OpenSource or free rogue device detection
- 
 @gjacobse said in OpenSource or free rouge device detection: If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources. Security is no good without monitoring 
- 
 @IRJ said in OpenSource or free rouge device detection: Do you have a IDS? Most of them can do this. IPS on Palo Alto but I don't think the edge devices detect internal devices connected to the network. We used to use Manage Engine stuff but are moving away from them. 
- 
 @gjacobse said in OpenSource or free rouge device detection: @IRJ said in OpenSource or free rouge device detection: @gjacobse said in OpenSource or free rouge device detection: If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources. Spoofing a MAC is soooo easy. that may be,.. however will a 'general user' know how to perform this? We are a fortune 100, we get intentional attacks daily. 
- 
 @Jason said in OpenSource or free rouge device detection: @gjacobse said in OpenSource or free rouge device detection: @IRJ said in OpenSource or free rouge device detection: @gjacobse said in OpenSource or free rouge device detection: If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources. Spoofing a MAC is soooo easy. that may be,.. however will a 'general user' know how to perform this? We are a fortune 100, we get intentional attacks daily. I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp. 
- 
 @IRJ said in OpenSource or free rouge device detection: I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp. Actually it's the default option generally if we can. 
- 
 @Jason said in OpenSource or free rouge device detection: @IRJ said in OpenSource or free rouge device detection: I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp. Actually it's the default option generally if we can. interesting 
- 
 Do you just need a network discovery type setup, or something that can tell you "This device is not a corporate device, kill it!" ? 
- 
 https://lanmarshal.mobilabs.fr/lanmarshal.html#getlanmarshal Found this.. Let's see if it works. Anyone used it before? 
- 
 AliehVault does NID. Suricata may also be helpful. 
- 
 @Jason said in OpenSource or free rouge device detection: https://lanmarshal.mobilabs.fr/lanmarshal.html#getlanmarshal Found this.. Let's see if it works. Anyone used it before? Looks interesting, but there is no link to anything but the appliance. 
- 
 web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what. 
- 
 @Jason said in OpenSource or free rouge device detection: web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what. Are you looking for rogue APs, or devices that are connected to your network that shouldn't be? 
- 
 @dafyre said in OpenSource or free rouge device detection: @Jason said in OpenSource or free rouge device detection: web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what. Are you looking for rogue APs, or devices that are connected to your network that shouldn't be? Just devices on the network. 
- 
 Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)? 
- 
 @art_of_shred said in OpenSource or free rouge device detection: Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)? BAHAHAHAHAHAHAHA. Fixed it. 
- 
 For "Just Devices" something like NetDisco is great... You can follow devices around the network. It records what switch and port a MAC address is seen on... and if the device ever shows up on a different network jack, it can record that too. I also just discovered phpipam (http://phpipam.net/)... It seems to be good at finding devices, but it doesn't track what switch port they're plugged into, etc... They have a demo available (http://phpipam.net/phpipam-demo/). PHPIPAM Screen shots... 
   
- 
 @art_of_shred said in OpenSource or free rogue device detection: Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)? I figured that they flagged red when in the interface. Green field, red devices. You know. 
- 
 @scottalanmiller said in OpenSource or free rogue device detection: @art_of_shred said in OpenSource or free rogue device detection: Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)? I figured that they flagged red when in the interface. Green field, red devices. You know. Red/green: Must be confusing to the colorblind... I apologize for hijacking the thread. Please carry on. 
- 
 @dafyre said in OpenSource or free rogue device detection: NetDisco Looks nice. Can either this or phpiam do email alerts? I'm not seeing that in the demos. 
- 
 @Jason said in OpenSource or free rogue device detection: @dafyre said in OpenSource or free rogue device detection: NetDisco Looks nice. Can either this or phpiam do email alerts? I'm not seeing that in the demos. It's been so long since I've used NetDisco, I can't remember. Let me go check phpIPAM real quick... * poof * Okay, I'm back. It looks like phpIPAM can do email stuff. I don't know what all it can do, but it's worth a quick look. Setup is relatively straight forward. 





