How to manage Rogue Devices

  • 1
  • Question
  • Updated 2 years ago
Hi,
I have ZD1000 & ZD1100. I want to disable and blocking the Rogue device like cellular modem device. I see the feature on ZD is only detecting the Rogue Devices and marking the Rogue devices as known if we assume that the Rogue device is innocuous. 

Hence, I'd like to ask about how to manage the Rogue device not only mark as known but also blocking the rogue device from our area.


Does the ZD or Ruckus have a tool how to manage the Rouge Devices like blocking the Rogue Devices? 


Thank you.
Photo of AlvinP

AlvinP

  • 16 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 322 Posts
  • 77 Reply Likes
It blocks it if you click on the  "mark  as malicious" but you have to monitor the dashboard to pick up on these at the time. Once the rogue leaves you can no longer do that.  But then the threat has gone as well so sort of solved itself!
The extra line "mark as malicious" only appears during the threat lifetime.
It's simple but not particularly user friendly.

(Edited)
Photo of AlvinP

AlvinP

  • 16 Posts
  • 0 Reply Likes
Thanz Max for your response.

So if no threat liftime there is no The extra line "mark as malicious"?
Or that feature only in another ZD version? Because in my ZD there is no The extra line "mark as malicious"

ps:
ZD1000 ver 9.3
ZD1100 ver 9.6
(Edited)
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 322 Posts
  • 77 Reply Likes
If a device is detected as a possible rogue the line "mark as malicious" will (should) appear.

For instance if the device is a smartphone and  it enters your site it will be seen as a possible rogue and the option should appear. If, 10 mins later, the phone leaves your site it will no longer appear in the rogue dialogue.

Only during that 10mins on site will you see the option to "mark as malicious".

You have to be monitoring the dashboard and catch rogues in the act (so to speak) to mark as malicious (if they are...which is rare).
(Edited)
Photo of AlvinP

AlvinP

  • 16 Posts
  • 0 Reply Likes
So, If a device is not detected as a possible rogue the line "mark as malicious",  then the Sign will not (should) appear,

If that so, then i couldnt block the rogue device which has different channel with my existing WLAN?  I am correct?


Thank you,
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 322 Posts
  • 77 Reply Likes
Once a rogue is detected and you click on the "mark as malicious" that rogue is "remembered" by the ZD until it is rebooted (assuming you have long uptimes that could be months at which point the rogue is probably history and if not will be redetected and you can re-apply the setting).

That's what the number underneath represents, how many rogues marked as malicious are presently in operation and being blocked by the ZD. You might mark 20 rogues but only the ones in operation will be displayed and enumerated.


Detect a live rogue - displayed with "mark as malicious"
Detect a recent rogue (no longer live) - displayed but no other option
You cannot mark a rogue device as malicious unless it is live at that point in time.

You probably know what you mean but your question/query is rather confused and contrary.

Not sure if I can make this any clearer. 
I did say it was not particulaely user friendly or obvious.
Photo of AlvinP

AlvinP

  • 16 Posts
  • 0 Reply Likes
Thanx Max for the answer.

I think it is very difficult to check the other device as rouge devices since I don't have much time to checking it periodically. 

Your answer is very helpful anyway.


Thank you,