Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Lee H Badman 
Just adding to the discussion, having been at this for a while. Make sure that 
your “no rogue” enforcement- in whatever form that takes- is backed up by 
clearly articulated policy that is endorsed by your CIO or equivalent. Make 
sure that policy is well communicated, and that your entire distributed 
computing/network support/ helpdesk staff are educated on it. Over time, strong 
alliances in this regard greatly reduce the number on rogues you’ll see to 
begin with, and it’s wonderful to find a rogue in your monitoring software and 
simply pick up the phone and ask a person in another department to please go 
find it and remove it. If you can develop those mature, high-functioning 
relationships, you greatly reduce the need for technical remedies.

In the dorms, try to make sure that your no rogue policy is agreed to by every 
student before they get a network login. Try to educate dorm directors and RAs 
on the topic, and why the policy is needed. I’ve called Dorm Directors when 
offending students ignore voice mail and email, and these folks have great 
interest in helping to get to the problem user for the greater good.

Researchers are perpetually going to be a headache. There is a lot of momentum 
in engineering schools on all sorts of wireless technology, and this group will 
have its own set of circumstances with rogues to navigate. Recognize them as a 
separate demographic, as you may need to bend, amend, and break policy in the 
name of academic activity. But you may also help enable fantastic wireless 
breakthroughs if you can find a workable balance.

The more rogues you scrutinize over time through whatever monitoring tools you 
have available combined with a thorough understanding of your entire networking 
environment, the better you get at pinpointing who has what device in play, or 
whether said device is worth trying to deal with, through a combination of 
detective skills and log data. I have mitigated at least 40 rogues this 
semester alone without leaving my desk and without blasting out deauths. Phone, 
email, and a 10,000 foot view are also effective tools once you know what to 
look for.

Regards,


Lee Badman (mobile)

On Oct 28, 2019, at 7:43 PM, Jake Snyder  wrote:

 Generally speaking there are 3 scenarios where you can safely use containment.

On wire rogue:  I own the network it's plugged in to.
If you can prove that the AP is plugged into your network against policy you 
can contain, since the network they are connecting to is yours.  However, this 
is not a good use of airtime, and is much more effective at wired side 
containment method.

Owned devices: I own the device connecting to another network.
If you own a device, and you see it connected to something that is not yours, 
you can contain it since you are interacting with a device your organization 
owns.  However, if it's a BYOD or employee/student device you are containing 
then that's likely not ok.

Pentesting: I have legal authorization from the device/network owner to contain.
You are a wireless pentester and have permissions to contain any device that is 
owned by and authorized by your customer.


I recorded my thoughts on the matter here:

https://www.youtube.com/watch?v=7e--Y-KjsEQ


Monitor and report, but action needs to be deliberate and targeted.  Otherwise, 
you are asking for a fine from the FCC.

Jake





On Oct 28, 2019, at 11:55 AM, Enfield, Chuck 
mailto:cae...@psu.edu>> wrote:

My main reason for worrying about people broadcasting our SSIDs is usability.

The $64 question for security is whether or not the Aruba IDS would detect a 
well-executed evil twin attack.  If the twin uses not just your ESSID but a 
valid BSSID from one of your APs in an area where the “spoofed” AP can’t detect 
it, would the IDS figure it out?  If so, then there may be some value in 
enabling automatic mitigation.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Sidharth Nandury
Sent: Monday, October 28, 2019 12:56 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

Thank you for the response.

Thomas,
I'm definitely going to share the FCC announcement with my management and 
security officer to ensure that they are aware of this. That being said, we are 
not trying to prevent anyone from using a hotspot, but like Chuck mentioned are 
trying to protect our users from connecting to counterfeit "well-known" campus 
SSIDs. My thought is to only add "well-known" SSIDs in our list of protected 
networks.

Chuck,
Airwave can be an option for alerting, but as you said, it needs manual 
intervention. If our security officer decides to go against implementing this, 
my next suggestion would be using Airwave for manual intervention. Something 
else I can think of is the polling intervals duration and immediacy of action. 
If there is a malicious individual

Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Jake Snyder 
Generally speaking there are 3 scenarios where you can safely use containment.

On wire rogue:  I own the network it's plugged in to.
If you can prove that the AP is plugged into your network against policy you 
can contain, since the network they are connecting to is yours.  However, this 
is not a good use of airtime, and is much more effective at wired side 
containment method.

