquired.
According to the rule described in the record “ARL001”, if the risk evaluation value is 7 points or less and the load level of the quarantine server device (A-17) is 70 or less, the quarantine server device (A-17) ( This is a rule of selecting access destination name: base A).
The rule described in the record “ARL002” is that if the risk evaluation value is 5 points or less and the load level of the quarantine server device (A-17) is 50 or less, the quarantine server device (B-17) ( This is a rule of selecting access destination name: base B).
The risk evaluation value calculated by the terminal state evaluation unit (A-04) is “5 points”, and in the example of FIG. 8, the load level of the quarantine server device (A-17) is “90”. The load level of the quarantine server device (B-17) is “20”.
Since the risk evaluation value is “5 points”, it matches the conditions of the risk evaluation values of “ARL001” and “ARL002”.
However, since the load level of the quarantine server apparatus (A-17) is “90”, the load level condition of “ARL001” is not met.
On the other hand, since the load level of the quarantine server apparatus (B-17) is “20”, the load level condition of “ARL002” is met.
For this reason, the access allocation determination unit (A-09) selects the quarantine server device (B-17) according to the rule of “ARL002” as the server device that performs the quarantine process of the terminal device (A-01).
 次に、サーバ通信部(A-10)は、アクセス割り振り決定部(A-09)により選択された検疫サーバ装置(B-17)に端末装置(A-01)からのパケットを転送する(S08)。
 より具体的には、サーバ通信部(A-10)は、負荷分散装置(B-02)に端末装置(A-01)からのパケットを転送する。
 そして、負荷分散装置(B-02)が、検疫サーバ装置(B-17)に端末装置(A-01)からのパケットを転送し、検疫サーバ装置(B-17)に検疫処理を行わせる。 Next, the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17) selected by the access allocation determination unit (A-09) (S08). ).
More specifically, the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the load balancer (B-02).
Then, the load balancer (B-02) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17), and causes the quarantine server device (B-17) to perform the quarantine process.
 なお、以上の説明では、危険度評価値及び負荷レベルが「ARL002」の条件のみに合致する例を説明した。
 危険度評価値及び負荷レベルが「ARL001」の条件及び「ARL002」の条件の両者に合致する場合は、アクセス割り振り決定部(A-09)は、例えば、負荷レベルが低いサーバ装置を選択する。
 例えば、端末状態評価部(A-04)により算出された評価値が「5点」であり、検疫サーバ装置(A-17)の負荷状態情報の負荷レベルが「30」であり検疫サーバ装置(B-17)の負荷状態の負荷レベルが「40」であれば、負荷レベルの低い検疫サーバ装置(A-17)が選択される。
 また、危険度評価値及び負荷レベルが「ARL001」の条件及び「ARL002」の条件のいずれにも合致しない場合は、アクセス割り振り決定部(A-09)は、拠点A(A00)のサーバ装置を選択する。
 例えば、端末状態評価部(A-04)により算出された評価値が「8点」である場合は、「ARL001」の条件及び「ARL002」の条件のいずれにも合致しないため、検疫サーバ装置(A-17)が選択される。 In the above description, the example in which the risk evaluation value and the load level match only the condition of “ARL002” has been described.
When the risk evaluation value and the load level meet both the conditions of “ARL001” and the condition of “ARL002”, the access allocation determination unit (A-09) selects, for example, a server device with a low load level.
For example, the evaluation value calculated by the terminal state evaluation unit (A-04) is “5 points”, the load level of the load state information of the quarantine server device (A-17) is “30”, and the quarantine server device ( If the load level in the load state of B-17) is “40”, the quarantine server apparatus (A-17) having a low load level is selected.
Also, if the risk evaluation value and the load level do not meet either the “ARL001” condition or the “ARL002” condition, the access allocation determining unit (A-09) selects the server device at the base A (A00). select.
For example, if the evaluation value calculated by the terminal state evaluation unit (A-04) is “8 points”, it does not match both the “ARL001” condition and the “ARL002” condition. A-17) is selected.
***効果の説明***
 本実施の形態では、ネットワーク検疫技術を適用した情報システム環境において、端末装置の検疫、隔離及び修復処理の負荷を複数の拠点で分散することで発生するセキュリティ上のリスクを軽減しつつ、ネットワーク検疫処理にかかる時間を短縮する構成を説明した。
 本実施の形態により、以下の効果が期待できる。
 ・セキュリティ上のリスクの軽減
 セキュリティ状態が低い端末装置が、他の拠点のサーバ装置に割り振られることを防止することができる。
 このため、他の拠点のサーバ装置及びネットワークにセキュリティ上の問題を引き起こす事態を回避することができる。
 ・ネットワーク検疫負荷の分散
 1つの拠点のサーバ装置に負荷が集中した場合に、他の拠点のサーバ装置を利用して、ネットワーク検疫にかかる時間を短縮することができる。
 ・予備リソースの削減
 他の拠点のサーバ装置を予備リソースとすることで、各拠点で準備しておくサーバ装置の予備リソースを削減することができる。 *** Explanation of effects ***
In the present embodiment, in an information system environment to which network quarantine technology is applied, network quarantine is performed while reducing the security risks caused by distributing the load of quarantine, quarantine, and repair processing of terminal devices at multiple locations. The configuration for shortening the processing time has been described.
According to this embodiment, the following effects can be expected.
Reduction of security risk It is possible to prevent a terminal device with a low security state from being assigned to a server device at another base.
For this reason, the situation which causes a security problem to the server apparatus and network of another base can be avoided.
・ Distribution of network quarantine load When the load is concentrated on the server device at one site, the time required for network quarantine can be shortened by using the server device at another site.
-Reduction of spare resources By using server devices at other sites as spare resources, it is possible to reduce the spare resources of server devices prepared at each site.
 実施の形態2.
 本実施の形態では、セキュリティ管理のためのデータ処理を行うサーバ装置を決定するパラメータとして、端末装置の属性を用いる例を説明する。
 端末装置の属性とは、例えば、端末装置の利用者の属性又は端末装置における機密情報の有無である。
 利用者の属性とは、例えば、利用者の役職又は利用者の所属組織である。 Embodiment 2. FIG.
In the present embodiment, an example in which an attribute of a terminal device is used as a parameter for determining a server device that performs data processing for security management will be described.
The terminal device attribute is, for example, an attribute of a user of the terminal device or presence / absence of confidential information in the terminal device.
The user attribute is, for example, the job title of the user or the organization to which the user belongs.
 以下では、主に実施の形態1との差異を説明する。
 以下で説明していない事項は、実施の形態1と同様である。 Hereinafter, differences from the first embodiment will be mainly described.
Matters not described below are the same as those in the first embodiment.
***構成の説明***
 本実施の形態に係るシステム構成例は、図1に示したとおりである。
 また、本実施の形態に係る負荷分散装置(A-02)の概括的な構成例は図2に示したとおりである。
 但し、本実施の形態では、端末調査部(A-100)は、端末装置のセキュリティ状態に加えて、端末装置の属性も調査する。
