Aerohive Migrated Content

Expand all | Collapse all

What WIPS actually do ?

  • 1.  What WIPS actually do ?

    Posted 10-26-2018 07:34

    Hi Team,

     

    I configured WIPS option in HM based on Detect rogue access points based on hosted SSIDs and encryption type and Enable rogue client reporting

     

    When I go to monitoring->Security I only see unathorized APs and Clients. Is that what WIPS mean ?

     

    Hope I'm not asking foolish question :)



  • 2.  RE: What WIPS actually do ?

    Posted 10-26-2018 14:38

    WIPs is meant to find unauthorized devices and clients in your network space so that you are aware of where potential attacks could come from. It gives you the option to mitigate any unknown devices in your network to protect against malicious or unwanted clients. You can either classify the devices that WIPS has found for you as Neighbors, which are known devices that you trust are not malicious towards your network, or you can classify them as Rouge and mitigate them.

     

    You can read more about what WIPS does here: https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-wireless-intrusion-prevention-system.htm?Highlight=WIPS



  • 3.  RE: What WIPS actually do ?

    Posted 10-29-2018 10:52

    I dont find Rogue option in Classify

    Capture17



  • 4.  RE: What WIPS actually do ?

    Posted 10-29-2018 19:28

    Right, if you think these are actual rouge APs you can mitigate them to protect your network. However, before you do so, you should research the wireless standards and legislature for your area as there are strict rules around mitigation and when it is allowed. In general it is pretty restricted so be sure your local area statutes and laws allow this function.



  • 5.  RE: What WIPS actually do ?

    Posted 10-30-2018 02:59

    Thank you Sam. If it is rouge AP, how can i classify as rouge one ?



  • 6.  RE: What WIPS actually do ?

    Posted 10-30-2018 15:12

    Hi Prashan,

     

    The HiveManager will classify as Rogue depending on how you configure the WIPS Policy,

     

    https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-wireless-intrusion-prevention-system.htm?Highlight=WIPS

     

    In the link Sam shared, under "Configure WIPS Settings"

    Determine if detected rogue APs are connected to your wired (backhaul) network

    Detect rogue access points based on their MAC OUI

    Detect rogue access points based on hosted SSIDs and encryption type

    Detect if wireless clients have formed an ad hoc network to identify rogue clients

     

    It must be clear that an "Unauthorized" device is not necessarily a threat. It only means it is in the same shared airspace or can be overheard from a distance.

     

    A "Rogue" Device can be many things, based on the Configuration in the WIPS Policy, but typically a Rogue that you would be cautious of, is one that is on your Network and Broadcasting an Ad-hoc SSID or cloning your SSID.

     

    Hope this helps, 

    David Souri

    HiveCommunity Moderator



  • 7.  RE: What WIPS actually do ?

    This message was posted by a user wishing to remain anonymous
    Posted 11-21-2018 17:01

    I have the same question. My APS does not classify any rogue devices as a rogue. It seems that is a bug.



  • 8.  RE: What WIPS actually do ?

    Posted 11-21-2018 17:11

    Thanks for letting us know @Roger Luz​ , would you be able to open a support ticket for this? We'll want to collect some data and see if we can't get that fixed for you.



  • 9.  RE: What WIPS actually do ?

    This message was posted by a user wishing to remain anonymous
    Posted 11-21-2018 18:44

    Hello,

     

    i already did this 00256201

     

    Att,