Owned devices: I own the device connecting to another network.
If you own a device, and you see it connected to something that is not yours, 
you can contain it since you are interacting with a device your organization 
owns.  However, if it's a BYOD or employee/student device you are containing 
then that's likely not ok.

Pentesting: I have legal authorization from the device/network owner to contain.
You are a wireless pentester and have permissions to contain any device that is 
owned by and authorized by your customer.


I recorded my thoughts on the matter here:

https://www.youtube.com/watch?v=7e--Y-KjsEQ 



Monitor and report, but action needs to be deliberate and targeted.  Otherwise, 
you are asking for a fine from the FCC.

Jake





> On Oct 28, 2019, at 11:55 AM, Enfield, Chuck  wrote:
> 
> My main reason for worrying about people broadcasting our SSIDs is usability.
>  
> The $64 question for security is whether or not the Aruba IDS would detect a 
> well-executed evil twin attack.  If the twin uses not just your ESSID but a 
> valid BSSID from one of your APs in an area where the “spoofed” AP can’t 
> detect it, would the IDS figure it out?  If so, then there may be some value 
> in enabling automatic mitigation.
>  
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  > On Behalf Of Sidharth Nandury
> Sent: Monday, October 28, 2019 12:56 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> 
> Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>  
> Thank you for the response. 
>  
> Thomas,
> I'm definitely going to share the FCC announcement with my management and 
> security officer to ensure that they are aware of this. That being said, we 
> are not trying to prevent anyone from using a hotspot, but like Chuck 
> mentioned are trying to protect our users from connecting to counterfeit 
> "well-known" campus SSIDs. My thought is to only add "well-known" SSIDs in 
> our list of protected networks.
>  
> Chuck,
> Airwave can be an option for alerting, but as you said, it needs manual 
> intervention. If our security officer decides to go against implementing 
> this, my next suggestion would be using Airwave for manual intervention. 
> Something else I can think of is the polling intervals duration and immediacy 
> of action. If there is a malicious individual trying to broadcast a 
> known-network, wouldn't we want to have immediate action to be taken, rather 
> than having to wait for the airwave polling interval, receive an email 
> notification, turn around and maybe have some kind of text alert to 
> immediately alert us to take action? Thoughts?
>  
> Regards,
> Sid
>  
> On Mon, Oct 28, 2019 at 12:08 PM Enfield, Chuck  > wrote:
> Most of the time if somebody is using one of your well-known SSID’s on campus 
> it’s either out of ignorance or benign experimentation.  Rouge mitigation of 
> those devices is unlikely to attract the attention of the FCC, and even if it 
> does, I doubt you’ll get in any trouble for it.  The FCC has cracked down on 
> property owners acting like they own the spectrum within their facilities.  I 
> suspect an effort to protect users from what may reasonably be characterized 
> as “counterfeit” networks would be viewed in a different light.  They may 
> still tell you to knock it off, but penalties seem really unlikely.
>  
> On the other hand, have you considered an Airwave alert to bring these device 
> to your attention and mitigating by manual intervention?  If your institution 
> is anything like ours you’ll see very few of these.
>  
> From: The EDUCAUSE Wireless Issues Community Group Listserv 
>  > On Behalf Of Thomas Carter
> Sent: Monday, October 28, 2019 11:53 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
> 
> Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>  
> The short answer is don’t do this. The longer answer is the FCC frowns on 
> rogue mitigation:
> https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-75-for-disabling-conference-hotspots/
>  
>

RE: [WIRELESS-LAN] My personal training recommendation for Devin Akin's wireless training classes

2019-10-28 Thread Turner, Ryan H 
You’re going to have to reach out directly.  We use things called ‘ESUs’ that 
we get from Extreme every year with our maintenance.  They are basically 
service units that can be used for professional services/training.  I used them 
to get him as an outside trainer, and their value isn’t going to directly port 
into what he might be able to offer you.

Ryan

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Christopher Brizzell
Sent: Monday, October 28, 2019 8:43 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] My personal training recommendation for Devin 
Akin's wireless training classes

How much does he charge per session?

Thanks,


Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994



From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of William Cummings
Sent: Monday, October 28, 2019 7:24 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] My personal training recommendation for Devin 
Akin's wireless training classes

I second this as well.  One of the best training sessions I have ever attended.

