![]() ![]() ![]() pcap files generated can be read by WireShark (and other. Procedurally, Ethernet frames and 802.11 control information are monitored, but not packet payloads. The AP's details are: MAC address, protocol, channel, SSID, security setting, vendor, RSSI dBm. The Client's details are: MAC address, user name, vendor, RSSI dBm. ![]() Unauthorized Client is connected to Authorized AP. You can drill down into each item on the list (ex: Unauthorized Client) into the instances found. These are stated by time and are graphed by devices or instances. Tracked in near realtime are AP Related Threats (rogue, banned, honeypot, DoSed, and/or misconfigured APs), and Client Related Threats (unauthorized, banned, mis-association, discovered ad hoc networks and/or bridging/ICS clients – those backdooring the network). The Forensic portion of the dashboard deals with the discovery of bad guys. So you'll know if Eddie uses Facebook on breaks or Eddie uses Facebook from the time he arrives until he leaves, as well as if he watches plentiful videos over Facebook. We could drill down and ask how many clients (and their Mac addresses) accessed Facebook, how much data they consumed, how Facebook data compared to all data transfers for a specific client and how often Facebook was accessed for that client over time. Facebook, it turns out, is by default rated a very high threat. The Apps Visibility we found to be very interesting, as each app (ex: Facebook, SSL/HTTP page, iCloud, etc.) is given a Threat Index, which admins can redefine. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |