When a rogue AP is detected, what does sophos actually do? Does it just mark it as Rogue or does it take additional steps to help alert/remediate the issue?
This thread was automatically locked due to age.
When a rogue AP is detected, what does sophos actually do? Does it just mark it as Rogue or does it take additional steps to help alert/remediate the issue?
This is the correct online help link.
Basically we only show the Rogue APs but do not perform any actions (right now).
As far as i know, there are couple of law issues with taking automatic remediation actions.
I am not a legal expert, but feel free to read this : http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db1102/FCC-15-146A1.pdf
The technical way to mitigate a rogue ap is something like:
https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack
Maybe Tejas Kashyap can give more insight on this? :)
__________________________________________________________________________________________________________________
Agree. As of now, we are scanning the neighborhood for networks and just classify them. The solution we have is just intrusion detection and not prevention. WIPS in itself is plagued with a lot of issues, right from the legality as has been mentioned above to the effectiveness of the solution. Normally WIPS consists of APs having 3 radios with one acting as a sensor. There are solutions where the same radio serves the clients and acts as a sensor by timesharing.
To summarize, we do not have any actions that can be performed once rogue APs are identified.