On Fri, Oct 25, 2019 at 9:08 PM Stephen Belcher 
mailto:steve.belc...@mail.wvu.edu>> wrote:
Thanks Ryan. The suggestion is much appreciated!

Sent from Nine

From: "Turner, Ryan H" mailto:rhtur...@email.unc.edu>>
Sent: Friday, October 25, 2019 4:49 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] My personal training recommendation for Devin Akin's 
wireless training classes

All,

For those of you who’ve been looking for extremely deep and informative classes 
on wireless tech, I want to personally pass along my recommendation to consider 
Devin Akin with divdyn.com.  I’ve now brought him in for 3 
weeks of training (over 2 years) to teach courses on CWNA/CWSP/CWAP/CWDP.  
Devin recently helped out the educause wireless CG on the Wifi6/5G session we 
had.  This is the guy that cofounded the CWNP program.

Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


--
William Cummings
Senior Wireless Engineer
North Carolina State University
Office of Information Technology
Communication Technologies
919-515-0137
https://www.ncsu.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: Theater wifi - to have or not to have

2019-10-28 Thread Bull, Mary 
Thanks everyone for the responses – they definitely contribute to our 
understanding of whether to pursue a high density wifi installment for the 
theaters and concert halls. Looks like we’ll work with the building folks to 
put as much as possible in during the construction phase.

Mary Bull
Network Engineering
757-221-2491
mb...@wm.edu

From: "Bull, Mary" 
Date: Tuesday, October 22, 2019 at 12:34 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Theater wifi - to have or not to have

Hello all,

I’m wondering if anyone here has dealt with a decision on wireless in the 
theaters, concert halls, or recital halls on their campus. We have a new arts 
complex coming on line in the next two years and there’s no clear direction 
from faculty on whether wireless for the audience is desirable. The previous 
main theater, and other currently used theaters on campus, did/do not have full 
connectivity for the audience (just a few aps tacked on the walls that were 
useless when the room was full). Facilities planning is favorable toward 
building it in, so I’d prefer that too, especially since it would be much 
harder or impossible to install if the faculty changes their mind in a few 
years once the building is complete. However, I’m not sure whether there is 
really an expectation from the audience that they should have wifi when they 
attend a show or concert.

Has anyone dealt with this on their campus? What influenced your choice?

Mary Bull
William and Mary
757-221-2491
mb...@wm.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Enfield, Chuck 
My main reason for worrying about people broadcasting our SSIDs is usability.

The $64 question for security is whether or not the Aruba IDS would detect a 
well-executed evil twin attack.  If the twin uses not just your ESSID but a 
valid BSSID from one of your APs in an area where the “spoofed” AP can’t detect 
it, would the IDS figure it out?  If so, then there may be some value in 
enabling automatic mitigation.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Sidharth Nandury
Sent: Monday, October 28, 2019 12:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

Thank you for the response.

Thomas,
I'm definitely going to share the FCC announcement with my management and 
security officer to ensure that they are aware of this. That being said, we are 
not trying to prevent anyone from using a hotspot, but like Chuck mentioned are 
trying to protect our users from connecting to counterfeit "well-known" campus 
SSIDs. My thought is to only add "well-known" SSIDs in our list of protected 
networks.

Chuck,
Airwave can be an option for alerting, but as you said, it needs manual 
intervention. If our security officer decides to go against implementing this, 
my next suggestion would be using Airwave for manual intervention. Something 
else I can think of is the polling intervals duration and immediacy of action. 
If there is a malicious individual trying to broadcast a known-network, 
wouldn't we want to have immediate action to be taken, rather than having to 
wait for the airwave polling interval, receive an email notification, turn 
around and maybe have some kind of text alert to immediately alert us to take 
action? Thoughts?

Regards,
Sid

On Mon, Oct 28, 2019 at 12:08 PM Enfield, Chuck 
mailto:cae...@psu.edu>> wrote:
Most of the time if somebody is using one of your well-known SSID’s on campus 
it’s either out of ignorance or benign experimentation.  Rouge mitigation of 
those devices is unlikely to attract the attention of the FCC, and even if it 
does, I doubt you’ll get in any trouble for it.  The FCC has cracked down on 
property owners acting like they own the spectrum within their facilities.  I 
suspect an effort to protect users from what may reasonably be characterized as 
“counterfeit” networks would be viewed in a different light.  They may still 
tell you to knock it off, but penalties seem really unlikely.

On the other hand, have you considered an Airwave alert to bring these device 
to your attention and mitigating by manual intervention?  If your institution 
is anything like ours you’ll see very few of these.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Thomas Carter
Sent: Monday, October 28, 2019 11:53 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

The short answer is don’t do this. The longer answer is the FCC frowns on rogue 
mitigation:
https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-75-for-disabling-conference-hotspots/
Look at the notice from the FCC down about ½ the page.


Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
On Behalf Of Sidharth Nandury
Sent: Monday, October 28, 2019 10:34 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

All,

We have been asked to look into rogue WAP detection and mitigation. We are an 
Aruba shop for wireless and are running v6.5.4.12. After doing some research 
and looking at Airheads posts, it lead to me a configuration called "Protect 
SSID" in the IDS profile. Though I have successfully tested this in a lab 
environment and it seems to be "protecting" valid SSID's (ones that I have 
configured), I am a little apprehensive about simply turning this on due to the 
ramifications that it might cause.

I am wondering if anyone here has used this setting to help with mitigating 
rogue SSID broadcasts and protecting your clients connecting to these rogue 
WAPs. I would

Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Sidharth Nandury 
Thank you for the response.

Thomas,
I'm definitely going to share the FCC announcement with my management and
security officer to ensure that they are aware of this. That being said, we
are not trying to prevent anyone from using a hotspot, but like Chuck
mentioned are trying to protect our users from connecting to counterfeit
"well-known" campus SSIDs. My thought is to only add "well-known" SSIDs in
our list of protected networks.

Chuck,
Airwave can be an option for alerting, but as you said, it needs manual
intervention. If our security officer decides to go against implementing
this, my next suggestion would be using Airwave for manual intervention.
Something else I can think of is the polling intervals duration and
immediacy of action. If there is a malicious individual trying to broadcast
a known-network, wouldn't we want to have immediate action to be taken,
rather than having to wait for the airwave polling interval, receive an
email notification, turn around and maybe have some kind of text alert to
immediately alert us to take action? Thoughts?

Regards,
Sid

On Mon, Oct 28, 2019 at 12:08 PM Enfield, Chuck  wrote:

> Most of the time if somebody is using one of your well-known SSID’s on
> campus it’s either out of ignorance or benign experimentation.  Rouge
> mitigation of those devices is unlikely to attract the attention of the
> FCC, and even if it does, I doubt you’ll get in any trouble for it.  The
> FCC has cracked down on property owners acting like they own the spectrum
> within their facilities.  I suspect an effort to protect users from what
> may reasonably be characterized as “counterfeit” networks would be viewed
> in a different light.  They may still tell you to knock it off, but
> penalties seem really unlikely.
>
>
>
> On the other hand, have you considered an Airwave alert to bring these
> device to your attention and mitigating by manual intervention?  If your
> institution is anything like ours you’ll see very few of these.
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Thomas Carter
> *Sent:* Monday, October 28, 2019 11:53 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> The short answer is don’t do this. The longer answer is the FCC frowns on
> rogue mitigation:
>
>
> https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-75-for-disabling-conference-hotspots/
> 
>
> Look at the notice from the FCC down about ½ the page.
>
>
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564
> www.austincollege.edu
> 
>
>
>
> *From:* The EDUCAUSE Wireless Issues Community Group Listserv <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Sidharth Nandury
> *Sent:* Monday, October 28, 2019 10:34 AM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID
>
>
>
> All,
>
>
>
> We have been asked to look into rogue WAP detection and mitigation. We are
> an Aruba shop for wireless and are running v6.5.4.12. After doing some
> research and looking at Airheads posts, it lead to me a configuration
> called "Protect SSID" in the IDS profile. Though I have successfully tested
> this in a lab environment and it seems to be "protecting" valid
> SSID's (ones that I have configured), I am a little apprehensive about
> simply turning this on due to the ramifications that it might cause.
>
>
>
> I am wondering if anyone here has used this setting to help with
> mitigating rogue SSID broadcasts and protecting your clients connecting to
> these rogue WAPs. I would also love to hear about any pitfalls with turning
> this on, and any other gotchas that I might need to keep in mind other
> suggestions about rogue WAP detection and mitigation, I would love to hear
> them. Please feel free to reach me off this list if you wish.
>
>
>
> Please let me know if any additional information is needed on my end.
> Thank you for your time.
>
>
> Regards,
>
> Sid
>
>
>
> --
>
> [image: Image removed by sender. Denison University Logo]
>

RE: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Enfield, Chuck 
Most of the time if somebody is using one of your well-known SSID’s on campus 
it’s either out of ignorance or benign experimentation.  Rouge mitigation of 
those devices is unlikely to attract the attention of the FCC, and even if it 
does, I doubt you’ll get in any trouble for it.  The FCC has cracked down on 
property owners acting like they own the spectrum within their facilities.  I 
suspect an effort to protect users from what may reasonably be characterized as 
“counterfeit” networks would be viewed in a different light.  They may still 
tell you to knock it off, but penalties seem really unlikely.

On the other hand, have you considered an Airwave alert to bring these device 
to your attention and mitigating by manual intervention?  If your institution 
is anything like ours you’ll see very few of these.

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Thomas Carter
Sent: Monday, October 28, 2019 11:53 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

The short answer is don’t do this. The longer answer is the FCC frowns on rogue 
mitigation:
https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-75-for-disabling-conference-hotspots/
Look at the notice from the FCC down about ½ the page.


Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Sidharth Nandury
Sent: Monday, October 28, 2019 10:34 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

All,

We have been asked to look into rogue WAP detection and mitigation. We are an 
Aruba shop for wireless and are running v6.5.4.12. After doing some research 
and looking at Airheads posts, it lead to me a configuration called "Protect 
SSID" in the IDS profile. Though I have successfully tested this in a lab 
environment and it seems to be "protecting" valid SSID's (ones that I have 
configured), I am a little apprehensive about simply turning this on due to the 
ramifications that it might cause.

I am wondering if anyone here has used this setting to help with mitigating 
rogue SSID broadcasts and protecting your clients connecting to these rogue 
WAPs. I would also love to hear about any pitfalls with turning this on, and 
any other gotchas that I might need to keep in mind other suggestions about 
rogue WAP detection and mitigation, I would love to hear them. Please feel free 
to reach me off this list if you wish.

Please let me know if any additional information is needed on my end. Thank you 
for your time.

Regards,
Sid

--
[Image removed by sender. Denison University 
Logo]

Sidharth S. Nandury
Network Engineer
Information Technology Services

100 West College Street, Granville, OH 
43023
 | Fellows 
003C
Office: 740-587-5533 | Mobile: 516-314-4413

RE: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Thomas Carter 
The short answer is don’t do this. The longer answer is the FCC frowns on rogue 
mitigation:
https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-75-for-disabling-conference-hotspots/
Look at the notice from the FCC down about ½ the page.


Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Sidharth Nandury
Sent: Monday, October 28, 2019 10:34 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID

All,

We have been asked to look into rogue WAP detection and mitigation. We are an 
Aruba shop for wireless and are running v6.5.4.12. After doing some research 
and looking at Airheads posts, it lead to me a configuration called "Protect 
SSID" in the IDS profile. Though I have successfully tested this in a lab 
environment and it seems to be "protecting" valid SSID's (ones that I have 
configured), I am a little apprehensive about simply turning this on due to the 
ramifications that it might cause.

I am wondering if anyone here has used this setting to help with mitigating 
rogue SSID broadcasts and protecting your clients connecting to these rogue 
WAPs. I would also love to hear about any pitfalls with turning this on, and 
any other gotchas that I might need to keep in mind other suggestions about 
rogue WAP detection and mitigation, I would love to hear them. Please feel free 
to reach me off this list if you wish.

Please let me know if any additional information is needed on my end. Thank you 
for your time.

Regards,
Sid

--
[Denison University 
Logo]

Sidharth S. Nandury
Network Engineer
Information Technology Services

100 West College Street, Granville, OH 
43023
 | Fellows 
003C
Office: 740-587-5533 | Mobile: 516-314-4413
nandu...@denison.edu
https://denison.edu/campus/technology

Please consider the environment before printing this email.