 また、本実施の形態に係る選択部(A-300)は、端末装置のセキュリティ状態と端末装置の属性と、負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を端末装置に行うサーバ装置を複数のサーバ装置の中から選択する。
 選択部(A-300)は、端末装置のセキュリティ状態と端末装置の属性とに基づき評価値を算出する。
 選択部(A-300)は、例えば、端末装置の属性から端末装置の優先度を導出し、端末装置のセキュリティ状態と優先度とに基づき評価値を算出する。
 そして、選択部(A-300)は、算出した評価値と各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を端末装置に行うサーバ装置を複数のサーバ装置の中から選択する。
 なお、本実施の形態に係る負荷分散装置(A-02)は、より詳細には、例えば図12の構成を有する。 *** Explanation of configuration ***
A system configuration example according to the present embodiment is as shown in FIG.
A general configuration example of the load distribution apparatus (A-02) according to the present embodiment is as shown in FIG.
However, in this embodiment, the terminal investigation unit (A-100) investigates the attributes of the terminal device in addition to the security state of the terminal device.
Further, the selection unit (A-300) according to the present embodiment performs security management based on the security status of the terminal device, the attribute of the terminal device, and the load status of each server device indicated in the load status information. A server device that performs data processing on the terminal device is selected from a plurality of server devices.
The selection unit (A-300) calculates an evaluation value based on the security state of the terminal device and the attribute of the terminal device.
For example, the selection unit (A-300) derives the priority of the terminal device from the attribute of the terminal device, and calculates the evaluation value based on the security state and the priority of the terminal device.
Then, the selection unit (A-300) selects, from the plurality of server devices, a server device that performs data processing for security management on the terminal device based on the calculated evaluation value and the load state of each server device. .
In more detail, the load distribution apparatus (A-02) according to the present embodiment has, for example, the configuration shown in FIG.
 図12では、図3の構成と比べて、検疫レベル情報記憶部(A-05)及び検疫レベル情報管理部(A-11)が追加されている。
 検疫レベル情報管理部(A-11)は、検疫情報記憶装置(A-20)から検疫レベル情報を受信する。
 また、検疫レベル情報記憶部(A-05)は、検疫レベル情報管理部(A-11)が受信した検疫レベル情報を記憶する。
 検疫レベル情報は、例えば、図13に示す検疫レベル情報テーブルである。
 検疫レベル情報テーブルでは、検疫レベルIDごとに、条件1と条件2が定義されており、条件1と条件2との組合せにより検疫レベルが定義されている。
 条件1は、端末装置が保持する情報の機密度についての条件であり、条件2は端末装置の利用者の役職についての条件である。
 検疫レベルは、検疫処理を行うにあたっての端末装置の優先度である。
 検疫レベルID:QPL001では、端末装置が保持する情報の機密度が低く、端末装置の利用者の役職が低い場合は、低い検疫レベルが定義されている。
 一方、検疫レベルID:QPL004では、端末装置が保持する情報の機密度が高く、端末装置の利用者の役職が高い場合は、高い検疫レベルが定義されている。
 検疫レベル情報管理部(A-11)は、定期的に、検疫情報記憶装置(A-20)から検疫レベル情報テーブルを受信している。
 なお、図面では、作図スペースの理由により、検疫レベル情報記憶部(A-05)を、「検疫レベル情報」と表記している。 In FIG. 12, a quarantine level information storage unit (A-05) and a quarantine level information management unit (A-11) are added as compared to the configuration of FIG.
The quarantine level information management unit (A-11) receives the quarantine level information from the quarantine information storage device (A-20).
The quarantine level information storage unit (A-05) stores the quarantine level information received by the quarantine level information management unit (A-11).
The quarantine level information is, for example, a quarantine level information table shown in FIG.
In the quarantine level information table, conditions 1 and 2 are defined for each quarantine level ID, and a quarantine level is defined by a combination of conditions 1 and 2.
Condition 1 is a condition regarding the confidentiality of information held by the terminal device, and condition 2 is a condition regarding the job title of the user of the terminal device.
The quarantine level is the priority of the terminal device when performing the quarantine process.
In the quarantine level ID: QPL001, a low quarantine level is defined when the confidentiality of information held by the terminal device is low and the job title of the user of the terminal device is low.
On the other hand, in the quarantine level ID: QPL004, a high quarantine level is defined when the confidentiality of information held by the terminal device is high and the job title of the user of the terminal device is high.
The quarantine level information management unit (A-11) periodically receives the quarantine level information table from the quarantine information storage device (A-20).
In the drawing, the quarantine level information storage unit (A-05) is described as “quarantine level information” for reasons of drawing space.
 また、本実施の形態では、端末情報管理部(A-12)は、端末属性情報として、実施の形態1で示した端末所属情報テーブル(図5)及び端末セキュリティ状態情報テーブル(図6)に加えて、利用者情報テーブル(図14)、役職情報テーブル(図15)及び組織情報テーブル(図16)を端末属性情報記憶装置(A-18)から受信する。
 なお、実施の形態1では、端末所属情報テーブル(図4)において、利用者ID、組織ID、機密度は省略可能としたが、本実施の形態では、利用者ID、機密度は必須であり、組織IDは省略可能である。
 利用者情報テーブル(図14)は、利用者IDに対して、利用者名、組織ID及び役職IDが定義されている。
 また、役職情報テーブル(図15)では、役職IDに対して、役職名及び役職レベル(LV)が定義されている。
 組織情報テーブル(図16)では、組織IDに対して、組織名が定義されている。
 なお、端末情報管理部(A-12)は、これらのテーブルを定期的に受信している。
 端末情報管理部(A-12)は、端末属性情報記憶装置(A-18)から受信した、これらのテーブルを端末属性情報記憶部(A-06)に格納する。 In this embodiment, the terminal information management unit (A-12) stores the terminal attribute information in the terminal affiliation information table (FIG. 5) and the terminal security status information table (FIG. 6) shown in the first embodiment. In addition, the user information table (FIG. 14), the post information table (FIG. 15), and the organization information table (FIG. 16) are received from the terminal attribute information storage device (A-18).
In the first embodiment, the user ID, organization ID, and confidentiality can be omitted in the terminal affiliation information table (FIG. 4). However, in this embodiment, the user ID and confidentiality are essential. The organization ID can be omitted.
In the user information table (FIG. 14), a user name, an organization ID, and a post ID are defined for the user ID.
In the post information table (FIG. 15), the post name and post level (LV) are defined for the post ID.
In the organization information table (FIG. 16), an organization name is defined for the organization ID.
Note that the terminal information management unit (A-12) periodically receives these tables.
The terminal information management unit (A-12) stores these tables received from the terminal attribute information storage device (A-18) in the terminal attribute information storage unit (A-06).
