Rogue Detection ToolRogue Detection Tool Rogue Detection Tool - Available in OpUtils Professional Edition


Rogue Detection tool of OpUtils software helps in detecting unauthorized access of network resources. The tool scans your routers, subnets, switches, gateway servers, etc., periodically and detects the wireless / wired rogue systems, devices, Access Points, and more.

Configuring Rogue Detection Tool

  1. Add all the routers, switches, and gateway servers, in your network from Admin --> Add Routers and schedule scanning.

  2. To get the details of the Switch and Port a device is connected, map all your switches using the Switch Port Mapper tool

  3. To automatically move discovered devices to Trusted, add your Active Directory Domain details from Settings--> Active Directory. Computer names that matches the AD domains will be automatically marked as Trusted.

  4. Import MAC Addresses of trusted devices in the network to mark them as Trusted.

After successful scanning of your network, you can perform the following operations from here:

Top

Discovered Devices

OpUtils periodically scans the routers, switches, and gateway servers to discover the devices in the network. This includes all the devices in the network irrespective of whether the device is a rogue or not.

 

All the discovered devices are listed under the Discovered tab in the Rogue Detection tool. The administrator has to verify the device list and mark them accordingly. The following options are available:

Top

Trusted Devices

Trusted Devices represents the valid devices in your network. From the Discovered tab, you can select the devices and mark them as trusted so that they do not get listed in the Discovered tab again.

To Mark a Device as Trusted

  1. Click the Rogue Detection tab.

  2. Select the Discovered tab. This will list all the discovered devices in the network.

  3. Select the valid devices and click Mark as Trusted. To mark all the discovered devices as valid, click Mark All as Trusted

The devices that are marked as trusted will be moved from the Discovered tab to the Trusted tab. You also have an option to mark the devices as Guest or Rogue from the Trusted tab.

 

To Automatically Mark Devices as Trusted

You can automatically mark devices as Trusted in two ways:

 

Top

Guest Devices

There might be situations where you need to allow certain devices to access your network resources for a temporary period. For example, a personnel from a different branch visits your office for a month or a student enrolled for a semester need to be given access till he/she completes the semester. In such cases, you can specify a period till which a particular device need to be considered as trusted.

To Allow Devices for a Temporary Period

  1. Click the Rogue Detection tab.

  2. Select the Discovered tab. This will list all the discovered devices in the network.

  3. Select the devices that have to be given guest access and click Mark as Guest. This opens the Configure Guest Validity Period dialog with the details of the selected devices.

  4. Specify a date until which the selected devices are valid.

  5. Specify a comment or description and click Save.

  6. The devices are moved to Guest tab with the specified details. You can perform the following actions from here:

    1. Mark a device as trusted

    2. Extend the validity period

    3. Block/Unblock the switch port

    4. Mark a device as rogue

Top

Rogue Devices

To Mark a Device as Rogue

  1. Click the Rogue Detection tab.

  2. Select the Discovered tab. This will list all the discovered devices in the network.

  3. Select the devices that have to be marked as rogue and click Mark as Rogue.

The devices that are marked as rogue will be moved to the Rogue tab. The administrator can take appropriate action and delete the device from the rogue list. If the same device is detected in subsequent scans, it will be listed here again.

You can perform the following actions from here:

  1. Mark a device as trusted

  2. Mark a device as guest

  3. Block/Unblock Switch Ports

Important: If the device is not deleted from the rogue list, this will not get listed under the Discovered tab upon rediscovery.

Top

Block / Unblock Switch Ports

To View the Switch Details

The details of the switch and port to which a device is connected is shown under the Switch Details column under the Discovered tab. The switch details could have three different values:

  1. Switch IP, Switch Name, ifIndex, port, and ifName details - This refers to the actual details where a particular device is connected.

  2. Learned in xyz, but not directly connected - This refers to the switches through which the device has communicated and are not connected directly to these switches.

  3. Unknown - The switch details are not known. This can happen when you have not mapped all your switches using the Switch Port Mapper tool or the device is detected after scanning your switches. Mapping your switches again will show the details here.

To Block/Unblock a Switch Port

  1. Select a rogue device for which you need to restrict the access by blocking the port and click Block/Unblock Switch Port. This opens the Block/Unblock Switch Port dialog with the details of the device and switch details.

  2. Specify the SNMP Write Community of the switch and click Block Port.

When you block a switch port, the admin status of the port is set to "Down"

 

To unblock a blocked port, specify the Switch Name/IP Address, ifIndex, SNMP Write Community and click Unblock Port. This will set the "admin status" of the port to "Up"

Top

Configure Alert Notifications

Alerts are generated whenever a rogue device is detected or when the temporary validity expires. The Rogue Detection tool can be configured to notify this through email.

To Configure E-mail Alerts

  1. Click the Configure Alert link. This opens the Alert Settings dialog.

  2. Select the Enable Email Alert check box.

  3. Select the Notify when a Rogue Device is detected option to notify whenever a rogue device is detected.

  4. Select the Notify when the Guest Validity Expires option to notify when the guest validity period expires.

  5. Specify the recipients email addresses as comma separated.

  6. Click Save.

Note: To configure SNMP properties click Settings located at the top right corner or click Admin -> Settings. For details read the Configuring SNMP section.

Top

 

Auditing Rogue Device Detection

The Rogue Detection enables auditing by storing the changes made to the Rogue Detection tool. Each and every change is stored in the database along with the user name, date, time of modification, and the details of the modifications/additions/deletions. The change history is maintained for one month and is configurable. The audit details are also published as an XML file for later reference.

 

Auditing is enabled by default and you can configure the period to store the change history as below:

 


Related Tools:Ping, MAC Address Resolver, MAC Address Scan, Process Scan, Switch Port Mapper

Copyright © 2004-2012, ZOHO Corp. All Rights Reserved.
ManageEngine