Scientia Estudos Interdisciplinares em Computação 16(2): 125-138, julho/dezembro 2005 © 2005 by Unisinos MAST: Intelligent Roaming Guards for Network and Host Security Marco Carvalho, Matteo Rebeschini, James Horsley, Niranjan Suri, Tom Cowin, Maggie Breedy Florida Institute for Human and Machine Cognition 40 South Alcaniz St. – Pensacola, FL – 32502 (850) 202-4446 – www.ihmc.us 1 Introduction Perimeter Control has conventionally been the primary focus of attention in enterprise network security. By regulating access in and out of the network through firewalls and proxy servers, users and system administrators were always provided with a sense of isolation and implied security that unfortunately often failed to materialize. Besides the numerous and well documented strategies for circumventing perimeteral defenses, the emergent risk of the insider threat essentially put to rest any remaining hopes that perimeter defense alone (even if correctly implemented) could provide adequate protection to enterprise networks. As consequence, a change in focus began to emerge, shifting the point of attention from the perimeter of the network to the host itself. If each and every host in the network is adequately protected, not only the risks of a compromise due Abstract After years of active research in enterprise security tools, practices, and polices, the state of the art has evolved significantly and yet the frequency and the severity of successful attacks continue to increase. We argue that part of the problem lies in the increasing complexity and scale of computer networks, which essentially shifts the issue of network and computer security to a system administration problem. In complex network systems, security failures occur not necessarily due to lack of knowledge or skill, but mostly because of inadequate supporting tools to improve the awareness and control of complex networks. In this paper, we present MAST, a mobile agent- based security tool designed to better support system administrators and security practitioners. In MAST, we have identified two core issues that are often the cause of failures in network security procedures, and provided a coupled solution through a single system. Our research spans the areas of network security, multi-agent systems and knowledge representation and sharing. This paper describes in details MAST’s main architectural components and experimental results obtained with the framework. KEYWORDS: networks, security tools, multi-agent systems. to a breach in the perimeter are greatly minimized but so is the footprint of the damage. That is, a successful attack in one host in the network will not necessarily imply that the remaining hosts are immediately vulnerable. The concept is simple and effective: redundant layers of defense to mitigate the likelihood of success and the consequences of an attack. The problem, however, lies in the details. Maintaining the security of individual hosts in networks with heterogeneous systems, policies, and capabilities quickly became a major task. System administrators were required to maintain detailed descriptions of each host and their related vulnerabilities, which changed frequently. Furthermore, they were also expected to be able to quickly identify and correct issues as necessary. To support the new paradigm system administrators and security practitioners quickly coordinated to organize communities to monitor and report vulnerabilities on several operating systems and applications. Operating system and ART05_mcarvalho[v2].pmd 21/3/2007, 11:31 125