 また、本実施の形態では、端末状態評価部(A-04)は、実施の形態1と同様に、端末属性情報を解析して、端末装置のセキュリティ状態を調査するとともに、端末装置の属性を調査する。
 そして、端末状態評価部(A-04)は、端末装置のセキュリティ状態と端末装置の属性とに基づき、危険度評価値を算出し、危険度評価値と負荷分散装置(A-02)のサーバ装置での負荷状態と負荷分散装置(B-02)のサーバ装置の負荷状態とに基づき、サーバ装置を選択する。 Further, in the present embodiment, the terminal state evaluation unit (A-04) analyzes the terminal attribute information to investigate the security state of the terminal device, as well as the terminal device attribute, as in the first embodiment. investigate.
The terminal state evaluation unit (A-04) calculates a risk evaluation value based on the security state of the terminal device and the attribute of the terminal device, and the risk evaluation value and the server of the load balancer (A-02) The server device is selected based on the load state of the device and the load state of the server device of the load balancer (B-02).
***動作の説明***
 次に、図17を参照して、本実施の形態に係る負荷分散装置(A-02)の動作例を説明する。
 図17において、S11、S12、S13が、図10との相違点である。
 他のステップは、図10に示すものと同様である。 *** Explanation of operation ***
Next, an operation example of the load distribution apparatus (A-02) according to the present embodiment will be described with reference to FIG.
In FIG. 17, S11, S12, and S13 are different from FIG.
Other steps are the same as those shown in FIG.
 なお、以下では、端末装置(A-01)が拠点A(A00)内のファイルサーバ装置(図12に不図示)にアクセスを試み、負荷分散装置(A-02)が検疫処理を行わせるサーバ装置として検疫サーバ装置(A-17)及び検疫サーバ装置(B-17)のうちのいずれかを選択する例を用いて説明を進める。
 また、以下では、端末情報管理部(A-12)は、定期的に端末属性情報記憶装置(A-18)から端末属性情報を取得しており、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、端末属性情報記憶部(A-06)に端末装置(A-01)の端末属性情報が格納されているものとする。
 また、同様に、以下では、更新プログラム情報管理部(A-13)は、定期的に修復情報記憶装置(A-19)から更新プログラム情報を取得しており、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、更新プログラム情報記憶部(A-07)に更新プログラム情報が格納されているものとする。
 また、同様に、以下では、検疫レベル情報管理部(A-11)は、定期的に検疫情報記憶装置(A-20)から検疫レベル情報を取得しており、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、検疫レベル情報記憶部(A-05)に検疫レベル情報が格納されているものとする。
 また、同様に、以下では、端末装置(A-01)からファイルサーバ装置へのアクセスがあった際には、負荷状態情報記憶部(A-15)に検疫サーバ装置(A-17)の負荷状態情報及び検疫サーバ装置(B-17)の負荷状態情報が格納されているものとする。 In the following, the server in which the terminal device (A-01) tries to access the file server device (not shown in FIG. 12) in the base A (A00) and the load distribution device (A-02) performs the quarantine process. The description will proceed using an example in which one of the quarantine server device (A-17) and the quarantine server device (B-17) is selected as the device.
In the following, the terminal information management unit (A-12) periodically acquires terminal attribute information from the terminal attribute information storage device (A-18), and the file server device from the terminal device (A-01). When the terminal is accessed, the terminal attribute information of the terminal device (A-01) is stored in the terminal attribute information storage unit (A-06).
Similarly, in the following, the update program information management unit (A-13) periodically acquires update program information from the repair information storage device (A-19), and from the terminal device (A-01). When the file server apparatus is accessed, update program information is stored in the update program information storage unit (A-07).
Similarly, in the following, the quarantine level information management unit (A-11) periodically acquires quarantine level information from the quarantine information storage device (A-20), and from the terminal device (A-01). It is assumed that the quarantine level information is stored in the quarantine level information storage unit (A-05) when the file server apparatus is accessed.
Similarly, in the following description, when the terminal device (A-01) accesses the file server device, the load of the quarantine server device (A-17) is stored in the load status information storage unit (A-15). Assume that state information and load state information of the quarantine server apparatus (B-17) are stored.
 端末装置(A-01)が拠点A(A00)内のファイルサーバ装置にアクセスするためのパケットを送信する。
 端末装置(A-01)からのパケットは、負荷分散装置(A-02)のアクセス受信部(A-03)が受信する(S01)。
 アクセス受信部(A-03)は、受信したパケットを端末情報収集部(A-21)に渡す。 The terminal device (A-01) transmits a packet for accessing the file server device in the base A (A00).
The packet from the terminal device (A-01) is received by the access receiver (A-03) of the load balancer (A-02) (S01).
The access receiving unit (A-03) passes the received packet to the terminal information collecting unit (A-21).
 次に、端末情報収集部(A-21)が、パケットから、端末ID、IPアドレス、MACアドレス、端末タイプ、アクセス先IPアドレス、アクセス時刻を端末情報として取得する(S02)。
 端末情報は、アクセス端末情報記憶部(A-24)にて、図4のアクセス端末情報テーブルに保存される。 Next, the terminal information collection unit (A-21) acquires the terminal ID, IP address, MAC address, terminal type, access destination IP address, and access time from the packet as terminal information (S02).
The terminal information is stored in the access terminal information table of FIG. 4 in the access terminal information storage unit (A-24).
 次に、端末状態評価部(A-04)が端末情報収集部(A-21)のアクセス端末情報テーブルから端末装置(A-01)の端末IDを取得する。
 更に、端末状態評価部(A-04)は、アクセス端末情報テーブルから得た端末装置(A-01)の端末IDの値に対応する端末属性情報を端末属性情報記憶部(A-06)から取得する(S11)。
 より具体的には、端末状態評価部(A-04)は、端末装置(A-01)の端末IDの値に対応する利用者ID、機密度、搭載OSの値を端末所属情報テーブル(図5)から取得する。
 また、端末状態評価部(A-04)は、端末装置(A-01)の端末IDの値に対応する最新パッチ更新日時を端末セキュリティ状態情報テーブル(図6)から取得する。
 更に、端末状態評価部(A-04)は、端末所属情報テーブル(図5)から取得した利用者IDの値に対応する利用者名の値と組織IDの値と役職IDの値を利用者情報テーブル(図14)から取得する。
 また、端末状態評価部(A-04)は、利用者情報テーブル(図14)から取得した役職IDの値に対応する役職名の値と役職レベル(LV)の値を役職情報テーブル(図15)から取得する。
 また、端末状態評価部(A-04)は、利用者情報テーブル(図14)から取得した組織IDの値に対応する組織名の値を組織情報テーブル(図16)から取得する。
 例えば、端末装置(A-01)の端末IDが「TRM01」であるとすると、端末装置(A-01)の端末ID、利用者ID、利用者名、組織ID、組織名、役職ID、役職名、役職レベル、機密度、搭載OS、最新パッチ更新日時をまとめると、図18のようになる。 Next, the terminal state evaluation unit (A-04) acquires the terminal ID of the terminal device (A-01) from the access terminal information table of the terminal information collection unit (A-21).
Further, the terminal state evaluation unit (A-04) obtains terminal attribute information corresponding to the terminal ID value of the terminal device (A-01) obtained from the access terminal information table from the terminal attribute information storage unit (A-06). Obtain (S11).
More specifically, the terminal state evaluation unit (A-04) displays the user ID, confidentiality, and installed OS value corresponding to the terminal ID value of the terminal device (A-01) in the terminal affiliation information table (see FIG. Obtain from 5).
Further, the terminal state evaluation unit (A-04) obtains the latest patch update date and time corresponding to the terminal ID value of the terminal device (A-01) from the terminal security state information table (FIG. 6).
Further, the terminal state evaluation unit (A-04) obtains the user name value, organization ID value, and post ID value corresponding to the user ID value acquired from the terminal affiliation information table (FIG. 5). Obtained from the information table (FIG. 14).
Further, the terminal state evaluation unit (A-04) displays the position name value and position level (LV) value corresponding to the position ID value acquired from the user information table (FIG. 14) in the position information table (FIG. 15). )
In addition, the terminal state evaluation unit (A-04) acquires the value of the organization name corresponding to the value of the organization ID acquired from the user information table (FIG. 14) from the organization information table (FIG. 16).
For example, if the terminal ID of the terminal device (A-01) is “TRM01”, the terminal ID, user ID, user name, organization ID, organization name, title ID, title of the terminal device (A-01) FIG. 18 summarizes the name, position level, confidentiality, installed OS, and latest patch update date and time.
 また、端末状態評価部(A-04)は、検疫レベル情報記憶部(A-05)から、検疫レベル情報を取得する(S12)。
 より具体的には、端末状態評価部(A-04)は、S11で取得した機密度と役職レベルに合致する検疫レベル情報のレコードを取得する。
 図18の例では、機密度が「LOW」であり、役職レベルも「LOW」であるため、端末状態評価部(A-04)は、検疫レベルID:QPL001のレコードを取得する。 The terminal state evaluation unit (A-04) acquires quarantine level information from the quarantine level information storage unit (A-05) (S12).
More specifically, the terminal state evaluation unit (A-04) acquires a record of quarantine level information that matches the confidentiality and job title level acquired in S11.
In the example of FIG. 18, since the confidentiality is “LOW” and the job title level is “LOW”, the terminal state evaluation unit (A-04) acquires the record of the quarantine level ID: QPL001.
 また、端末状態評価部(A-04)は、端末装置(A-01)の搭載OSと最新パッチ更新日時に対応する更新プログラム情報を更新プログラム情報記憶部(A-07)から取得する(S04)。
 前述のように、S03において、搭載OSとして「OS-8」が取得され、最新パッチ更新日時として「2014/03/01 17:21:52」が取得されている。
 端末状態評価部(A-04)は、対象OSが「OS-8」となっており、配布日時が「2014/03/01 17:21:52」より後のレコードを、更新プログラム情報テーブル(図7)から取得する。
 この結果、端末状態評価部(A-04)は、更新プログラム「UPD001」、「UPD002」及び「UPD003」のレコードを取得する。
 更新プログラム「UPD001」、「UPD002」及び「UPD003」は、端末装置(A-01)で更新されていないセキュリティプログラムである。 Further, the terminal state evaluation unit (A-04) acquires update program information corresponding to the OS installed in the terminal device (A-01) and the latest patch update date and time from the update program information storage unit (A-07) (S04). ).
As described above, in S03, “OS-8” is acquired as the installed OS, and “2014/03/01 17:21:52” is acquired as the latest patch update date and time.
The terminal state evaluation unit (A-04) reads the records whose target OS is “OS-8” and whose distribution date and time is after “2014/03/01 17:21:52” from the update program information table ( Obtained from FIG.
As a result, the terminal state evaluation unit (A-04) acquires records of the update programs “UPD001”, “UPD002”, and “UPD003”.
The update programs “UPD001”, “UPD002”, and “UPD003” are security programs that have not been updated in the terminal device (A-01).
 次に、端末状態評価部(A-04)は、予め定められた評価ルールに基づき、端末装置(A-01)のセキュリティ状態の危険度評価値を計算する(S13)。
 ここでは、リスク「HIGH」の更新プログラム1個につき評価値2点を計上し、リスク「LOW」の更新プログラム1個につき評価値1点を計上し、検疫レベル「HIGH」について評価値1点を計上し、検疫レベル「LOW」について0点を計上する評価ルールを想定する。
 更新プログラム「UPD001」及び「UPD002」のリスクは、図7より、それぞれ「HIGH」であり、更新プログラム「UPD003」のリスクは、図7より、「LOW」である。
 また、検疫レベルは、図13より、「LOW」である。
 このため、端末状態評価部(A-04)は、端末装置(A-01)の危険度評価値として5点を算出する。
 端末状態評価部(A-04)は、算出した評価値をアクセス割り振り決定部(A-09)に通知する。 Next, the terminal state evaluation unit (A-04) calculates a security state risk evaluation value of the terminal device (A-01) based on a predetermined evaluation rule (S13).
Here, 2 evaluation values are counted for each update program for risk “HIGH”, 1 evaluation value is recorded for each update program for risk “LOW”, and 1 evaluation value is assigned for quarantine level “HIGH”. Assume an evaluation rule of counting and counting 0 points for the quarantine level “LOW”.
The risks of the update programs “UPD001” and “UPD002” are “HIGH” from FIG. 7, respectively, and the risk of the update program “UPD003” is “LOW” from FIG.
The quarantine level is “LOW” from FIG.
Therefore, the terminal state evaluation unit (A-04) calculates 5 points as the risk evaluation value of the terminal device (A-01).
The terminal state evaluation unit (A-04) notifies the calculated evaluation value to the access allocation determination unit (A-09).
 次に、アクセス割り振り決定部(A-09)は負荷状態情報記憶部(A-15)から、検疫サーバ装置(A-17)及び検疫サーバ装置(B-17)の負荷状態情報を取得する(S06)。
 アクセス割り振り決定部(A-09)は、例えば、図8に示す負荷状態情報を取得したものとする。 Next, the access allocation determination unit (A-09) acquires the load status information of the quarantine server device (A-17) and the quarantine server device (B-17) from the load status information storage unit (A-15) ( S06).
For example, it is assumed that the access allocation determination unit (A-09) acquires the load state information shown in FIG.
 次に、アクセス割り振り決定部(A-09)は、割り振りルール情報記憶部(A-08)から割り振りルール情報テーブルを取得し、危険度評価値と負荷状態情報とに基づき、端末装置(A-01)の検疫処理を行わせるサーバ装置として検疫サーバ装置(A-17)又は検疫サーバ装置(B-17)を選択する(S07)。
 アクセス元である端末装置(A-01)は拠点A(A00)に属することから、アクセス割り振り決定部(A-09)は、図9の割り振りルール情報テーブルから、ルールIDが「ARL001」であるレコードと、ルールIDが「ARL002」であるレコードを取得する。
 「ARL001」のレコードに記載されているルールは、危険度評価値が7点以下で、検疫サーバ装置(A-17)の負荷レベルが70以下であれば、検疫サーバ装置(A-17)(アクセス先名称:拠点A)を選択するというルールである。
 「ARL002」のレコードに記載されているルールは、危険度評価値が5点以下で、検疫サーバ装置(A-17)の負荷レベルが50以下であれば、検疫サーバ装置(B-17)(アクセス先名称:拠点B)を選択するというルールである。
 端末状態評価部(A-04)により算出された危険度評価値は「5点」であり、また、図8の例では、検疫サーバ装置(A-17)の負荷レベルは「90」であり、検疫サーバ装置(B-17)の負荷レベルは「20」である。
 危険度評価値は「5点」であるため、「ARL001」及び「ARL002」の危険度評価値の条件に合致する。
 しかし、検疫サーバ装置(A-17)の負荷レベルは「90」であるため、「ARL001」の負荷レベルの条件に合致しない。
 一方、検疫サーバ装置(B-17)の負荷レベルは「20」であるため、「ARL002」の負荷レベルの条件に合致する。
 このため、アクセス割り振り決定部(A-09)は、端末装置(A-01)の検疫処理を行わせるサーバ装置として、「ARL002」のルールにより、検疫サーバ装置(B-17)を選択する。 Next, the access allocation determination unit (A-09) acquires the allocation rule information table from the allocation rule information storage unit (A-08), and based on the risk evaluation value and the load state information, the terminal device (A− The quarantine server device (A-17) or the quarantine server device (B-17) is selected as the server device for performing the quarantine process of (01) (S07).
