|
|
Rogue Detection Tool 
Rogue Detection tool of OpUtils software helps in detecting unauthorized access of network resources. The tool scans your routers, subnets, switches, gateway servers, etc., periodically and detects the wireless / wired rogue systems, devices, Access Points, and more.
Add all the routers, switches, and gateway servers, in your network from Admin --> Add Routers and schedule scanning.
To get the details of the Switch and Port a device is connected, map all your switches using the Switch Port Mapper tool
After successful scanning of your network, you can perform the following operations from here:
Verify the list of discovered devices and mark all your network devices as trusted. The devices once marked as trusted, will not be listed in the Discovered tab again.
Mark a unknown or unauthorized device as Rogue.
Allow devices for a temporary period.
Block the switch port to which a rogue device is connected.
OpUtils periodically scans the routers, switches, and gateway servers to discover the devices in the network. This includes all the devices in the network irrespective of whether the device is a rogue or not.
All the discovered devices are listed under the Discovered tab in the Rogue Detection tool. The administrator has to verify the device list and mark them accordingly. The following options are available:
Mark the systems/devices as guest to allow access for a specified period
Mark the systems/devices as rogue and take appropriate action. The action could be to get the details of the switch and port through which the device is accessing the network and block the switch ports to stop unauthorized access.
Configure email and sound alerts for instant notification
Trusted Devices represents the valid devices in your network. From the Discovered tab, you can select the devices and mark them as trusted so that they do not get listed in the Discovered tab again.
To Mark a Device as Trusted
Click the Rogue Detection tab.
Select the Discovered tab. This will list all the discovered devices in the network.
Select the valid devices and click Mark as Trusted. To mark all the discovered devices as valid, click Mark All as Trusted
The devices that are marked as trusted will be moved from the Discovered tab to the Trusted tab. You also have an option to mark the devices as Guest or Rogue from the Trusted tab.
There might be situations where you need to allow certain devices to access your network resources for a temporary period. For example, a personnel from a different branch visits your office for a month or a student enrolled for a semester need to be given access till he/she completes the semester. In such cases, you can specify a period till which a particular device need to be considered as trusted.
To Allow Devices for a Temporary Period
Click the Rogue Detection tab.
Select the Discovered tab. This will list all the discovered devices in the network.
Select the devices that have to be given guest access and click Mark as Guest. This opens the Configure Guest Validity Period dialog with the details of the selected devices.
Specify a date until which the selected devices are valid.
Specify a comment or description and click Save.
The devices are moved to Guest tab with the specified details. You can perform the following actions from here:
Extend the validity period
To Mark a Device as Rogue
Click the Rogue Detection tab.
Select the Discovered tab. This will list all the discovered devices in the network.
Select the devices that have to be marked as rogue and click Mark as Rogue.
The devices that are marked as rogue will be moved to the Rogue tab. The administrator can take appropriate action and delete the device from the rogue list. If the same device is detected in subsequent scans, it will be listed here again.
You can perform the following actions from here:
Important: If the device is not deleted from the rogue list, this will not get listed under the Discovered tab upon rediscovery.
To View the Switch Details
The details of the switch and port to which a device is connected is shown under the Switch Details column under the Discovered tab. The switch details could have three different values:
Switch IP, Switch Name, ifIndex, port, and ifName details - This refers to the actual details where a particular device is connected.
Learned in xyz, but not directly connected - This refers to the switches through which the device has communicated and are not connected directly to these switches.
Unknown - The switch details are not known. This can happen when you have not mapped all your switches using the Switch Port Mapper tool or the device is detected after scanning your switches. Mapping your switches again will show the details here.
To Block/Unblock a Switch Port
Select a rogue device for which you need to restrict the access by blocking the port and click Block/Unblock Switch Port. This opens the Block/Unblock Switch Port dialog with the details of the device and switch details.
Specify the SNMP Write Community of the switch and click Block Port.
When you block a switch port, the admin status of the port is set to "Down"
To unblock a blocked port, specify the Switch Name/IP Address, ifIndex, SNMP Write Community and click Unblock Port. This will set the "admin status" of the port to "Up"
Alerts are generated whenever a rogue device is detected or when the temporary validity expires. The Rogue Detection tool can be configured to notify this through email or by playing a sound.
Note: To configure SNMP properties click Settings located at the top right corner or click Admin -> Settings. For details read the Configuring SNMP section.To Configure E-mail and Sound Alerts
Click the Configure Alert link. This opens the Alert Settings dialog.
Select the Enable Email Alert check box.
Select the Notify when a Rogue Device is detected option to notify whenever a rogue device is detected.
Select the Notify when the Guest Validity Expires option to notify when the guest validity period expires.
Specify the recipients email addresses as comma separated.
To enable sound alerts on detecting a Rogue device, select the Enable Sound Alert check box and select a sound file to be played. To play the selected sound, click the
icon. You can also import your own sound files to be played; browse to select the sound file and click OK. The imported sound file gets added to the list, which can now be selected.
Click Save.
|
Related Tools:Ping, MAC Address Resolver, MAC Address Scan, Process Scan, Switch Port Mapper |
|
|