Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Rogue Device Detection

 

Starting in Release 6.1.0, CSO detects any unauthorized device that attempts to access the network. On detection, CSO immediately rejects the connection request from the device and generates an alarm so that administrators can take remedial actions promptly.

CSO generates an alarm indicating unauthorized access in the following scenarios:

  • Scenario 1: An unauthorized device attempts to connect using the configuration of a device that is modeled but not yet provisioned on CSO.

    Users might create (model) a site and provision (activate) the site later. In such a case, the device (for example, device A) at the site is not connected to the CSO network. If a rogue device attempts to connect to the CSO network by using the configuration of device A, CSO rejects the connection request and generates an alarm.

    Users can clear the alarm in the Monitor > Alerts & Alarms page after taking the necessary actions such as blocking the traffic originating from the rogue device.

    CSO clears the alarm automatically when the original device is provisioned and connected to CSO.

    The alarm message that is displayed for this scenario is as follows:

  • Scenario 2: An unauthorized device attempts to connect using the configuration of a device that is provisioned on the CSO network.

    If a device attempts to connect to the CSO network using the configuration of a provisioned device, CSO identifies the device as a rogue device and rejects the connection. CSO also raises an alarm to notify the users. Users can clear the alarm in the Monitor > Alerts & Alarms page after taking the necessary actions to block the device from accessing the network again.

    The alarm message that is displayed for this scenario is as follows: