ForeScout ActiveScout 100
- By Greg Crowe
- Sep 07, 2006
GEOGRAPHY LESSON: ActiveScout 100 shows you a map of where network attacks originate.
The ActiveScout 100 is a self-managed IPS that protects your network without using signatures. It is rack-mounted and takes up 1U of space, but because it's 23 inches deep, some smaller rack configurations might need adjustment to house it.
The ActiveScout has three Ethernet 10/100 ports, PS/2 keyboard and mouse, VGA, two USB and one serial port. It supports Fibre Channel ports as an option and even comes with a DVD-ROM drive.
The initial setup is done through a KVM interface. When it boots, it gives you a line command screen with menu options, which is similar to most COM port interfaces. From here you can set the time, IP addresses of the ports, host name, domain name, and so forth. Once you're done, the ActiveScout is ready to connect to the network.
This is not as easy as it would initially sound, for two reasons. First, the Ethernet ports are not marked on the appliance, and the documentation is little help. There is a menu option that sets each port blinking in turn so you can identify them, but you have to go to the back of the appliance each time and note the blinking port.
Second, the two topologies outlined in the setup guide neglect to indicate whether the IPS should be installed in line with the firewall (just 'inside' the firewall, with all traffic passing through it). Instead, the ActiveScout requires a connection to a point between the firewall and the router so that the ActiveScout is not passing traffic through it, but can still 'see' the traffic. This may require an additional switch outside the firewall.
The Site Manager software can be installed from the supplied CD-ROM on any computer within the network. Once you log in to the IP address of the sensor (either the external or internal IP number, depending upon which configuration you use), you're shown a map of the world illustrating the origins of recent attacks ActiveScout has detected.
Site Manager made it fairly easy to modify the security profile so the ActiveScout could block all our simulated attacks. It was only a matter of setting the sensitivity of the various parameters high enough.
The list price of $26,995 was a bit higher than we'd hoped for, even considering its power and functionality. The government price of $23,253 is a little more palatable, but with a rated throughput (100 Mbps) less than half of IPS devices from Cisco and Juniper, we'd encourage you to shop around. The ActiveScout makes sense for networks that already have switches located outside their firewalls.
ForeScout Technologies, Cupertino, Calif., (866) 377-8771, www.forescout.com