Current network security systems are a collection of various security
components, which are directly installed in the operating system. These check
the whole node for suspicious behaviour. Armouring intrusions e.g. have the
ability to hide themselves from being checked. We present in this paper an
alternative organisation of security systems. The node is completely
virtualized with current virtualization systems so that the operating system
with applications and the security system is distinguished. The security system
then checks the node from outside and the right security components are
provided through a service oriented architecture. Due to the running in a
virtual machine, the infected nodes can be halted, duplicated, and moved to
other nodes for further analysis and legal aspects. This organisation is in
this article analysed and a preliminary implementation showing promising
results are discussed.Comment: 4 page