This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Not understanding ignore list and how to deny access

patriot over 2 years ago

I have read the definitions for watch list, white list, and rogue devices, but there are a couple of things I do not understand.

One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe?

Two, If a White List rule places a device on the "ignored" list, what is the effect of that? I know that neither the device nor any data will appear in UDT widgets, but does that also mean the device has been denied network access, or just that it is invisible, but still connected (which would seem to be rather risky).

Third, based on your answers to my questions, can you give some examples of each device type and why you decided to treat them as rogue, safe, or ignored?

Thanks for any help.

Top Replies

donrobert5 over 2 years ago +1

One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe? - this would only matter if you have…

Parents

0 donrobert5 over 2 years ago

One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe?

- this would only matter if you have enabled the rogue alerting. Essentially, you have a rogue widget that tells you possible rogue devices. Whitelisting it would mean you are bypassing it and would treat it as safe.

Two, If a White List rule places a device on the "ignored" list, what is the effect of that? I know that neither the device nor any data will appear in UDT widgets, but does that also mean the device has been denied network access, or just that it is invisible, but still connected (which would seem to be rather risky).

- Whitelist means it will be monitored and will be marked as safe, Ignored is essentially, just be ignored and would not be monitored.

Third, based on your answers to my questions, can you give some examples of each device type and why you decided to treat them as rogue, safe, or ignored?

- Can you point me to the information where you read on about the whitelist, rogue and watchlist? It should include those information.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 donrobert5 over 2 years ago

One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe?

- this would only matter if you have enabled the rogue alerting. Essentially, you have a rogue widget that tells you possible rogue devices. Whitelisting it would mean you are bypassing it and would treat it as safe.

Two, If a White List rule places a device on the "ignored" list, what is the effect of that? I know that neither the device nor any data will appear in UDT widgets, but does that also mean the device has been denied network access, or just that it is invisible, but still connected (which would seem to be rather risky).

- Whitelist means it will be monitored and will be marked as safe, Ignored is essentially, just be ignored and would not be monitored.

Third, based on your answers to my questions, can you give some examples of each device type and why you decided to treat them as rogue, safe, or ignored?

- Can you point me to the information where you read on about the whitelist, rogue and watchlist? It should include those information.
Cancel
Vote Up +1 Vote Down

Cancel

Children

No Data