Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

14.3.1 Example of quarantine system operation linked to JP1/Software Distribution (AMT Linkage facility)

The example below describes the operation of a quarantine system linked to JP1/Software Distribution (AMT Linkage facility) in terms of the quarantine process.

This example is based on the following assumptions:

• Managed clients
  Of the clients, A, B, and C, only client C is found to have an unapplied patch.
  
• Security policy (judgment policy) setting
  The security level for clients with unapplied patches is judged to be Danger.
  
• Security policy (action policy) settings
  
  • Clients whose security level is Danger are denied access to the network.
  • Clients whose security level is Safe are permitted access to the network.

Organization of this subsection

(1) Inspection process

(2) Isolation process

(3) Treatment process

(4) Recovery process

(1) Inspection process

In the inspection process, clients that are a security risk are identified, and clients are authenticated. The following figure shows the inspection process.

Figure 14-27 Inspection process

1. Inventory information for clients is reported to JP1/Software Distribution Manager on the management and network control server via JP1/Software Distribution Client (relay system) on the treatment server.
   The inventory information for clients A, B, and C is reported to JP1/Software Distribution Manager on the management and network control server via JP1/Software Distribution Client (relay system) on the treatment server.
   
2. JP1/CSC - Manager on the management and network control server judges the security level of client C to be Danger.
   JP1/CSC - Manager on the management and network control server compares the inventory information against the judgment policy, and judges the security level of client C to be Danger.
   

(2) Isolation process

In the isolation process, client network connections are controlled based on the security policy. The following figure shows the isolation process.

Figure 14-28 Isolation process

1. JP1/CSC - Manager on the management and network control server instructs JP1/CSC - Agent to deny network connections.
   Based on the action policy, JP1/CSC - Manager on the management and network control server instructs JP1/CSC - Agent to deny connections.
   
2. JP1/CSC - Agent on the management and network control server instructs JP1/Software Distribution Manager to deny client C network connections.
3. The AMT Linkage facility of JP1/Software Distribution Manager denies client C network connections.
   Communication with client C is disconnected, except for specific ports such as JP1/Software Distribution ports.
   

(3) Treatment process

In the treatment process, security measures are implemented on clients denied access to the network. For details about how to implement security measures on clients, see 14.3.3 Implementing client security measures.

The following figure shows the treatment process.

Figure 14-29 Treatment process

1. Package the patch and register it in JP1/Software Distribution Manager on the management and network control server.
   Package the patch to be installed and register it in JP1/Software Distribution Manager on the management and network control server.
   
2. Distribute the patch from JP1/Software Distribution Manager on the management and network control server.
   In JP1/Software Distribution Manager on the management and network control server, execute the patch distribution job. The patch is transferred to JP1/Software Distribution Client (relay system) on the treatment server.
   
3. Remotely install the patch on client C from JP1/Software Distribution Client (relay system) on the treatment server.
   The patch is installed on client C from JP1/Software Distribution Client (relay system) on the treatment server. Security measures are implemented on client C with the application of the distributed patch.
   

Reference note

The client user can also implement security measures on a client denied access to the network by manually selecting and installing packages registered with JP1/Software Distribution Manager on the management and network control server.

(4) Recovery process

In the recovery process, clients for which security measures have been implemented are judged again, and those judged Safe are reconnected to the network.

The following figure shows the recovery process.

Figure 14-30 Recovery process

1. Inventory information for client C is reported to JP1/Software Distribution Manager on the management and network control server via JP1/Software Distribution Client (relay system) on the treatment server.
   After the patch is applied, the latest inventory information for client C is reported to JP1/Software Distribution Manager on the management and network control server via JP1/Software Distribution Client (relay system) on the treatment server.
   
2. JP1/CSC - Manager on the management and network control server judges client C to be Safe, and instructs JP1/CSC - Agent to permit a network connection.
   JP1/CSC - Manager on the management and network control server compares the inventory information against the security policy, and finds that all patches have been applied. As a result, the security level of the client C is judged to be Safe. JP1/CSC - Manager on the management and network control server then instructs JP1/CSC - Agent to permit a network connection based on the action policy.
   
3. JP1/CSC - Agent on the management and network control server instructs JP1/Software Distribution Manager to permit a network connection for client C.
4. The AMT Linkage facility of JP1/Software Distribution Manager permits a network connection for client C.
   This allows client C to access the network.
   

[Contents][Back][Next]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated