Hybrid software deflects attackers

Fremont, Calif., a Silicon Valley city of 200,000, doesn't sound like a top target for network hacks. But when war began last spring in Iraq, the city's Web site, at www.ci.fremont.ca.us, received scores of hits from locations in the Middle East.

The city had just installed ActiveScout intrusion-prevention software from ForeScout Technologies Inc. of San Mateo, Calif. The software has a map that shows the geographic origin of attempted attacks.

'It really opened our eyes,' said Mike Towan, Fremont's network administrator. 'We were surprised at the kind and amount of traffic at our gateway that we weren't aware of before.'

Towan described ActiveScout as a hybrid of honey pot'a system that lures hackers, then blocks their IP addresses'with intrusion detection.

ActiveScout learned the network rapidly and began to offer up services to suspected hackers 'to tell them the site is wide open,' he said. 'When they come back to exploit what they think are vulnerabilities, ActiveScout blocks them.'

The software resides outside the firewall on the city's predominantly Microsoft Windows 2000 network and monitors all incoming traffic.

Towan said he was surprised at how fast the software began blocking suspicious activity.

'Anecdotally, the $10,000 software has paid for itself,' he said. The city at first had considered installing intrusion-detection hardware, but the requirements for log reviews, alert analysis and other maintenance would have overwhelmed the two-person security team.

ActiveScout monitors itself, 'which frees me up to do other network administration,' Towan said.

About the Author

Trudy Walsh is a senior writer for GCN.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected