Not understanding ignore list and how to deny access

I have read the definitions for watch list, white list, and rogue devices, but there are a couple of things I do not understand.

One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe?

Two, If a White List rule places a device on the "ignored" list, what is the effect of that? I know that neither the device nor any data will appear in UDT widgets, but does that also mean the device has been denied network access, or just that it is invisible, but still connected (which would seem to be rather risky).

Third, based on your answers to my questions, can you give some examples of each device type and why you decided to treat them as rogue, safe, or ignored?

Thanks for any help.

Parents
  • One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe?

    - this would only matter if you have enabled the rogue alerting.  Essentially, you have a rogue widget that tells you possible rogue devices.  Whitelisting it would mean you are bypassing it and would treat it as safe.

    Two, If a White List rule places a device on the "ignored" list, what is the effect of that? I know that neither the device nor any data will appear in UDT widgets, but does that also mean the device has been denied network access, or just that it is invisible, but still connected (which would seem to be rather risky).

    - Whitelist means it will be monitored and will be marked as safe, Ignored is essentially, just be ignored and would not be monitored.

    Third, based on your answers to my questions, can you give some examples of each device type and why you decided to treat them as rogue, safe, or ignored?

    - Can you point me to the information where you read on about the whitelist, rogue and watchlist?  It should include those information.

Reply
  • One, what does it mean that a device is "safe"? I don't see any way to deny network access to a device, so what does it matter if a device is seen as rogue or safe?

    - this would only matter if you have enabled the rogue alerting.  Essentially, you have a rogue widget that tells you possible rogue devices.  Whitelisting it would mean you are bypassing it and would treat it as safe.

    Two, If a White List rule places a device on the "ignored" list, what is the effect of that? I know that neither the device nor any data will appear in UDT widgets, but does that also mean the device has been denied network access, or just that it is invisible, but still connected (which would seem to be rather risky).

    - Whitelist means it will be monitored and will be marked as safe, Ignored is essentially, just be ignored and would not be monitored.

    Third, based on your answers to my questions, can you give some examples of each device type and why you decided to treat them as rogue, safe, or ignored?

    - Can you point me to the information where you read on about the whitelist, rogue and watchlist?  It should include those information.

Children
No Data