ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    OpenSource or free rogue device detection

    IT Discussion
    10
    30
    3324
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jason Banned last edited by Jason

      Does it exist? Just need to be able to whitelist devices and get email alerts for ones that are not whitlisted.

      1 Reply Last reply Reply Quote 1
      • DustinB3403
        DustinB3403 last edited by

        So you mean you want to get an email alert any time a device that is not whitelisted attempts to connect to your network?

        1 Reply Last reply Reply Quote 0
        • IRJ
          IRJ last edited by

          Do you have a IDS? Most of them can do this.

          J 1 Reply Last reply Reply Quote 0
          • gjacobse
            gjacobse last edited by

            If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.

            IRJ J 2 Replies Last reply Reply Quote 0
            • IRJ
              IRJ @gjacobse last edited by

              @gjacobse said in OpenSource or free rouge device detection:

              If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.

              Spoofing a MAC is soooo easy.

              gjacobse 1 Reply Last reply Reply Quote 1
              • gjacobse
                gjacobse @IRJ last edited by

                @IRJ said in OpenSource or free rouge device detection:

                @gjacobse said in OpenSource or free rouge device detection:

                If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.

                Spoofing a MAC is soooo easy.

                that may be,.. however will a 'general user' know how to perform this?

                J 1 Reply Last reply Reply Quote 0
                • J
                  Jason Banned @gjacobse last edited by

                  @gjacobse said in OpenSource or free rouge device detection:

                  If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.

                  Security is no good without monitoring

                  1 Reply Last reply Reply Quote 0
                  • J
                    Jason Banned @IRJ last edited by

                    @IRJ said in OpenSource or free rouge device detection:

                    Do you have a IDS? Most of them can do this.

                    IPS on Palo Alto but I don't think the edge devices detect internal devices connected to the network. We used to use Manage Engine stuff but are moving away from them.

                    1 Reply Last reply Reply Quote 0
                    • J
                      Jason Banned @gjacobse last edited by

                      @gjacobse said in OpenSource or free rouge device detection:

                      @IRJ said in OpenSource or free rouge device detection:

                      @gjacobse said in OpenSource or free rouge device detection:

                      If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.

                      Spoofing a MAC is soooo easy.

                      that may be,.. however will a 'general user' know how to perform this?

                      We are a fortune 100, we get intentional attacks daily.

                      IRJ 1 Reply Last reply Reply Quote 0
                      • IRJ
                        IRJ @Jason last edited by

                        @Jason said in OpenSource or free rouge device detection:

                        @gjacobse said in OpenSource or free rouge device detection:

                        @IRJ said in OpenSource or free rouge device detection:

                        @gjacobse said in OpenSource or free rouge device detection:

                        If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.

                        Spoofing a MAC is soooo easy.

                        that may be,.. however will a 'general user' know how to perform this?

                        We are a fortune 100, we get intentional attacks daily.

                        I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp.

                        J 1 Reply Last reply Reply Quote 0
                        • J
                          Jason Banned @IRJ last edited by

                          @IRJ said in OpenSource or free rouge device detection:

                          I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp.

                          Actually it's the default option generally if we can.

                          IRJ 1 Reply Last reply Reply Quote 0
                          • IRJ
                            IRJ @Jason last edited by

                            @Jason said in OpenSource or free rouge device detection:

                            @IRJ said in OpenSource or free rouge device detection:

                            I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp.

                            Actually it's the default option generally if we can.

                            interesting

                            1 Reply Last reply Reply Quote 0
                            • dafyre
                              dafyre last edited by

                              Do you just need a network discovery type setup, or something that can tell you "This device is not a corporate device, kill it!" ?

                              1 Reply Last reply Reply Quote 0
                              • J
                                Jason Banned last edited by

                                https://lanmarshal.mobilabs.fr/lanmarshal.html#getlanmarshal

                                Found this.. Let's see if it works. Anyone used it before?

                                JaredBusch 1 Reply Last reply Reply Quote 0
                                • stacksofplates
                                  stacksofplates last edited by

                                  AliehVault does NID. Suricata may also be helpful.

                                  T 1 Reply Last reply Reply Quote 2
                                  • JaredBusch
                                    JaredBusch @Jason last edited by

                                    @Jason said in OpenSource or free rouge device detection:

                                    https://lanmarshal.mobilabs.fr/lanmarshal.html#getlanmarshal

                                    Found this.. Let's see if it works. Anyone used it before?

                                    Looks interesting, but there is no link to anything but the appliance.

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      Jason Banned last edited by

                                      web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what.

                                      dafyre 1 Reply Last reply Reply Quote 0
                                      • dafyre
                                        dafyre @Jason last edited by

                                        @Jason said in OpenSource or free rouge device detection:

                                        web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what.

                                        Are you looking for rogue APs, or devices that are connected to your network that shouldn't be?

                                        J 1 Reply Last reply Reply Quote 0
                                        • J
                                          Jason Banned @dafyre last edited by

                                          @dafyre said in OpenSource or free rouge device detection:

                                          @Jason said in OpenSource or free rouge device detection:

                                          web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what.

                                          Are you looking for rogue APs, or devices that are connected to your network that shouldn't be?

                                          Just devices on the network.

                                          1 Reply Last reply Reply Quote 0
                                          • art_of_shred
                                            art_of_shred Banned last edited by

                                            Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)?

                                            J scottalanmiller 2 Replies Last reply Reply Quote 2
                                            • First post
                                              Last post