Hybrid software deflects attackers with guile

Fremont, Calif., a Silicon Valley city of 200,000, doesn't sound like a top target for network hacks. But when war began last spring in Iraq, the city's Web site, at www.ci.fremont.ca.us, received scores of hits from locations in the Middle East.

The city had just installed ActiveScout intrusion-prevention software from ForeScout Technologies Inc. of San Mateo, Calif. The software has a map that shows the geographic origin of attempted attacks.

'It really opened our eyes,' said Mike Towan, Fremont's network administrator. 'We were surprised at the kind and amount of traffic at our gateway that we weren't aware of before.'

Towan described ActiveScout as a hybrid of a honey pot'a system that lures hackers, then blocks their IP addresses'with intrusion detection. ActiveScout learned the network rapidly and began to offer up services to suspected hackers 'to tell them the site is wide open,' he said. 'When they come back to exploit what they think are vulnerabilities, ActiveScout blocks them.'

The software resides outside the firewall on the city's predominantly Microsoft Windows 2000 network and monitors all incoming traffic.

Towan said he was surprised at how fast the software began blocking suspicious activity.

Anecdotally, he said, the $10,000 software has paid for itself. The city at first had considered installing intrusion-detection hardware, but the requirements for log reviews, alert analysis and other maintenance would have overwhelmed the two-person security team.

ActiveScout monitors itself, 'which frees me up to do other network administration,' Towan said.

About the Author

Trudy Walsh is a senior writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected