Combat Cyber Espionage with New SonicWall TZ Wireless Firewalls

/0 Comments/in /by

How many times have you heard the phrase, “Your data is your most valuable possession?” Pretty often I bet. And it’s true. The information your organization keeps is extremely important not only to you, but to your customers as well.

I was thinking about this the other day while watching a scene from the movie “The Incredibles” where the superhero mom tells her daughter, “Your identity is your most valuable possession. Protect it.” That’s good advice, whether it’s data, records or even the identity of your employees or your customers. Protecting the things that are valuable to your organization from the seemingly relentless onslaught of theft is critical in today’s world.

Every day we are all potential victims of cyber-espionage. It doesn’t matter what size your organization is. Sure, the bigger the victim the larger the headline. To safeguard our customers against attack, today SonicWall has announced the new SonicWall TZ Wireless firewall series which combines enterprise-grade security, deep packet inspection of SSL-encrypted traffic and integrated high-speed 802.11ac wireless for small and medium-sized businesses and distributed enterprises.

Back in April we announced our new lineup of secure, high-performance SonicWall TZ series firewalls that help both small and medium-sized businesses (SMBs) and large distributed enterprises protect their most valuable assets. The TZ series allows SoincWall to offer market-leading security solutions to its customers at a price that fits under even the tightest budgets. With these new firewalls, small organizations can afford the same security effectiveness as large enterprises.

One of our premier partners, Western NRG, has already experienced the incredible benefits of the new TZ wireless firewalls.

“Since I upgraded my remote office from a TZ 105 Wireless to the new TZ500 Wireless I have noticed a substantial increase in my Internet speeds! I am truly taking advantage of the 100Mb download offering from my ISP. In addition, I have also added the new SonicPoint ACi to the network. The boys at NRG configured the TZ500 Wireless and the SonicPoint ACi to use the 5GHz radio and a single SSID which allows me to connect anywhere in the multi-story 3400 square foot facility and have seamless wireless access to networking resources now with amazing speeds!” said Tim Martinez, president of Western NRG, Inc.

The TZ Wireless series takes security and performance another giant step forward with built-in secure WiFi connectivity. And not just any WiFi. With these new firewalls, our customers can have the same level of protection and performance on their wireless networks as they do on their wired networks.

If you’re familiar with the benefits of 802.11ac, good for you. If you’re not, there are plenty of articles you can read on the subject. Even better, check out Scott Grebe’s blog titled “Three Reasons to Make the Jump to 802.11ac.”If you don’t have the time, here is the abbreviated version.

  • 802.11ac is really fast. It’s about 3x faster than its predecessor 802.11n. Faster speed means greater employee productivity and a better user experience.
  • 802.11ac enhances the quality of the wireless signal. Ever have a poor WiFi or cellular connection? How did that make you feel?
  • 802.11ac plays well with earlier wireless standards. In other words, it’s backward compatible with WiFi devices that use the 802.11n, b, g or a standards like your mobile phone, tablet and laptop so you can continue to use them to connect to the wireless network if you want.

The integration of high-speed wireless into our TZ series firewalls is good news for SonicWall customers. It enables us to offer them a complete security solution for wired and wireless networks of all sizes. SMBs love the highly integrated nature of the TZ series along with the simplified setup and management. Configuration of the LAN and wireless LAN and accompanying security is all done through the appliance’s GUI. So is the management. Distributed enterprises also enjoy these same benefits, however many take things a step further by adding our award-winning Global Management System (GMS) to enable centralized management and reporting of multiple TZ series firewalls deployed in different locations.

With the introduction of our new TZ Wireless series we have our strongest lineup ever of wired and wireless firewall solutions for SMBs and distributed enterprises. Whether it’s our customers’ data, their records or even their superhero identities, we’re able to protect it like no one else. If you want to learn more about the TZ series including our new wireless models featuring 802.11ac, check out the TZ series page on our website.

10 Do’s and Don’ts for Securing Wireless in Retail Stores

/0 Comments/in /by

Not too long ago my wife and I went out to a nice restaurant for dinner. When it was time to pay, the waiter took my credit card and swiped it using a portable credit card processing device. Being in the security industry, I couldn’t help but wonder if the transaction was secure. After all, wireless connections are a vector hackers use to steal customer account information from retail vendors. Since I wanted to enjoy the evening I let that thought go for the time being.

When I got back to the office I started to think more about the level of security retail point-of-sale businesses have for their wireless networks. After all, wireless has become an important tool vendors use not only to take payments, but also as a way to provide customers with more value. Think about it. When we go into a store we can access product information over WiFi. We can redeem coupons over our mobile device. We can get information on promotional offers. There’s a lot available to keep customers interested and loyal.

It’s a two-way street though. Retailers are also collecting data on customers. For example, once we connect to their WiFi or pay our bill using a wireless point-of-sale (POS) payment card reader they can learn more about our shopping habits, the device we’re using, how long we’re connected and more. While all this gives us a more personalized shopping experience, it also helps retailers sell more products, in theory at least. Sounds like a win-win, right? Sure, as long as all the data that travels across the wireless network is secured. But that’s the issue. How do consumers know their personal information is secured over the wireless network? For retailers, how do they ensure their wireless network is secured from attack?

Wilson Lee, a colleague of mine, recently wrote in his blog that “It doesn’t matter whether you are a Fortune 100 company or a small business, the chances are that your Internet doorway is under attack more than your brick and mortar doorway.” His point is that when it comes to theft, it’s not just the physical door to your store that you should be concerned about. The fact is, small retail stores often serve as a point of entry to a corporate network which could result in a larger breach.

How popular is the use of wireless with retail businesses? A survey of retail IT professionals from EarthLink, IHL Group and AirTight Networks revealed that 82 percent of midsize-to-large retailers have deployed in-store WiFi, and 57 percent offer WiFi to both employees and customers. So, if you’re a retailer with a wireless LAN that’s used both internally and by customers, what steps can you take to help secure your wireless network from attack? Here are some basic “do’s” and “don’ts.

Don’t

  • Use basic or default passwords to access your wireless network that are easy to figure out or find on the Internet.
  • Use the name of the store as the wireless service set identifier or SSID.
  • Allow customers on the same wireless LAN as your internal staff and business systems. Keep them separate.
  • Don’t use WEP (wired equivalent privacy) to secure your network. It’s not very secure.

Do

  • Adopt a multi-layered security approach to avoid single point of failure.
  • Consider using a site survey tool before you roll out your WLAN. You might just find some unauthorized (rogue) access points.
  • Create a stringent security policy for wireless access and then allow exceptions.
  • Have your wireless traffic go through a next-generation firewall to scan for and eliminate threats.
  • Run intrusion detection and prevention (IDP) to identify rogue access points and prevent connections to the devices. This is a requirement for PCI (Payment Card Industry) compliance.
  • Create a “walled garden” for customer only access that is separate from internal users through virtual access point segmentation and wireless guest services.

The use of wireless in retail locations continues to increase, both from the consumer and business perspectives, making it a potential vector for attack. To learn more about how you can protect your business and POS systems from attack, read this white paper.

Download WhitePaper

Why Dual-Radio Wireless Makes Sense

/0 Comments/in /by

You’ve decided to make the move to high-speed wireless. Maybe you’re upgrading to 802.11ac or you’re building a new wireless network from scratch. Either way, you’ve got to decide whether the access points you’re going to purchase will have a single radio or dual radios. If price is an issue, choosing an access point with only one radio will save you a little money. However is that the best decision for your wireless networking needs? Here’s why purchasing dual-radio access points makes financial and practical sense.

Dual-radio access points offer several advantages over those with a single radio.

  1. Extend your investment in 802.11x standards – An access point with two radios allows you to dedicate one radio to 802.11ac clients (laptops, tablets and smartphones) and the other to legacy 802.11b/g/n clients. If you still have a significant investment in devices supporting older wireless standards, a dual radio access point helps you extend that investment until you’re ready to upgrade.
  2. Use bandwidth-intensive services – Similarly, dual-radio access points allow you to dedicate one radio to services such as Voice over IP, streaming video and others that take up large amounts of bandwidth while your clients connect to the other radio without being negatively impacted by the services.
  3. Enhance wireless security – Having multiple radios enables you to enhance the security of your wireless network in two ways. First, you can use one radio for employees and provide them with access to internal resources while everyone else (guests, partners, etc.) connects to the second radio which offers internet-only access. Second, having a second radio allows you to use one for wireless intrusion detection and prevention scanning including scanning for rogue access points while the other is used to provide client access. Having only one radio would require all users to disconnect in order to perform the scan and then reconnect again later.
  4. Achieve better signal quality – The 802.11ac wireless standard operates in the less-crowded 5 GHz frequency band, providing better signal quality. Dedicating one radio to 5 GHz and the other to 2.4 GHz enables you to take advantage of the higher signal quality 802.11ac offers while still supporting legacy 802.11b/g/n clients over 2.4 GHz thanks to backward compatibility.
  5. Realize higher client capacities – Very simply, an access point with two radios allows you to have more WiFi-enabled devices connected at the same without experiencing signal interference.

Secure, high-speed wireless

If you have access points with multiple radios then you’re in position to realize the advantages listed above. If you’re looking at purchasing new access points, consider the benefits dual-radio solutions provide over those with a single radio. SonicWall offers several dual-radio access points as part of its SonicPoint Series. The SonicWall SonicPoint ACe and SonicPoint ACi feature two radios, one dedicated to 802.11ac and the other to 802.11n, while the SonicPoint N2 includes two 802.11n radios. Read more about the SonicPoint Series and how these secure, high-speed access points can help your organization.

Download White Paper

Tips for Deploying Wireless in Your Small Business

/0 Comments/in , /by

As a product manager in the security industry I have the opportunity to travel all over the world. On my trips it’s been very rare that I’ll find a location that does not provide some sort of wireless access. Even the most remote locations that may have a small coffee shop, eating establishment or small gathering area offer WiFi. Today it should be a no brainer for businesses of all kinds to provide wireless access to employees and maybe even extend this to their guests.

Most employees use mobile devices such as laptops, smartphones and tablets. Looking at the latest laptop models online most, if not all, come standard with an 802.11ac wireless adapter and you would be hard pressed to find a smaller laptop that has a LAN network interface which does not require an additional dongle or add-on cable.

Now let’s look at what it will take to roll out a wireless deployment for a small business properly and securely.

To begin with, initiate a site survey for the building. This will help you figure out how many access points you will need to provide awesome wireless coverage throughout the structure. It will also enable you to determine whether there are any issues with walls, microwaves or anything else that may interfere with the wireless signal.

Next, decide if you want to provide guest access. If you do, you will need to understand the wireless security requirements you’ll need to enforce, such as setting up a virtual access point, enforcing the use of encryption or leaving the guest access open, but requiring authentication to a captive portal, similar to what airports may use before guests are able to access the internet.

For employee wireless security you can require standards-based WPA2 encryption and decide if you will use PSK or EAP which require an authentication server. For an additional level of security you can mandate the use of SSL VPN to access company resources over the wireless network.

With this new wireless network you will also need to take into consideration the security of the traffic going into and out of the wireless network for both employees and guests. This may include adding content/web filtering as a way to limit access to sites that could contain malware, and scanning all traffic through a deep packet inspection engine to look for potential intrusions and malware-based attacks that could impact employee or guest devices.

Additionally, you will want to enforce application-level bandwidth controls on the wireless network to ensure employees and guests don’t consume all the Internet bandwidth watching HD movies or downloading content.

Now that you’ve read through some of the basic requirements for deploying a wireless network, it might be a good time to get in contact with your local reseller or partner who can help with the planning, deployment and ongoing management of your wireless network.

download white paper

Six Steps to Securing WiFi in a Small Business

/0 Comments/in , /by

In my job at SonicWall, I talk to a lot of people about IT security. One thing I hear a lot of the time from small business owners is something along the lines of “Why would anybody target me? I am just a small company. They would much rather go after big companies.” While this is very true for highly targeted attacks, where a highly motivated and funded attacker is going after a well-known entity, it is simply not true for the majority of attacks which are much more opportunistic in nature.

Let me give you an example. Let’s say you own a local insurance agency in a retail complex. You rely heavily on your computer system to connect to the insurance company and share information about the policies that you need to write. In the business, we call that “private customer information” and it is what you need to protect. Now, let’s assume you have a broadband connection and a consultant who has helped install and maintain your network including the security component. So far, so good.

Next, you decide you would like to add WiFi to your network so you and clients can connect more easily. You decide to go down to the local box store and purchase an off the shelf consumer class wireless access point and connect it to an open port in your office. You skip quickly through the startup menu choosing “quick start” and are up and running in a few minutes. Great, right? Not so fast. Most likely some of the steps you skipped over had to do with securing the wireless traffic, but that is difficult and requires some thought so you decided to do it later, which never happened.

At this point, you have a very secure wired network and an unsecured wireless network. Now, next door is a fast food restaurant with a lot of teenage kids who rotate in and out based on the season. One of them happens to be a wanna-be hacker, who notices a wide open wireless network and decides to investigate. She finds that she can connect to the wireless network and not only get wireless access, but also see the files on your computer, because you allow file sharing! And worse, she can see the private customer information that is so important to not only your local agency but also the nationwide company. And in a fit of teenage rebellion or altruism, she decides to download the customer data and then sends it to the nationwide agency to show them that one of their agents is not being responsible with their customer’s data. That is known as white hat hacking, and she is actually doing your insurance company a favor. Imagine if a neighbor with less noble intentions had been able to extract the data.

