This paper proposes and implements a comprehensive software system based on agents and mobile agents techniques, which firstly deals with the network admission control and authorization, adopting the traditional password authentication schema and an intelligent, flexible sensor whose kernel is the NDIS-hooking driver. Agent Message Protocol over UDP/TCP is proposed to secure and encrypt the communication data among stationary agents and server components, which eradicates malicious codes embedded or spread in the internal network. In order to avoid the above software agents mangled or destroyed, the proactive method of Grid Scanning model based on the Agent Message Protocol and Address Resolution Protocol can detect and spoof those clients whose agents are mangled; and if the users forge the logon info, this system can prevent the clients escaping from the control with the dual verification mechanism. Finally, the mobile agent infrastructure with flexible and effortless integration with this security system is introduced and implemented, which supports security access to resources on the controllable clients. Such solution in the internal network satisfies the security-related requirements of availability, expansibility, responsibility, and self-defense, as well as the non-security-related requirements of real-time, veracity, stability and flexibility.