Hybrid software deflects attackers with guile

Fremont, Calif., a Silicon Valley city of 200,000, doesn't sound like a top target for network hacks. But when war began last spring in Iraq, the city's Web site, at www.ci.fremont.ca.us, received scores of hits from locations in the Middle East.

The city had just installed ActiveScout intrusion-prevention software from ForeScout Technologies Inc. of San Mateo, Calif. The software has a map that shows the geographic origin of attempted attacks.

'It really opened our eyes,' said Mike Towan, Fremont's network administrator. 'We were surprised at the kind and amount of traffic at our gateway that we weren't aware of before.'

Towan described ActiveScout as a hybrid of a honey pot'a system that lures hackers, then blocks their IP addresses'with intrusion detection. ActiveScout learned the network rapidly and began to offer up services to suspected hackers 'to tell them the site is wide open,' he said. 'When they come back to exploit what they think are vulnerabilities, ActiveScout blocks them.'

The software resides outside the firewall on the city's predominantly Microsoft Windows 2000 network and monitors all incoming traffic.

Towan said he was surprised at how fast the software began blocking suspicious activity.

Anecdotally, he said, the $10,000 software has paid for itself. The city at first had considered installing intrusion-detection hardware, but the requirements for log reviews, alert analysis and other maintenance would have overwhelmed the two-person security team.

ActiveScout monitors itself, 'which frees me up to do other network administration,' Towan said.

About the Author

Trudy Walsh is a senior writer for GCN.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected