Thank you for the response. Thomas, I'm definitely going to share the FCC announcement with my management and security officer to ensure that they are aware of this. That being said, we are not trying to prevent anyone from using a hotspot, but like Chuck mentioned are trying to protect our users from connecting to counterfeit "well-known" campus SSIDs. My thought is to only add "well-known" SSIDs in our list of protected networks.
Chuck, Airwave can be an option for alerting, but as you said, it needs manual intervention. If our security officer decides to go against implementing this, my next suggestion would be using Airwave for manual intervention. Something else I can think of is the polling intervals duration and immediacy of action. If there is a malicious individual trying to broadcast a known-network, wouldn't we want to have immediate action to be taken, rather than having to wait for the airwave polling interval, receive an email notification, turn around and maybe have some kind of text alert to immediately alert us to take action? Thoughts? Regards, Sid On Mon, Oct 28, 2019 at 12:08 PM Enfield, Chuck <cae...@psu.edu> wrote: > Most of the time if somebody is using one of your well-known SSID’s on > campus it’s either out of ignorance or benign experimentation. Rouge > mitigation of those devices is unlikely to attract the attention of the > FCC, and even if it does, I doubt you’ll get in any trouble for it. The > FCC has cracked down on property owners acting like they own the spectrum > within their facilities. I suspect an effort to protect users from what > may reasonably be characterized as “counterfeit” networks would be viewed > in a different light. They may still tell you to knock it off, but > penalties seem really unlikely. > > > > On the other hand, have you considered an Airwave alert to bring these > device to your attention and mitigating by manual intervention? If your > institution is anything like ours you’ll see very few of these. > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Thomas Carter > *Sent:* Monday, October 28, 2019 11:53 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID > > > > The short answer is don’t do this. The longer answer is the FCC frowns on > rogue mitigation: > > > https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-750000-for-disabling-conference-hotspots/ > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnakedsecurity.sophos.com%2F2015%2F08%2F19%2Ffcc-fines-company-750000-for-disabling-conference-hotspots%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939813699&sdata=%2BmbUkc0lcPxK9dvpWp3rNaLDwSqbE26nHJndDrUpdwk%3D&reserved=0> > > Look at the notice from the FCC down about ½ the page. > > > > > > *Thomas Carter* > Network & Operations Manager / IT > > *Austin College* > 900 North Grand Avenue > Sherman, TX 75090 > > Phone: 903-813-2564 > www.austincollege.edu > <https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.austincollege.edu%2F&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939823692&sdata=VfNn41KTdQNM9aSHreit3ld%2FBmhvFsMyyfdMwfcZ008%3D&reserved=0> > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Sidharth Nandury > *Sent:* Monday, October 28, 2019 10:34 AM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Aruba Wireless - IDS: Protect-SSID > > > > All, > > > > We have been asked to look into rogue WAP detection and mitigation. We are > an Aruba shop for wireless and are running v6.5.4.12. After doing some > research and looking at Airheads posts, it lead to me a configuration > called "Protect SSID" in the IDS profile. Though I have successfully tested > this in a lab environment and it seems to be "protecting" valid > SSID's (ones that I have configured), I am a little apprehensive about > simply turning this on due to the ramifications that it might cause. > > > > I am wondering if anyone here has used this setting to help with > mitigating rogue SSID broadcasts and protecting your clients connecting to > these rogue WAPs. I would also love to hear about any pitfalls with turning > this on, and any other gotchas that I might need to keep in mind other > suggestions about rogue WAP detection and mitigation, I would love to hear > them. Please feel free to reach me off this list if you wish. > > > > Please let me know if any additional information is needed on my end. > Thank you for your time. > > > Regards, > > Sid > > > > -- > > [image: Image removed by sender. Denison University Logo] > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fdenison.edu%26c%3DE%2C1%2C3SbNFzUhQ1cH6_YJ_S_MgdUv2bQAdcJE20ihzEFSulcA0CnvyieJIGu9ddNCYI_GLMy3AeMp5gwCHqsuqX7y9OwV8bxgkwk9opmVKUTS%26typo%3D1&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939823692&sdata=qW3WQpnzHnGxHSdyUIWUDDQX54Qj4hqn0KUGMX43Ou4%3D&reserved=0> > > *Sidharth S. Nandury* > *Network Engineer* > Information Technology Services > > 100 West College Street, Granville, OH 43023 > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fdeniso.nu%252f2qF6h7M%26c%3DE%2C1%2CV2G7R1vyiWtcQB3ly-PYWUU7J291jCALtZFeYgmVv7l6iR94Bj0GCw4pPxgnV9rzPPH5KQbHIsZ86gYOQYd220ayxc-jaIweLjo63_CGS2XiXalaq6Q3ABGJ%26typo%3D1&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939833690&sdata=tsz1S8ryYniClLHMvGbI6Uwwv%2FSgKtNeZmB2LsKtjC4%3D&reserved=0> > | Fellows 003C > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fdenison.edu%252fmap%26c%3DE%2C1%2C6MitBRcDdjxKiLUIU8aEWs_xpSvvxfkXvM3JRSDnEQbhnszUrJ7-F8fgTWsTq6b6Oj2VtrycdyDJ-9o_dPzhBisePSMH5rwoNy2P-FlEB4eMgrpeKQ%2C%2C%26typo%3D1&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939833690&sdata=huH%2BMuP6m%2FRcMONpNZxEFjMGhOPVk%2BWEwX1gWh8quXA%3D&reserved=0> > Office: 740-587-5533 | Mobile: 516-314-4413 > nandu...@denison.edu > https://denison.edu/campus/technology > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fdenison.edu%252fcampus%252ftechnology%26c%3DE%2C1%2CoLheI3NnrW-G-FZl319tjZwIagvq8A0Zh9NSrzKAm6ySX_zHxtyhxT3mrGS_cc4QXV289aOvH2idRvYnktvQLg8jIr3IeldKH-qcOvJ3TWQ0PA%2C%2C%26typo%3D1&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939843688&sdata=rL4dyheIFOCdqW0TO%2Fh81XDJk4%2FMcgEteNRTe%2BmN7Q8%3D&reserved=0> > > *Please consider the environment before printing this email.* > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fwww.educause.edu%252fcommunity%26c%3DE%2C1%2CiyHWPoELYm0sy5dXaVv7Ez_A8r2zHFQyfTUG2dakocGNuhYkE7XGVKiX88z9WlqprbrBrSKw-0QXKT_H-p3EPuUwLGvjmwy83Mz98Hrscw%2C%2C%26typo%3D1&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939843688&sdata=L1%2FZMloBATlzGbWog2KVWcNGE5NhjCM1JpZxsIGkHRc%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > <https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ccae104%40PSU.EDU%7C08324b40359f4fff4e1508d75bbeef57%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637078747939843688&sdata=fJ6ktQVMI5ezeylh9hBWhxk%2BdTDS2p1PMvkbiCBceiY%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > -- [image: Denison University Logo] <https://denison.edu> *Sidharth S. Nandury* *Network Engineer* Information Technology Services 100 West College Street, Granville, OH 43023 <https://deniso.nu/2qF6h7M> | Fellows 003C <https://denison.edu/map> Office: 740-587-5533 | Mobile: 516-314-4413 nandu...@denison.edu https://denison.edu/campus/technology *Please consider the environment before printing this email.* ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
