This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What WIPS actually do ?

What WIPS actually do ?

prashan
New Contributor III

‎10-26-2018 07:34 AM

Hi Team,

 

I configured WIPS option in HM based on Detect rogue access points based on hosted SSIDs and encryption type and Enable rogue client reporting

 

When I go to monitoring->Security I only see unathorized APs and Clients. Is that what WIPS mean ?

 

Hope I'm not asking foolish question 🙂

0 Kudos
8 REPLIES 8

AnonymousM
Valued Contributor II

‎11-21-2018 06:44 PM

Hello,

 

i already did this 00256201

 

Att,

0 Kudos

samantha_lynn
Esteemed Contributor III

‎11-21-2018 05:11 PM

Thanks for letting us know @Roger Luz​ , would you be able to open a support ticket for this? We'll want to collect some data and see if we can't get that fixed for you.

0 Kudos

AnonymousM
Valued Contributor II

‎11-21-2018 05:01 PM

I have the same question. My APS does not classify any rogue devices as a rogue. It seems that is a bug.

0 Kudos

dsouri
Contributor III

‎10-30-2018 03:12 PM

Hi Prashan,

 

The HiveManager will classify as Rogue depending on how you configure the WIPS Policy,

 

https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-wireless-intrusion-prevention-system.htm?Highlight=WIPS

 

In the link Sam shared, under "Configure WIPS Settings"

Determine if detected rogue APs are connected to your wired (backhaul) network

Detect rogue access points based on their MAC OUI

Detect rogue access points based on hosted SSIDs and encryption type

Detect if wireless clients have formed an ad hoc network to identify rogue clients

 

It must be clear that an "Unauthorized" device is not necessarily a threat. It only means it is in the same shared airspace or can be overheard from a distance.

 

A "Rogue" Device can be many things, based on the Configuration in the WIPS Policy, but typically a Rogue that you would be cautious of, is one that is on your Network and Broadcasting an Ad-hoc SSID or cloning your SSID.

 

Hope this helps, 

David Souri

HiveCommunity Moderator

0 Kudos
GTM-P2G8KFN