OpenSource or free rogue device detection
-
Do you have a IDS? Most of them can do this.
-
If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.
-
@gjacobse said in OpenSource or free rouge device detection:
If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.
Spoofing a MAC is soooo easy.
-
@IRJ said in OpenSource or free rouge device detection:
@gjacobse said in OpenSource or free rouge device detection:
If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.
Spoofing a MAC is soooo easy.
that may be,.. however will a 'general user' know how to perform this?
-
@gjacobse said in OpenSource or free rouge device detection:
If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.
Security is no good without monitoring
-
@IRJ said in OpenSource or free rouge device detection:
Do you have a IDS? Most of them can do this.
IPS on Palo Alto but I don't think the edge devices detect internal devices connected to the network. We used to use Manage Engine stuff but are moving away from them.
-
@gjacobse said in OpenSource or free rouge device detection:
@IRJ said in OpenSource or free rouge device detection:
@gjacobse said in OpenSource or free rouge device detection:
If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.
Spoofing a MAC is soooo easy.
that may be,.. however will a 'general user' know how to perform this?
We are a fortune 100, we get intentional attacks daily.
-
@Jason said in OpenSource or free rouge device detection:
@gjacobse said in OpenSource or free rouge device detection:
@IRJ said in OpenSource or free rouge device detection:
@gjacobse said in OpenSource or free rouge device detection:
If you are talking about devices on the network,.. isolate by the MAC address - Rouge devices would not matter then as they would not be allowed resources.
Spoofing a MAC is soooo easy.
that may be,.. however will a 'general user' know how to perform this?
We are a fortune 100, we get intentional attacks daily.
I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp.
-
@IRJ said in OpenSource or free rouge device detection:
I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp.
Actually it's the default option generally if we can.
-
@Jason said in OpenSource or free rouge device detection:
@IRJ said in OpenSource or free rouge device detection:
I am curious to why a fortune 100 company would want to use OpenSource. Of course there is nothing wrong with OpenSource, but that is generally not behavior from a large corp.
Actually it's the default option generally if we can.
interesting
-
Do you just need a network discovery type setup, or something that can tell you "This device is not a corporate device, kill it!" ?
-
https://lanmarshal.mobilabs.fr/lanmarshal.html#getlanmarshal
Found this.. Let's see if it works. Anyone used it before?
-
AliehVault does NID. Suricata may also be helpful.
-
@Jason said in OpenSource or free rouge device detection:
https://lanmarshal.mobilabs.fr/lanmarshal.html#getlanmarshal
Found this.. Let's see if it works. Anyone used it before?
Looks interesting, but there is no link to anything but the appliance.
-
web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what.
-
@Jason said in OpenSource or free rouge device detection:
web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what.
Are you looking for rogue APs, or devices that are connected to your network that shouldn't be?
-
@dafyre said in OpenSource or free rouge device detection:
@Jason said in OpenSource or free rouge device detection:
web interface seems to be okay for Lan Marshal, Nmap is installed but doesn't seem to be running (and there for not scanning). Not sure if there is something else I need to do or what.
Are you looking for rogue APs, or devices that are connected to your network that shouldn't be?
Just devices on the network.
-
Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)?
-
@art_of_shred said in OpenSource or free rouge device detection:
Out of curiosity, are we filtering for red devices (rouge) or things that don't belong (rogue)?
BAHAHAHAHAHAHAHA. Fixed it.
-
For "Just Devices" something like NetDisco is great... You can follow devices around the network. It records what switch and port a MAC address is seen on... and if the device ever shows up on a different network jack, it can record that too.
I also just discovered phpipam (http://phpipam.net/)... It seems to be good at finding devices, but it doesn't track what switch port they're plugged into, etc...
They have a demo available (http://phpipam.net/phpipam-demo/).
PHPIPAM Screen shots...
