Detect Wired and Wireless Rogue Systems/Devices

Rogue Detection is a useful tool that I use often. First devices get "discovered" by various scans, then utilizing all the host information displayed by OpUtils you can classify the host as either Trusted, Guest, or Rogue. If you classify the host as rogue you can block the device right from the Rogue Detection tool.
- Carl Vonhassel, State of Connecticut Judicial Branch

OpUtils periodically scans the routers and subnets to detect any new systems/devices found in the network. Initially it lists all the systems/devices discovered in the network. The Administrator has to verify and mark all the valid systems/devices in the network. During subsequent scans, if any new device/system is detected in the network, it get listed. This includes all types of devices like desktops/laptops (wired), mobile users (wireless), routers, switches, etc.

Rogue Systems Detection Features

• Periodically scans the network to detect any new systems/devices
• Ability to mark systems/devices as trusted, guest, and rogue
• Shows the switch and port to which a system/device is connected
• Alert when a new system/device is detected or when the guest validity expires.
• Supports blocking of switch ports to prevent unauthorised access.

Trusted Systems

Initially, OpUtils will list all the discoverd systems. The Administrator has to verify and mark all the valid network systems/devices as Trusted. The systems/devices that are marked as trusted will not be shown as rogue again.

Rogue Systems

When an unauthorised rogue system is found in the network, the Administrator can mark them as a Rogue Device and take appropriate action.

Allow Guest Access

There might be situations where there is a need to allow certain systems to access the network resources for a temporary period. For example, a personnel from a different branch visits your office for a month or a student enrolled for a semester need to be given access till he/she completes the semester. In such cases, the administrators can specify a period till which a particular system need to be considered as valid. Devices that are allowed guest access can any time be moved into allowed or rogue list. The administrators will also be notified when the allowed period expires.

Block Unauthorised Access

The administrators are notified about unauthorised access as soon as it is detected. When combined with Switch Port Mapping, it also provides the details of the switch and port through which the rogue system is accessing the network. The switch port can be blocked or unblocked from within OpUtils. This enables them to act quickly in blocking the access.

Instant Alert Notification

OpUtils notifies the administrators about the detection of any unauthorised network access instantly. The notification can be through email and or by playing a sound. Email notifications can be effected to multiple persons.

For more details on rogue detection, refer to the Rogue Detection Tool topic in the online help. Refer to Rogue Detection Knowledge Base for troubleshooting tips.