Method for device quarantine and quarantine network system
First Claim
1. A device quarantine method, applied for a quarantine network and a business network, for inspecting a device that is intended to be connected to the business network, the method comprising:
- storing data of definitions for types of quarantine-exempted devices and management data of a quarantine-exempted device to a storage device;
connecting the device which is intended to be connected to the business network to the quarantine network;
acquiring information of the device connected to the quarantine network;
executing a connection test on ports of the device connected to the quarantine network;
determining whether the type of the device is quarantine-exempted or not based on the data of definitions for types of quarantine-exempted devices and the acquired information of the device;
when the determination result in the determining indicates that the type of the device is quarantine-exempted, updating the management data of a quarantine-exempted device to allow communication in the business network;
enabling connection to the business network based on the updated management data of a quarantine-exempted device; and
wherein the data of definitions for types of quarantine-exempted devices includes information of request-essential ports which is designated as a request destination for communication and request-prohibited ports for which a request is prohibited for communication for each type of devices,the method further comprising;
acquiring the communication log of the device omitting an inspection to allow communication in the business network continuously;
comparing the communication log and the information of request-essential ports and request-prohibited ports; and
when there exists no log event in the communication log that the device requests communication to the business network with one of the request-essential ports, or there exists the log event in the communication log that the device requests communication to the business network with one of the request-prohibited ports, canceling the setup that the device is dealt as quarantine-exempted.
1 Assignment
0 Petitions
Accused Products
Abstract
A network quarantine management system eliminates registration or updating work of a quarantine-exempted device and prevents a fraudulent device from abusing authorized network information registered as a quarantine-exempted device and from impersonation.
When a quarantine management system detects network connection of a new device, the system judges the type (printer, NAS, etc.) of the device by port scanning. The system enables the device to communicate with another device coupled to a business network without an inspection for connecting the device to the business network, if the newly coupled device is judged to be of an authorized type. The device type judgment is conducted whenever a connection is made and is repeatedly conducted after establishment of the connection to check that the type is of an authorized type and, if the type is found to be an unauthorized type, the device is isolated for inspection.
65 Citations
3 Claims
-
1. A device quarantine method, applied for a quarantine network and a business network, for inspecting a device that is intended to be connected to the business network, the method comprising:
-
storing data of definitions for types of quarantine-exempted devices and management data of a quarantine-exempted device to a storage device; connecting the device which is intended to be connected to the business network to the quarantine network; acquiring information of the device connected to the quarantine network; executing a connection test on ports of the device connected to the quarantine network; determining whether the type of the device is quarantine-exempted or not based on the data of definitions for types of quarantine-exempted devices and the acquired information of the device; when the determination result in the determining indicates that the type of the device is quarantine-exempted, updating the management data of a quarantine-exempted device to allow communication in the business network; enabling connection to the business network based on the updated management data of a quarantine-exempted device; and wherein the data of definitions for types of quarantine-exempted devices includes information of request-essential ports which is designated as a request destination for communication and request-prohibited ports for which a request is prohibited for communication for each type of devices, the method further comprising; acquiring the communication log of the device omitting an inspection to allow communication in the business network continuously; comparing the communication log and the information of request-essential ports and request-prohibited ports; and when there exists no log event in the communication log that the device requests communication to the business network with one of the request-essential ports, or there exists the log event in the communication log that the device requests communication to the business network with one of the request-prohibited ports, canceling the setup that the device is dealt as quarantine-exempted.
-
-
2. A device quarantine method, applied for a quarantine network and a business network, for inspecting a device that is intended to be connected to the business network, the method comprising:
-
storing data of definitions for types of quarantine-exempted devices and management data of a quarantine-exempted device to a storage device; connecting the device which is intended to be connected to the business network to the quarantine network; acquiring information of the device connected to the quarantine network; executing a connection test on ports of the device connected to the quarantine network; determining whether the type of the device is quarantine-exempted or not based on the data of definitions for types of quarantine-exempted devices and the acquired information of the device; when the determination result in the determining indicates that the type of the device is quarantine-exempted, updating the management data of a quarantine-exempted device to allow communication in the business network; enabling connection to the business network based on the updated management data of a quarantine-exempted device; and registering information of the device connected to the business network and information as to quarantine-needed or quarantine-exempted by a user; and storing the information of the device connected to the business network and the information as to quarantine-needed or quarantine-exempted to the storage device.
-
-
3. A quarantine management system connecting a quarantine network and a business network, for inspecting a device that is intended to be connected to the business network, the system comprising:
-
an isolation means for isolating the device such that the device communicates only in the quarantine network, and not in the business network; a quarantine means for quarantining the device for communicating in the business network, and enabling the quarantine-exempted device to communicate in the business network; and a determination means for determining whether quarantine of the device for communicating in the business network is needed or not, and the determination means comprises; a storage means for storing data of definitions for types of quarantine-exempted devices and management data of a quarantine-exempted device to a storage device; a device inspection means for executing a connection test on ports of the device connected to the quarantine network, and for determining whether the type of the device is quarantine-exempted or not based on the data of definitions for types of quarantine-exempted devices and the stored information of the device; an update means for updating the management data of a quarantine-exempted device to omit an inspection to allow communication in the business network when the determination means determines that the type of the device is quarantine-exempted; and wherein the data of definitions for types of quarantine-exempted devices includes information of request-essential ports which is designated as a request destination for communication and request-prohibited ports for which a request is prohibited for communication for each type of devices, the system further comprises an acquisition means for acquiring the communication log of the device omitting an inspection to allow communication in the business network; and the determination means compares the communication log and the information of request-essential ports and request-prohibited ports, and cancels the setup that the device is dealt as quarantine-exempted, when there exists no log event in the communication log that the device requests communication to the business network with one of the request-essential ports, or there exists the log event in the communication log that the device requests communication to the business network with one of the request-prohibited ports.
-
Specification