SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Wireless: Rogue access point detection

The UTM should be able to detect rogue access points surreptitiously added to the network.

30 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Scott MorganScott Morgan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    5 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • JamesJames commented  ·   ·  Flag as inappropriate

        any word on "rogue ap scanning with external access points will be investigated for a future release."

      • Anonymous commented  ·   ·  Flag as inappropriate

        great to hear that ":Rogue access point detection" is started! i am excited to see it for my "normal" utm

      • Anonymous commented  ·   ·  Flag as inappropriate

        This would be a major selling point for wireless protection - even if it is only to alert an administrator of the detection of a rogue B/SSID. DEAUTH capabilities would be even better again!

      • SylvainSylvain commented  ·   ·  Flag as inappropriate

        We scan for MAC adresses to do this, but some users will actually change their MAC address to spoof a desktop, killing the process. Then you'd wan't to detect the NAT used on that port, but that would also trigger on wanted NAT devices, then you'll want a whitelist for those, or have a strict corporate policy to restrict the amount of IP adresses that can be served on one switched port. But then those stations running VMs will trigger false positives and you'll have to maintain another whitelist for those. In an ideal scenario/world, you would perform internal network discovery on a regular basis, to detect what is being hooked up on your network and actually KNOW what's on your network. The most secure option is still a NAC, since unautorised devices simply won't work and that should kill your rogue Wifi router problem.

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.