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Aruba Wireless - IDS: Protect-SSID

2019-10-28 Thread Sidharth Nandury 
All,

We have been asked to look into rogue WAP detection and mitigation. We are
an Aruba shop for wireless and are running v6.5.4.12. After doing some
research and looking at Airheads posts, it lead to me a configuration
called "Protect SSID" in the IDS profile. Though I have successfully tested
this in a lab environment and it seems to be "protecting" valid
SSID's (ones that I have configured), I am a little apprehensive about
simply turning this on due to the ramifications that it might cause.

I am wondering if anyone here has used this setting to help with mitigating
rogue SSID broadcasts and protecting your clients connecting to these rogue
WAPs. I would also love to hear about any pitfalls with turning this on,
and any other gotchas that I might need to keep in mind other suggestions
about rogue WAP detection and mitigation, I would love to hear them. Please
feel free to reach me off this list if you wish.

Please let me know if any additional information is needed on my end. Thank
you for your time.

Regards,
Sid

-- 
[image: Denison University Logo] 

*Sidharth S. Nandury*
*Network Engineer*
Information Technology Services

100 West College Street, Granville, OH 43023
 | Fellows
003C 
Office: 740-587-5533 | Mobile: 516-314-4413
nandu...@denison.edu
https://denison.edu/campus/technology

*Please consider the environment before printing this email.*

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

RE: [WIRELESS-LAN] My personal training recommendation for Devin Akin's wireless training classes

2019-10-28 Thread Christopher Brizzell 
How much does he charge per session?

Thanks,


Chris Brizzell
Assistant Director of Network and Technical Services and Network Administrator
Skidmore College
cbriz...@skidmore.edu
518-580-5994



From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of William Cummings
Sent: Monday, October 28, 2019 7:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] My personal training recommendation for Devin 
Akin's wireless training classes

I second this as well.  One of the best training sessions I have ever attended.

On Fri, Oct 25, 2019 at 9:08 PM Stephen Belcher 
mailto:steve.belc...@mail.wvu.edu>> wrote:
Thanks Ryan. The suggestion is much appreciated!

Sent from Nine

From: "Turner, Ryan H" mailto:rhtur...@email.unc.edu>>
Sent: Friday, October 25, 2019 4:49 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] My personal training recommendation for Devin Akin's 
wireless training classes

All,

For those of you who’ve been looking for extremely deep and informative classes 
on wireless tech, I want to personally pass along my recommendation to consider 
Devin Akin with divdyn.com.  I’ve now brought him in for 3 
weeks of training (over 2 years) to teach courses on CWNA/CWSP/CWAP/CWDP.  
Devin recently helped out the educause wireless CG on the Wifi6/5G session we 
had.  This is the guy that cofounded the CWNP program.

Ryan Turner
Head of Networking
The University of North Carolina at Chapel Hill
+1 919 445 0113 Office
+1 919 274 7926 Mobile
r...@unc.edu


**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


--
William Cummings
Senior Wireless Engineer
North Carolina State University
Office of Information Technology
Communication Technologies
919-515-0137
https://www.ncsu.edu



**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] My personal training recommendation for Devin Akin's wireless training classes

2019-10-28 Thread William Cummings 
I second this as well.  One of the best training sessions I have ever
attended.

On Fri, Oct 25, 2019 at 9:08 PM Stephen Belcher 
wrote:

> Thanks Ryan. The suggestion is much appreciated!
>
> Sent from Nine 
> --
> *From:* "Turner, Ryan H" 
> *Sent:* Friday, October 25, 2019 4:49 PM
> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> *Subject:* [WIRELESS-LAN] My personal training recommendation for Devin
> Akin's wireless training classes
>
> All,
>
>
>
> For those of you who’ve been looking for extremely deep and informative
> classes on wireless tech, I want to personally pass along my recommendation
> to consider Devin Akin with divdyn.com.  I’ve now brought him in for 3
> weeks of training (over 2 years) to teach courses on CWNA/CWSP/CWAP/CWDP.
> Devin recently helped out the educause wireless CG on the Wifi6/5G session
> we had.  This is the guy that cofounded the CWNP program.
>
>
>
> Ryan Turner
>
> Head of Networking
>
> The University of North Carolina at Chapel Hill
>
> +1 919 445 0113 Office
>
> +1 919 274 7926 Mobile
>
> r...@unc.edu
>
>
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>


-- 
William Cummings

Senior Wireless Engineer
North Carolina State University
Office of Information Technology
Communication Technologies
919-515-0137
https://www.ncsu.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community