Cisco DNAC Rogue Detection and aWIPS – Cisco Blogs
Back when I started as a network engineer, we didn’t even have wireless networks. All of our clients were hardwired. In fact, because I was in charge of network security, I remember being firmly opposed to introducing wireless onto my network! Those days are obviously long gone, but one thing hasn’t changed–even with hardwired clients, I managed an open-source IPS system to detect attacks against my network, malware, and other threats.
I recently sat down with Pradeep Venkata, a technical marketing engineer working on Cisco DNA Center, to talk about the latest innovations in rogue detection and aWIPS (Adaptive Wireless Intrusion Prevention System) on Cisco DNAC. It turns out that the threats against networks are much more intelligent than they were in the past, and we need better strategies to contain and mitigate these threats. Cisco DNA Center has a number of new capabilities to make it easier to keep your network secure, now and as your employees return to the office.
Rogue and aWIPS detection are available on individual wireless LAN controllers (WLC), but using Cisco DNAC provides a number of advantages. First, instead of each WLC being an island, DNAC provides a single point of management for multiple controllers. It can receive encrypted telemetry from all of your controllers and correlate the data it receives.
Next, by integrating with DNA Spaces, Cisco DNA Center is able to provide location information on your threats. If a rogue AP is on your network inviting your users to connect, it doesn’t do you much good just to know it exists–you need to know where that rogue AP is so you can shut it down. With rogue detection, using RSSI signals and triangulation from multiple APs, we can give you precise information on the location of threats on your network.
Cisco DNAC has the ability to contain threats as well, either by shutting down the switchport the threat is attached to, or even by triggering adjacent APs to send out de-authentication frames. Not only can you learn where the threat is, but you can take action to mitigate it until you can physically remove it.
Not sure how seriously to take a threat? Cisco DNAC provides impact analysis so you know how many users are getting into trouble because of a given threat. I joked with Pradeep that back when I was managing an IPS back in the 1990’s, my impact analysis happened when the volume of threats caused the IPS to crash. We can give you much better information now to gauge the extent of the problem you are dealing with.
Cisco DNAC can also provide a live packet capture of threats as well. Forensic analysis of attacks against your network are a lot easier when you can examine a PCAP file containing the raw data of the attack.
I’ve always been a big advocate of APIs, and I’m particularly a big fan of Webhooks. Webhooks allow you to receive data via APIs using a push model instead of a pull model. With rogue and aWIPS, you can set up Webhook notification for malicious events, which allows you receive immediate notification of these events in a script or to a SecOps dashboard in your operations center.
I may have been right about one thing when I was a young engineer–wireless did indeed open up a number of new security challenges that simply don’t exist on wired networks. Thanks to my education from Pradeep, I know that Cisco DNA Center is ready to help you conquer these challenges!
Check out our Cisco Networking video channel
Subscribe to the Cisco Networking blog
Share: