ActiveScout Site Solution and Enterprise Solution
July 01, 2003
- Ease of Use:
- Value for Money:
- Overall Rating:
Very good console with lots of scope for configuration of software. Blocked attacks with few false positives.
Will only detect attacks that carry out prior reconnaissance, which most worms do not do.
Simple, easy to use product, but only as part of a fuller security set-up.
Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.
ActiveScout can be configured to work in three different ways. Running on a machine with a single network card and an external IP address allows features such as geographical location resolution and time synchronization. An internal IP address offers better protection of the Scout machine as there is no direct communication with the outside world. The third configuration has the ActiveScout machine sitting in parallel with the firewall.
Installation of the software on a dedicated machine was fairly easy. The software comes on a single bootable CD-ROM. It features a customized, hardened version of Red Hat Linux, and requires at least a Pentium III 600MHz server to monitor 10Mbps traffic and a 1.3GHz processor to look after a 100Mbps network.
The management console that comes on the disk can run on Windows, Linux or Solaris, and the browser-based installation made for very little configuration. The console itself is striking, displaying a map of the world, which shows in close to real time where port scans and data are coming from. These can display information about suspicious traffic.
In running the tests the product worked very well, detecting, and then blocking every attempt to gain access to the test network. It successfully blocked scans such as Nessus and Nmap. As the application bases all its actions on false data provided to the attacker, spoofing a source address has no effect on the product.
It also reported very few false positives (these often happen during bedding in, mostly due to poor configuration). It did not report attacks on real hosts or ports and attacks with no preceding reconnaissance, but this software is not intended for these forms of attack.
As the cost of a small server is negligible this product can add an extra level of security at small cost.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report