Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
News by Vendor /

A perimeter defense system

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Linda Musthaler
Network World Technology Executive Newsletter, 02/18/02

Security is like money - you can never have too much. It seems that in the past year, network security has jumped from the back burner right into the lap of every network manager. I had a briefing from a new security company a few weeks ago, and I want to tell you about this company's approach to protecting the network. It's a different approach, adding one more layer of protection to keep you out of harm's way.

The company is ForeScout Technologies, with U.S. headquarters in Palo Alto, Calif. ForeScout's main product, released the first week of February, is called ActiveScout. Called a " perimeter defense system, " ActiveScout supplements your firewall and intrusion detection system.

ActiveScout sits outside the firewall and sees all inbound traffic first. Its mission is to watch for and react to reconnaissance commands. Typically, before an attack occurs, the intruder probes your network to gather information about your system configuration and users. For example, the hacker will try to gather IP addresses or NetBios information. Your system may unwittingly give this data to the intruder, as it is simply responding to a common command, albeit from an illegitimate source. Once the hacker has this information about your system, the network is vulnerable to attack.

ActiveScout monitors the traffic coming into your network and looks for probing commands, such as a port scan. Chances are if this command is coming from outside your firewall, it's a hacker doing his reconnaissance and preparing to strike. To foil the inevitable attack, ActiveScout sends bogus tagged data back to the hacker when he tries to harvest your system information. The trick is, the intruder can't tell it's bogus data, so he thinks those IP addresses he collected are real. When he sends the next intrusive command using those addresses, ActiveScout knows this is a real attack and stops it in its tracks.

You deploy ActiveScout in two phases. In the first phase, the software learns about the valid services inside your network. In the second phase, you activate the real time blocking of external commands. Since ActiveScout is not dependent upon signatures or patterns of possible intrusion, it doesn't require frequent updates. It really only monitors for about 20 specific commands which don't change often. Therefore, you can pretty much set it and forget it.

ActiveScout runs on Red Hat Linux, which comes bundled with the security software. You can run it on common server hardware from companies such as IBM, Dell, Compaq or Hewlett-Packard. ForeScout is in the process of certifying its software on specific hardware platforms.

The cost to deploy ActiveScout is based on bandwidth and connections. It is recommended you have one Scout per network connection. The ActiveScout box is going to sit between your firewall and the router. One standard ActiveScout box (software only, hardware not included) plus a management console covering a T-1 line is only $8,995, and prices go up from there. At a low entry price like that, it's worth a trial on your network.

If you install an enterprise configuration involving more than one Scout, you'll also want a central control unit (CCU) that lets you monitor and manage all the Scouts in your network, even from a remote location. The CCU runs $12,995.

ForeScout offers some innovative reports with this system. The reports can show you where in the world many of these attacks originate, since ActiveScout identifies the specific IP address of the hacker. And, yes, current users have already mentioned to ForeScout that it would be nice to have a feature that will zap the attacker before he zaps you!

The overall concept of ActiveScout is simple. So is the deployment. The cost is relatively low for the added security you get in return. You don't need to change anything about your current configurations. This seems like an easy way to give yourself some extra peace of mind. Check it out at www.forescout.com/

RELATED LINKS

Hackers, vendors put camouflage to use
Network World, 02/04/02

Linda Musthaler is vice president of Currid & Company, a Houston-based information technology assessment company. You can reach her by e-mail at linda@currid.com.

Technology Executive archive
Past newsletters.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.