This is just an example, illustrating why wireless security is so important. Here are some tips to help you keep this fictional scenario from becoming a reality.

  1. Utilize a firewall with integrated wireless security that simplifies the implementation of wireless network security.
  2. Leverage deep packet inspection on the firewall to scan all traffic to and from the wireless users’ computers for viruses, malware and intrusions that may have been brought in from the outside.
  3. Since many websites are now leveraging SSL encryption to protect user data, make sure that your wireless network security solution can decrypt and scan encrypted traffic.
  4. Look for wireless network security solutions with wireless intrusion detection and prevention to block rogue access points and minimize the disruption from denial of service attacks.
  5. Apply application control to block unauthorized applications from being used on the wireless network.
  6. Set up a secure wireless guest network with encryption for your guests if you want to allow your customers to use WiFi in the lobby or conference rooms.

This is just one hypothetical example of what can happen if you don’t take security seriously. To learn more about wireless security, here is a quick and easy infographic with more information on this important topic.

Follow me on Twitter: @johngord

DOWNLOAD INFOGRAPHIC

Three Reasons to Make The Jump to 802.11ac

/0 Comments/in /by

Back in 2013 we started to hear about the next leap forward in wireless technology, 802.11ac. Then last year, we began to see WiFi-enabled products enter the market that integrated the new standard. Now, it’s getting harder to find the latest laptop, tablet or mobile phone that doesn’t come with 802.11ac as a standard feature. The previous wireless standard, 802.11n, will be phased out in the coming years. Given all this, is it time for your organization to upgrade its wireless access points (WAPs) to models that run 802.11ac?

The crux of the decision comes down to cost versus benefit. How much is it going to cost me to replace my existing WAPs or add new ones to my network? The answer is, it varies. You can purchase a low-end 802.11ac access point for a little over $100. On the other end of the spectrum a higher-end WAP can cost up to $1,000. Why the discrepancy? Pricing is based on the number of radios and antennas, quality of the internal components, software features and a few other factors. If you own a small- or mid-sized organization you probably don’t need all the bells and whistles. There are plenty of solutions that will allow you to take advantage of 802.11ac at a price that makes it worth your while.

Given the cost, what’s so compelling about 802.11ac WAPs that you should consider making the jump? After all, there’s a good chance most of the WiFi-ready devices accessing your network are still using 802.11n. Partly it’s planning for the future. It’s estimated that there will be more than 1 billion WiFi devices based on 802.11ac by the end of this year, and that number will only be going to grow. At some point you’re going to replace those old laptops and tablets and 802.11ac will be the only wireless option on the new devices. But what are the reasons that will really make it worth your while? Here are three.

  • Superior wireless performance – 802.11ac promises up to 1.3 Gbps of wireless throughout, 3x that of 802.11n. It’s likely you won’t see that level of performance since there are many factors that influence throughput. However there’s no denying the significant speed increase 802.11ac brings. Faster performance means faster access to information which translates into higher employee productivity. Not only that, it allows your employees to utilize higher-bandwidth mobile and collaboration apps such as streaming HD video and SharePoint without experiencing the same signal degradation you get with 802.11n.
  • Enhanced signal quality – Faster speeds are a great thing. So is having a high-quality wireless signal. The 802.11ac standard operates in the 5 GHz frequency band, which has fewer wireless devices competing for airspace and is therefore less prone to signal interference. In addition, 802.11ac uses wider 80 MHz channels and has more non-overlapping channels than 802.11n, which operates in the 2.4 GHz frequency band. Add these up and the result is better signal quality.
  • Backward compatibility – Like earlier wireless standards, 802.11ac is backward compatible. This means your 802.11a/b/g/n devices can still connect to an 802.11ac access point. So, if you have a significant investment in devices using these standards you’re in luck. Even better, if you choose an access point with dual radios and one of the radios supports 802.11ac, you can dedicate one radio to devices using 802.11ac and the other to devices running the older standards.

Making the move to wireless access points that support 802.11ac is going to cost you some money. Depending on your requirements, it doesn’t need to be that much. The performance benefits of high-speed wireless generally justify the expense and you’ll be setting your organization up for the future when every WiFi-enabled device you purchase comes standard with 802.11ac. SonicWall offers a family of high-speed 802.11ac wireless access points called the SonicPoint Series. Read more about how these secure, high-speed access points can help your organization.

Download White Paper