Micro-firewalls for dynamic network security with distributed intrusion detection

This paper reports the design experiences and research findings of a new distributed security architecture for protecting exposed Intranets or clusters of computers from malicious attacks. We present a new approach of building micro-firewalls on network hosts to enable distributed intrusion detection with dynamic policy change, as the threat pattern changes. This distributed security can effectively counteract attacks from intruders or insiders. Three policy-update mechanisms are evaluated for achieving dynamic security. Mobile agents are shown most scalable and robust for policy update, but prone to attacks by other agents or hosts. The CORBA has the best speed performance with lower overhead The Java-based RMI demonstrates the highest security based on the sandbox model. The optimal choice depends on the tradeoffs among operating speed, Intranet scalability, host robustness, and the security level demanded by specific network applications