Intelligent assessment of distributed security in TCP/IP networks

With the increase of the dynamics of networks interconnection, security issues became a critical point that needs to be considered. The widely adopted solution considers a mix of routers, switches, firewalls and virtual private networks (VPNs) together with the deployment of intrusion detection systems (IDSs) and vulnerability assessment tools. In a proactive approach for intrusions, vulnerability assessment tools allow the detection of vulnerabilities, before they could be exploited. In this paper, we propose an extension to this model, by using a distributed approach based on software agents, to correctly evaluate the network security risks, making an assessment of the distributed security. Based in this model, we develop an algorithm for detecting and enumerating security risks in each active element of a network. The information gathered was used to build a security knowledge assessment. Using these techniques, the information is faster disseminated, which could lead to a more updated assessment of the security issues in the network. There is also an increasing of the awareness to security, since the network managers are more focused on the reported security issues.