Since the access source terminal device (A-01) belongs to the base A (A00), the access allocation determination unit (A-09) has the rule ID “ARL001” from the allocation rule information table of FIG. A record and a record whose rule ID is “ARL002” are acquired.
According to the rule described in the record “ARL001”, if the risk evaluation value is 7 points or less and the load level of the quarantine server device (A-17) is 70 or less, the quarantine server device (A-17) ( This is a rule of selecting access destination name: base A).
The rule described in the record “ARL002” is that if the risk evaluation value is 5 points or less and the load level of the quarantine server device (A-17) is 50 or less, the quarantine server device (B-17) ( This is a rule of selecting access destination name: base B).
The risk evaluation value calculated by the terminal state evaluation unit (A-04) is “5 points”, and in the example of FIG. 8, the load level of the quarantine server device (A-17) is “90”. The load level of the quarantine server device (B-17) is “20”.
Since the risk evaluation value is “5 points”, it matches the conditions of the risk evaluation values of “ARL001” and “ARL002”.
However, since the load level of the quarantine server apparatus (A-17) is “90”, the load level condition of “ARL001” is not met.
On the other hand, since the load level of the quarantine server apparatus (B-17) is “20”, the load level condition of “ARL002” is met.
For this reason, the access allocation determination unit (A-09) selects the quarantine server device (B-17) according to the rule of “ARL002” as the server device that performs the quarantine process of the terminal device (A-01).
 次に、サーバ通信部(A-10)は、アクセス割り振り決定部(A-09)により選択された検疫サーバ装置(B-17)に端末装置(A-01)からのパケットを転送する(S08)。
 より具体的には、サーバ通信部(A-10)は、負荷分散装置(B-02)に端末装置(A-01)からのパケットを転送する。
 そして、負荷分散装置(B-02)が、検疫サーバ装置(B-17)に端末装置(A-01)からのパケットを転送し、検疫サーバ装置(B-17)に検疫処理を行わせる。 Next, the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17) selected by the access allocation determination unit (A-09) (S08). ).
More specifically, the server communication unit (A-10) transfers the packet from the terminal device (A-01) to the load balancer (B-02).
Then, the load balancer (B-02) transfers the packet from the terminal device (A-01) to the quarantine server device (B-17), and causes the quarantine server device (B-17) to perform the quarantine process.
***効果の説明***
 本実施の形態では、端末装置のセキュリティ状態、サーバ装置の負荷状態に加えて、端末装置の属性をパラメータとして、サーバ装置を選択する。
 このため、実施の形態1による効果に加えて、機密レベルの高い情報を保持する端末装置や、重要役職にある利用者が使用する端末装置が、他の拠点のサーバ装置に割り振られる事態を回避することができる。 *** Explanation of effects ***
In this embodiment, in addition to the security state of the terminal device and the load state of the server device, the server device is selected using the attribute of the terminal device as a parameter.
For this reason, in addition to the effects of the first embodiment, it is possible to avoid a situation in which a terminal device that holds information with a high secret level or a terminal device that is used by a user in an important position is allocated to a server device at another base. can do.
 実施の形態3.
 本実施の形態では、アクセス割り振り決定部(A-09)が利用する割り振りルール情報テーブルが実施の形態1及び実施の形態2と異なっている例を説明する。 Embodiment 3 FIG.
In the present embodiment, an example will be described in which the allocation rule information table used by the access allocation determination unit (A-09) is different from those in the first and second embodiments.
 なお、本実施の形態では、主に、実施の形態2との差異を説明する。
 以下で説明していない事項は、実施の形態2と同様である。 In the present embodiment, differences from the second embodiment will be mainly described.
Matters not described below are the same as those in the second embodiment.
***構成の説明***
 本実施の形態に係るシステム構成例は、図1に示したとおりである。
 また、本実施の形態に係る負荷分散装置(A-02)の概括的な構成例は図2に示したとおりである。
 また、本実施の形態に係る負荷分散装置(A-02)の詳細な構成例は図12に示したとおりである。 *** Explanation of configuration ***
A system configuration example according to the present embodiment is as shown in FIG.
A general configuration example of the load distribution apparatus (A-02) according to the present embodiment is as shown in FIG.
A detailed configuration example of the load distribution apparatus (A-02) according to the present embodiment is as shown in FIG.
 図19は、本実施の形態に係る割り振りルール情報テーブルの例を示す。
 図19では、図9に示す割り振りルール情報テーブルと比較して、端末装置の優先度である検疫レベル(LV)の項目が追加されている。
 つまり、本実施の形態は、選択部(A-300)(アクセス割り振り決定部(A-09))は、危険度評価値と、優先度である検疫レベルと、各サーバ装置の負荷状態である負荷レベル(LV)とに基づき、セキュリティ管理のためのデータ処理を端末装置に行うサーバ装置を選択する。 FIG. 19 shows an example of an allocation rule information table according to the present embodiment.
In FIG. 19, compared to the allocation rule information table shown in FIG. 9, an item of a quarantine level (LV) that is a priority of the terminal device is added.
In other words, in the present embodiment, the selection unit (A-300) (access allocation determination unit (A-09)) is a risk evaluation value, a quarantine level as a priority, and a load state of each server device. Based on the load level (LV), a server device that performs data processing for security management on the terminal device is selected.
***動作の説明***
 本実施の形態に係る負荷分散装置(A-02)の動作例は、図17に示すとおりである。
 図17において、S01、S02、S11、S12、S04、S13、S06、S08は、実施の形態2と同様であり、説明を省略する。
 S07では、アクセス割り振り決定部(A-09)は、図19に示す危険度評価値の条件、負荷レベルの条件に加えて、検疫レベルの条件もパラメータに加えて、サーバ装置を選択する。 *** Explanation of operation ***
An example of the operation of the load balancer (A-02) according to the present embodiment is as shown in FIG.
In FIG. 17, S01, S02, S11, S12, S04, S13, S06, and S08 are the same as those in the second embodiment, and a description thereof is omitted.
In S07, the access allocation determination unit (A-09) selects the server apparatus in addition to the quarantine level condition and the parameter in addition to the risk evaluation value condition and the load level condition shown in FIG.
***効果の説明***
 本実施の形態では、端末装置で保持する情報の機密レベル及び端末装置の利用者の役職レベルが反映される優先度をパラメータに加えて、サーバ装置を選択する。
 このため、実施の形態2よりも直接的に、機密レベルの高い情報を保持する端末装置や、重要役職にある利用者が使用する端末装置が、他の拠点のサーバ装置に割り振られる事態を回避することができる。 *** Explanation of effects ***
In this embodiment, a server device is selected by adding a priority that reflects the confidential level of information held in the terminal device and the job title level of the user of the terminal device to the parameters.
For this reason, it is possible to avoid a situation in which a terminal device that holds information with a high confidentiality level or a terminal device that is used by a user in an important position is allocated to a server device at another base more directly than in the second embodiment. can do.
 以上、本発明の実施の形態について説明したが、これらの実施の形態のうち、2つ以上を組み合わせて実施しても構わない。
 あるいは、これらの実施の形態のうち、1つを部分的に実施しても構わない。
 あるいは、これらの実施の形態のうち、2つ以上を部分的に組み合わせて実施しても構わない。
 なお、本発明は、これらの実施の形態に限定されるものではなく、必要に応じて種々の変更が可能である。 As mentioned above, although embodiment of this invention was described, you may implement in combination of 2 or more among these embodiment.
Alternatively, one of these embodiments may be partially implemented.
Alternatively, two or more of these embodiments may be partially combined.
In addition, this invention is not limited to these embodiment, A various change is possible as needed.
 最後に、実施の形態1~3に示した負荷分散装置(A-02)のハードウェア構成例を図20を参照して説明する。
 負荷分散装置(A-02)はコンピュータであり、負荷分散装置(A-02)の各要素をプログラムで実現することができる。
 負荷分散装置(A-02)のハードウェア構成としては、バスに、演算装置(901)、外部記憶装置(902)、主記憶装置(903)、通信装置(904)、入出力装置(905)が接続されている。 Finally, a hardware configuration example of the load distribution apparatus (A-02) shown in the first to third embodiments will be described with reference to FIG.
The load balancer (A-02) is a computer, and each element of the load balancer (A-02) can be realized by a program.
The hardware configuration of the load balancer (A-02) includes a bus, an arithmetic unit (901), an external storage unit (902), a main storage unit (903), a communication unit (904), and an input / output unit (905). Is connected.
 演算装置(901)は、プログラムを実行するCPU(Central Processing Unit)である。
 外部記憶装置(902)は、例えばROM(Read Only Memory)やフラッシュメモリ、ハードディスク装置である。
 主記憶装置(903)は、RAM(Random Access Memory)である。
 通信装置(904)は、例えば、NIC(Network Interface Card)であり、アクセス受信部(A-03)、サーバ通信部(A-10)、負荷状態情報受信部(A-14)、負荷状態情報送信部(A-23)の物理層に相当する。 The arithmetic device (901) is a CPU (Central Processing Unit) that executes a program.
The external storage device (902) is, for example, a ROM (Read Only Memory), a flash memory, or a hard disk device.
The main storage device (903) is a RAM (Random Access Memory).
The communication device (904) is, for example, a NIC (Network Interface Card), and includes an access receiving unit (A-03), a server communication unit (A-10), a load state information receiving unit (A-14), and load state information. This corresponds to the physical layer of the transmission unit (A-23).
 プログラムは、通常は外部記憶装置(902)に記憶されており、主記憶装置(903)にロードされた状態で、順次演算装置(901)に読み込まれ、実行される。
 プログラムは、図2、図3及び図12に示す「~部」(但し、「~記憶部」を除く、以下同様)として説明している機能を実現するプログラムである。
 更に、外部記憶装置(902)にはオペレーティングシステム(OS)も記憶されており、OSの少なくとも一部が主記憶装置(903)にロードされ、演算装置(901)はOSを実行しながら、図2、図3及び図12に示す「~部」の機能を実現するプログラムを実行する。
 また、実施の形態1~3の説明において、「判断する」、「判定する」、「調査する」、「算出する」、「導出する」、「選択する」、「生成する」、「抽出する」、「設定する」、「受信する」、「取得する」等として説明している処理の結果を示す情報やデータや信号値や変数値が主記憶装置(903)にファイルとして記憶されている。 The program is normally stored in the external storage device (902), and is loaded into the main storage device (903) and sequentially read into the arithmetic device (901) and executed.
The program is a program that realizes the functions described as “˜unit” (except for “˜storage unit”, the same applies hereinafter) shown in FIG. 2, FIG. 3 and FIG.
Further, an operating system (OS) is also stored in the external storage device (902), at least a part of the OS is loaded into the main storage device (903), and the arithmetic unit (901) executes the OS while 2, a program for realizing the functions of “˜unit” shown in FIGS. 3 and 12 is executed.
In the description of the first to third embodiments, “determine”, “determine”, “investigate”, “calculate”, “derived”, “select”, “generate”, “extract” ”,“ Set ”,“ Receive ”,“ Acquire ”, etc. Information, data, signal values, and variable values indicating the results of processing are stored as files in the main storage device (903). .
 なお、図20の構成は、あくまでも負荷分散装置(A-02)のハードウェア構成の一例を示すものであり、負荷分散装置(A-02)のハードウェア構成は図20に記載の構成に限らず、他の構成であってもよい。 The configuration in FIG. 20 is merely an example of the hardware configuration of the load balancer (A-02), and the hardware configuration of the load balancer (A-02) is limited to the configuration shown in FIG. Alternatively, other configurations may be used.
 また、実施の形態1~3に示す手順により、本発明に係る負荷分散方法を実現可能である。 Also, the load distribution method according to the present invention can be realized by the procedure shown in the first to third embodiments.
 A00 拠点A、A-01 端末装置、A-02 負荷分散装置、A-03 アクセス受信部、A-04 端末状態評価部、A-05 検疫レベル情報記憶部、A-06 端末属性情報記憶部、A-07 更新プログラム情報記憶部、A-08 割り振りルール情報記憶部、A-09 アクセス割り振り決定部、A-10 サーバ通信部、A-11 検疫レベル情報管理部、A-12 端末情報管理部、A-13 更新プログラム情報管理部、A-14 負荷状態情報受信部、A-15 負荷状態情報記憶部、A-16 修復サーバ装置、A-17 検疫サーバ装置、A-18 端末属性情報記憶装置、A-19 修復情報記憶装置、A-20 検疫情報記憶装置、A-21 端末情報収集部、A-23 負荷状態情報送信部、A-24 アクセス端末情報記憶部、A-100 端末調査部、A-200 負荷状態情報受信部、A-300 選択部、B00 拠点B、B-01 端末装置、B-02 負荷分散装置、B-16 修復サーバ装置、B-17 検疫サーバ装置、B-18 端末属性情報記憶装置、B-19 修復情報記憶装置、B-20 検疫情報記憶装置。 A00 site A, A-01 terminal device, A-02 load balancer, A-03 access receiving unit, A-04 terminal state evaluation unit, A-05 quarantine level information storage unit, A-06 terminal attribute information storage unit, A-07 update program information storage unit, A-08 allocation rule information storage unit, A-09 access allocation determination unit, A-10 server communication unit, A-11 quarantine level information management unit, A-12 terminal information management unit, A-13 update program information management unit, A-14 load status information reception unit, A-15 load status information storage unit, A-16 repair server device, A-17 quarantine server device, A-18 terminal attribute information storage device, A-19 Repair information storage device, A-20 Quarantine information storage device, A-21 Terminal information collection unit, A-23 Load status information transmission unit, A-24 Access terminal information storage unit, A-100 terminal survey unit, A-200 load status information reception unit, A-300 selection unit, B00 site B, B-01 terminal device, B-02 load distribution device, B-16 repair server Device, B-17 quarantine server device, B-18 terminal attribute information storage device, B-19 repair information storage device, B-20 quarantine information storage device.

Claims (12)

  1.  端末装置のセキュリティ状態を調査する端末調査部と、
     複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信する負荷状態情報受信部と、
     前記端末調査部により調査された前記端末装置のセキュリティ状態と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択する選択部とを有する負荷分散装置。     A terminal investigation unit that investigates the security status of the terminal device;
    A load state information receiving unit for receiving load state information indicating each load state of the plurality of server devices;
    A server device that performs data processing for security management on the terminal device based on the security state of the terminal device investigated by the terminal investigation unit and the load state of each server device indicated in the load state information A load balancer having a selection unit for selecting from a plurality of server devices.
  2.  前記端末調査部は、
     前記端末装置の属性を調査し、
     前記選択部は、
     前記端末調査部により調査された前記端末装置のセキュリティ状態と前記端末装置の属性と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択する請求項1に記載の負荷分散装置。     The terminal investigation unit
    Investigate the attributes of the terminal device,
    The selection unit includes:
    Based on the security status of the terminal device, the attributes of the terminal device, and the load status of each server device indicated in the load status information, the terminal device performs data processing for security management. The load distribution device according to claim 1, wherein a server device to be executed is selected from among the plurality of server devices.
  3.  前記選択部は、
     前記端末調査部により調査された前記端末装置のセキュリティ状態と前記端末装置の属性とに基づき評価値を算出し、算出した評価値と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択する請求項2に記載の負荷分散装置。     The selection unit includes:
    An evaluation value is calculated based on the security state of the terminal device and the attribute of the terminal device investigated by the terminal investigation unit, and the calculated evaluation value and the load state of each server device indicated in the load state information The load distribution device according to claim 2, wherein a server device that performs data processing for security management on the terminal device is selected from the plurality of server devices.
  4.  前記選択部は、
     前記端末調査部により調査された前記端末装置の属性から、前記端末装置の優先度を導出し、
     前記端末調査部により調査された前記端末装置のセキュリティ状態と、導出した優先度とに基づき前記評価値を算出する請求項3に記載の負荷分散装置。     The selection unit includes:
    Deriving the priority of the terminal device from the attribute of the terminal device investigated by the terminal investigation unit,
    The load distribution apparatus according to claim 3, wherein the evaluation value is calculated based on a security state of the terminal device investigated by the terminal investigation unit and a derived priority.
  5.  前記選択部は、
     前記評価値と、前記優先度と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択する請求項4に記載の負荷分散装置。     The selection unit includes:
    Based on the evaluation value, the priority, and the load state of each server device indicated in the load state information, a server device that performs data processing for security management on the terminal device is included in the plurality of server devices. The load distribution apparatus according to claim 4, wherein the load distribution apparatus is selected from the following.
  6.  前記端末調査部は、
     前記端末装置のセキュリティ状態として、前記端末装置におけるセキュリティプログラムの更新状態を調査する請求項1に記載の負荷分散装置。     The terminal investigation unit
    The load distribution apparatus according to claim 1, wherein an updated state of a security program in the terminal device is investigated as a security state of the terminal device.
  7.  前記端末調査部は、
     前記端末装置の属性として、前記端末装置が保有する機密情報の有無及び前記端末装置の利用者の属性の少なくともいずれかを調査する請求項2に記載の負荷分散装置。     The terminal investigation unit
    The load distribution apparatus according to claim 2, wherein at least one of presence / absence of confidential information held by the terminal device and an attribute of a user of the terminal device is investigated as the attribute of the terminal device.
  8.  前記負荷状態情報受信部は、
     検疫処理を行う複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信し、
     前記選択部は、
     前記端末調査部により調査された前記端末装置のセキュリティ状態と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、前記端末装置の検疫処理を行うサーバ装置を前記複数のサーバ装置の中から選択する請求項1に記載の負荷分散装置。     The load state information receiving unit
    Receiving load status information indicating the load status of each of a plurality of server devices performing quarantine processing;
    The selection unit includes:
    Based on the security state of the terminal device investigated by the terminal investigation unit and the load state of each server device indicated in the load state information, a server device that performs a quarantine process of the terminal device is defined in the plurality of server devices. The load distribution apparatus according to claim 1, wherein the load distribution apparatus is selected from among them.
  9.  前記負荷状態情報受信部は、
     修復処理を行う複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信し、
     前記選択部は、
     前記端末調査部により調査された前記端末装置のセキュリティ状態と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、前記端末装置の修復処理を行うサーバ装置を前記複数のサーバ装置の中から選択する請求項1に記載の負荷分散装置。     The load state information receiving unit
    Receiving load status information indicating the load status of each of the plurality of server devices performing the repair process;
    The selection unit includes:
    Based on the security state of the terminal device investigated by the terminal investigation unit and the load state of each server device indicated in the load state information, a server device that performs repair processing of the terminal device is defined as the plurality of server devices. The load distribution apparatus according to claim 1, wherein the load distribution apparatus is selected from among them.
  10.  前記選択部は、
     セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を、複数の拠点に配置されている前記複数のサーバ装置の中から選択する請求項1に記載の負荷分散装置。     The selection unit includes:
    The load distribution apparatus according to claim 1, wherein a server device that performs data processing for security management on the terminal device is selected from the plurality of server devices arranged at a plurality of bases.
  11.  コンピュータが、端末装置のセキュリティ状態を調査し、
     前記コンピュータが、複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信し、
     前記コンピュータが、調査された前記端末装置のセキュリティ状態と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択する負荷分散方法。     The computer investigates the security status of the terminal device,
    The computer receives load status information indicating a load status of each of the plurality of server devices;
    The plurality of server devices for the computer to perform data processing for security management on the terminal device based on the security state of the terminal device investigated and the load state of each server device indicated in the load state information. Load distribution method to select from among the server devices.
  12.  コンピュータに、
     端末装置のセキュリティ状態を調査させ、
     複数のサーバ装置の各々の負荷状態が示される負荷状態情報を受信させ、
     調査された前記端末装置のセキュリティ状態と、前記負荷状態情報に示される各サーバ装置の負荷状態とに基づき、セキュリティ管理のためのデータ処理を前記端末装置に行うサーバ装置を前記複数のサーバ装置の中から選択させるプログラム。     On the computer,
    Investigate the security status of the terminal device,
    Receiving load status information indicating the load status of each of the plurality of server devices;
    Based on the investigated security status of the terminal device and the load status of each server device indicated in the load status information, a server device that performs data processing for security management on the terminal device is assigned to the plurality of server devices. Program to choose from.
PCT/JP2014/075288 2014-09-24 2014-09-24 Load distribution device, load distribution method and program WO2016046920A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/075288 WO2016046920A1 (en) 2014-09-24 2014-09-24 Load distribution device, load distribution method and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/075288 WO2016046920A1 (en) 2014-09-24 2014-09-24 Load distribution device, load distribution method and program

