Rogue Devices Explained

Modified on Mon, Jun 19, 2023 at 8:13 AM

What is a Rogue Device?


Acumera's Rogue Device Manager service monitors the devices present in your "Trust Network" (the network containing your Point of Sale system), and compares what it finds to a list of known devices (the "Baseline"). 

A Rogue Device is any device that your firewall doesn't recognize that appears in the same network as your Point of Sale system. Often this is a device you purposefully connected to your network, but if not, there is cause to investigate.


Why did I receive a Rogue Device Alert, and what should I do about it?


There are three reasons you might receive a Rogue Device Alert, in order of most common to least:


  1. An existing device on your network changed its local IP address. This often happens when your "Trust Network" is configured with DHCP. This causes devices to get new local IP addresses periodically, and after every network reboot. If this is the case, one of two solutions is recommended:
    1. Convert your Trust Zone to a Static IP Configuration. This involves some cooperation between Acumera and someone on site, as settings will need to be changed on your local devices, but it means that every device will always have the same local IP address.
    2. Acumera can ignore IP Address changes for alerting purposes.

      Please click here to learn more about DHCP and Static IP addresses.

  2. You connected a new device to your Trust Network
    1. If the device is temporary, you can ignore the alert
    2. If the device will remain on (or frequently return to) the network, you'll want to let us know so that we can add the device to the Baseline.

  3. Someone else connected a new device to your Trust Network
    1. In this scenario, the most common answer is someone on site such as an employee or contractor connected a device (like a laptop) to the firewall in an attempt to get internet access.
    2. If you are unable to determine who connected a device to your network, we can assist you in investigating. 


How can I tell which device is which?


  • Use the MAC Address
    • Each device has a MAC Address which is given to it at the factory when it is created. Because these MAC Addresses are regulated, you can look up information about where a device came from just by using the MAC. 
    • Use this free online tool to look up a MAC address and learn more about it. 
  • Use the Local IP Address
    • Each device on your network has an IP Address given to it by your router (which is the firewall in this case).
    • Most devices have a way to show you their IP Address, which you can then compare to the Rogue Device Alert you received. Bear in mind that (as mentioned above) if your network is DHCP, your devices' Local IP Addresses can change.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article