LogoLogo
Release NoteMicrositeWhite PapersCloud License
Cloud User Manual
Cloud User Manual
  • What is EnGenius Cloud?
  • Getting Started
    • Signing Up
    • Logging On
    • Registering Devices to Organization
    • Assigning Devices to Network
    • Device Setup
      • QIG
      • Troubleshooting ECW AP
        • LED Status
        • Default SSIDs
        • Login to Local Access Page
      • Label information
  • Working with Organization Trees
    • Organization
    • Hierarchy View
    • Network
  • Managing Devices
    • Managing Camera
      • Recording Playback and smart Motion Search
      • Configure and Check Camera Details
        • Camera AI settings
        • Region & Cross Lines
      • Video Walls
      • AI-Powered Search
    • Managing Gateway
      • Configure and Check Gateway Details
      • VPN Status
    • Managing Access Points
      • Diag Tools
      • Configure and Check AP Details
      • AirGuard
    • Managing Switches
      • Diag Tools
      • PoE scheduling
      • Getting Switch Analytics
      • PD/Auto-Cam Lifeguard
      • VLANs
      • Mirror
      • Link Aggregation
    • Managing PDU
      • Outlet Summary
      • Outlet Scheduling
      • Outlet AutoReboot
      • Alerts
      • Diag Tool
      • LCD Panel
    • Managing Clients
      • Client Timeline
    • Device Map Location
    • Floor Plans
    • Topology
  • Configuring Networks
    • Configuring Access Points
      • Configuring SSIDs
        • 802.11 Settings
        • Configuring Security
        • SmartCasting
        • Client IP Addressing
        • Dynamic VLAN Pooling
        • Advanced Settings
        • QoS
        • Captive Portal
        • LDAP server
        • Active Directory
        • Azure AD
        • Voucher Service
        • Configuring Splash Page
        • Access control
        • Clone SSID
        • Hotspot 2.0
        • Application Control
        • Layer 3 (L3) outbound firewall
        • Examples
      • Configuring Radio
      • Configuring Cloud RADIUS
      • Configuring MyPSK
      • Configuring VLAN
    • Configuring Switch
      • System & Protocols
      • Templates
    • Configuring Gateway
      • Configuring Interface
        • WAN
        • LAN
        • Static Route
        • Policy Route
      • Configuring Site to Site VPN
      • Configuring Client VPN
        • VPN settings for IOS
        • VPN settings for Mac OS
        • VPN settings for Android
        • VPN settings for Windows 10
      • Configure ESG VPN Users
      • Configuring Firewall
      • Configuring CloudBrink
    • Configuring PDU
      • Template
    • Configuring Camera
      • Quality & Retention
      • Camera Display
    • Firmware Upgrade
    • General Settings
    • Client Access Control
  • Analytics
    • Device Events
    • System Events
    • Config Logs
  • MSP Portal
    • Dashboard
    • Teams
    • Inventory & License
    • Clone Org & Networks
  • Managing Organizations
    • Managing Device Inventory and License
      • Cloud AI license
    • Privacy
    • Backup & Restore
      • Configuration Template
  • Managing Team Members
    • Roles and Permissions
  • Notification & Alerts
    • Notification Center
    • Configuring Alert Settings
  • Mobile App
  • Get Remote Support
  • Security
    • Two Factor Authentication
    • RadSec Certificate
  • Report
  • Appendix
    • Access Point LED Behavior
    • ESG LED Behavior
    • SSID Troubleshooting Naming Rules
    • Firewall rules
      • Global Site
      • Japan Site
  • Configuration Guide
    • SAML SSO with ADFS
Powered by GitBook
On this page
  • Rules
  • Rogue SSID
  • Evil Twin
  • Malicious Attack
  • RF Jamming
  • Other SSID

Was this helpful?

Export as PDF
  1. Managing Devices
  2. Managing Access Points

AirGuard

Last updated 1 year ago

Was this helpful?

AirGuard is EnGenius technology to detect the rogue source, evil twins, DoS attacks, and RF jamming. You can access this screen under Manage > AirGuard

Rules

  1. Users should enable AirGuard first (by default: off) to activate AP to detect the rogue source

  2. If Enabled "Contain all Rogue Devices", all rogue SSID devices will be contained automatically and Zero-Wait DFS will not be functional.

  3. Scanning APs list down all APs who can do AirGuard (AirGuard AP), click “Details” will redirect to the AP detail page.

  4. Users can set rules to categorize specific SSID or BSSIDs with a partial match or exact match.

Must know

AirGuard requires at least one AP with dedicated scanning radio in this network. eg, ECW220S, ECW230S

Rogue SSID

  • All SSID match “Rogue rules”

  • All SSID match legitimate SSID but are not recognized by Cloud-managed device (It could be rogue AP, it also could be other vendors' legitimate AP)

  • Broadcast MACs are the BSSID (MAC), detected by our AP, broadcasting the rogue SSID. It could be multiple BSSIDs. Click on the line to see detailed information.

  • Seen by: the Rogue SSID might be detected by multiple EnGenius AP

  • Severity: The rogue reason severity could be high and require the user’s attention. The color bar in front of the SSID indicates the severity: Very high: Red; High: Orange…

  • Containment: Contained means the rogue SSID that your EnGenius AP is currently containing. Whenever a client attempts to connect to the rogue SSID, they will be forced off. Uncontained means the Rogue SSID is not currently contained.

  • Move to Whitelist: If the user found the SSID should be legitimate, then he can select it and move to whitelist (move to “Other SSIDs”)

  • Contain: This is the action that if you determine the Rogue SSIDs are threats to your network, you could click contain so the client will be forced off when the client attempts to connect the Rogue SSIDs.

  • Uncontain: This is the action that the Rogue SSIDs were noticed during a scan, but has not been determined to be a threat to your network, so you could click Uncontain.

Evil Twin

  • AP impersonation: SSID = legitimate SSID and BSSID = legitimate BSSID, which means someone is using the legitimate AP’s MAC and SSID trying to steal client information

  • AP spoofing: BSSID = legitimate BSSID, but not legitimate SSID

  • The severity is always “Very High” and requires attention.

Malicious Attack

DoS attack trying to let clients or specific clients not able to connect to the AP

  • De-Auth attack: The rogue client sends a high volume of “De-Auth” traffic, so clients are always de-auth.

  • Dis-association attack: The rogue client sends a high volume of “Dis-association” traffic, so clients are always disassociated.

  • Attacked Party: Either specific client (MAC address) or broadcast (all MAC ff:ff:ff:ff:ff:ff)

RF Jamming

RF Jammer sends RF noise on a certain channel to increase the SNR rate or keep the SSID/channel busy, so the client cannot connect to SSIDs on the channel.

Other SSID

  • There are many BYOD devices (employee’s mobile phones) broadcasting SSID for their own use, which is harmless

  • Whitelisted SSID

More details:

More details:

More Details:

More details:

More Details :

https://docs.engenius.ai/whitepapers/airguard/rules-and-classifications#rogue-ssids
https://docs.engenius.ai/whitepapers/airguard/evil-twin
https://docs.engenius.ai/whitepapers/airguard/malicious-attacks
https://docs.engenius.ai/whitepapers/airguard/rf-jamming
https://docs.engenius.ai/whitepapers/airguard/rules-and-classifications#other-ssids