Publications (1)

Publication Number Publication Date
WO2016046920A1 true WO2016046920A1 (en) 2016-03-31

Family

ID=55580482

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/075288 WO2016046920A1 (en) 2014-09-24 2014-09-24 Load distribution device, load distribution method and program

Country Status (1)

Country Link
WO (1) WO2016046920A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6280613B1 (en) * 2016-10-07 2018-02-14 楽天銀行株式会社 Unauthorized transfer detection system, unauthorized transfer detection method, and program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050243789A1 (en) * 2004-04-19 2005-11-03 Brian Dinello Network security system
WO2012101893A1 (en) * 2011-01-25 2012-08-02 日本電気株式会社 Security policy enforcement system and security policy enforcement method
JP2012174051A (en) * 2011-02-22 2012-09-10 Hitachi Cable Networks Ltd Quarantine network system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050243789A1 (en) * 2004-04-19 2005-11-03 Brian Dinello Network security system
WO2012101893A1 (en) * 2011-01-25 2012-08-02 日本電気株式会社 Security policy enforcement system and security policy enforcement method
JP2012174051A (en) * 2011-02-22 2012-09-10 Hitachi Cable Networks Ltd Quarantine network system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6280613B1 (en) * 2016-10-07 2018-02-14 楽天銀行株式会社 Unauthorized transfer detection system, unauthorized transfer detection method, and program
JP2018060452A (en) * 2016-10-07 2018-04-12 楽天銀行株式会社 Fraud transfer detection system, fraud transfer detection method, and program thereof

Similar Documents

Publication Publication Date Title
US11343280B2 (en) System and method for identifying and controlling polymorphic malware
US10708289B2 (en) Secured event monitoring leveraging blockchain
JP6553524B2 (en) System and method for utilizing a dedicated computer security service
US10574698B1 (en) Configuration and deployment of decoy content over a network
US10764320B2 (en) Structuring data and pre-compiled exception list engines and internet protocol threat prevention
US9668137B2 (en) Controlling enterprise access by mobile devices
US10726137B2 (en) Copy protection for secured files
US9471469B2 (en) Software automation and regression management systems and methods
US8869272B2 (en) System, method, and computer program product for preventing a modification to a domain name system setting
EP3161719B1 (en) Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment
US10043017B2 (en) Systems and methods for jurisdiction independent data storage in a multi-vendor cloud environment
US20230308451A1 (en) Data security
CN113498589B (en) Managed secret management transmission system and method
US9384359B2 (en) Information firewall
US10984116B2 (en) Systems and methods for digital currency or crypto currency storage in a multi-vendor cloud environment
CN112470442B (en) Deploying data loss protection policies to user devices
WO2016046920A1 (en) Load distribution device, load distribution method and program
WO2020160136A1 (en) Systems and methods for digital currency or crypto currency storage in a multi-vendor cloud environment
KR102564418B1 (en) System for controlling network access and method of the same
EP3482336A1 (en) Jurisdiction independent data storage in a multi-vendor cloud environment
US11647020B2 (en) Satellite service for machine authentication in hybrid environments
JP7255681B2 (en) Execution control system, execution control method, and program
US20220376924A1 (en) Header for conveying trustful client address

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14902835

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 14902835

Country of ref document: EP

Kind code of ref document: A1