![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
The example below describes the quarantine process using the JP1/NM quarantine support facility.
This example is based on the following assumptions:
- Managed clients
Of clients A, B, and C, an unapplied patch is found only for client C.
- Security policy (judgment policy) setting
The security level for clients with unapplied patches is judged to be Danger.
- Security policy (action policy) setting
- Clients whose security level is Danger are denied access to the network.
- Clients whose security level is Safe are permitted access to the network.
- Organization of this subsection
- (1) Inspection process
- (2) Isolation process
- (3) Treatment process
- (4) Recovery process
(1) Inspection process
In the inspection process, client security levels are judged, and clients that are a security risk are identified. The following figure shows the inspection process.
Figure 14-1 Inspection process
- Inventory information for clients is reported to JP1/Software Distribution Manager on the management server via JP1/Software Distribution Client (relay system)# on the treatment server.
Inventory information for clients A, B, and C is reported to JP1/Software Distribution Manager on the management server via JP1/Software Distribution Client (relay system)#.
- #
- JP1/Software Distribution SubManager 07-50 or later can also be used.
- JP1/CSC - Manager on the management server judges client C to be Danger.
JP1/CSC - Manager on the management server compares the inventory information against the judgment policy, and judges client C to be Danger.
(2) Isolation process
In the isolation process, client network connections are controlled based on the security policy. The following figure shows the isolation process.
Figure 14-2 Isolation process
- JP1/CSC - Manager on the management server instructs the network control server to deny a network connection.
Based on the action policy, JP1/CSC - Manager on the management server instructs the network control server to deny a network connection.
- The network control server instructs the treatment server to deny the network connection by client C.
- The treatment server denies the network connection by client C.
JP1/NM on the treatment server denies the network connection by client C. However, the JP1/NM quarantine support facility permits a connection between client C and the treatment server, allowing the two to communicate.
(3) Treatment process
In the treatment process, security measures are implemented on clients denied access to the network. For details about how to implement security measures on clients, see 14.1.4 Implementing client security measures.
The following figure shows the treatment process.
Figure 14-3 Treatment process
- Package the patch and register it in JP1/Software Distribution Manager on the management server.
Package the patch to be installed and register it in JP1/Software Distribution Manager on the management server.
- Distribute the patch from JP1/Software Distribution Manager on the management server.
In JP1/Software Distribution Manager on the management server, execute the patch distribution job. The patch is transferred to JP1/Software Distribution Client (relay system)# on the treatment server.
- Remotely install the patch on client C from JP1/Software Distribution Client (relay system)#.
The patch is installed on client C from JP1/Software Distribution Client (relay system)# on the treatment server. By applying the distributed patch, security measures are implemented on client C.
- #
- JP1/Software Distribution SubManager 07-50 or later can also be used.
- Reference note
- The user can also implement security measures on a client denied access to the network by manually selecting and installing packages registered with JP1/Software Distribution Manager on the management server.
(4) Recovery process
In the recovery process, clients for which security measures were implemented are judged again, and those judged Safe are reconnected to the network.
The following figure shows the recovery process.
Figure 14-4 Recovery process
- Inventory information for client C is reported to JP1/Software Distribution Manager on the management server via JP1/Software Distribution Client (relay system)# on the treatment server.
After the patch is applied, the latest inventory information for client C is reported to JP1/Software Distribution Manager on the management server via JP1/Software Distribution Client (relay system)# on the treatment server.
- #
- JP1/Software Distribution SubManager 07-50 or later can also be used.
- JP1/CSC - Manager on the management server judges client C to be safe, and instructs the network control server to permit a network connection.
JP1/CSC - Manager on the management server compares the inventory information against the security policy, and finds that all patches are applied. As a result, client C is judged to be Safe. JP1/CSC - Manager on the management server then instructs the network control server to permit a network connection based on the action policy.
- The network control server instructs the treatment server to restore the network connection for client C.
- The treatment server restores the network connection for client C.
JP1/NM on the treatment server restores the network connection for client C, allowing client C to access the network.
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated
![[Figure]](FIGURE/ZU140100.GIF)
![[Figure]](FIGURE/ZU140200.GIF)
![[Figure]](FIGURE/ZU140300.GIF)
![[Figure]](FIGURE/ZU140400.GIF)