Abstract: Authentication apparatus authenticates user using host connected to forwarding node. Policy management apparatus holds access control policy for identifying host under access control using identifier of forwarding node or identifier of user, and links identifier of host under access control and identifier of forwarding node to which host is connected, or identifier of host under access control and identifier of user using host. Forwarding node transmits to policy management apparatus identifier of host connected to own forwarding node and identifier of own forwarding node. Authentication apparatus transmits to policy management apparatus identifier of host connected to forwarding node and identifier of user. Policy management apparatus refers to access control policy and, if host connected to forwarding node is under access control, notifies content of access control to control apparatus as access control list.

Abstract: A terminal communicating via a network including a forwarding device(s) for forwarding a packet and a control device for controlling the forwarding device(s) in accordance with a request from the forwarding device, includes: a communication unit that receives a processing rule specifying a process of adding, to a packet, quality information related to communication quality with respect to the terminal, from the control device, a memory unit that stores the received processing rule, and a processing unit that in a case of communicating via the network, adds quality information to a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the memory unit.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.