Posts

Is 802.11ax Going Away? And What is Wi-Fi 6?

The Wi-Fi Alliance has announced a change in the Wi-Fi naming standards. Yep. That’s right. The terms that you are now used to — like 802.11ax, 802.11ac and 802.11n — are being replaced with a much simpler naming scheme: Wi-Fi 6, Wi-Fi 5 and Wi-Fi 4, respectively.

Anything that predates 802.11n isn’t officially getting a name change. This move from Wi-Fi Alliance is aimed at making it simpler for manufacturers and consumers to understand and use the technologies. Along with the new names, they get new logos as well. However, from a regulatory and specification standpoint, the names still retain its techy naming scheme: IEEE 802.11.

“For nearly two decades, Wi-Fi users have had to sort through technical naming conventions to determine if their devices support the latest Wi-Fi,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance, in the official announcement. “Wi-Fi Alliance is excited to introduce Wi-Fi 6, and present a new naming scheme to help industry and Wi-Fi users easily understand the Wi-Fi generation supported by their device or connection.”

New Wi-Fi Naming Standards

  • Wi-Fi 6 identifies devices that support 802.11ax technology
  • Wi-Fi 5 identifies devices that support 802.11ac technology
  • Wi-Fi 4 identifies devices that support 802.11n technology

Source: Wi-Fi Alliance

According to a new study by the Wi-Fi Alliance, the global economic value of Wi-Fi will reach $1.96 trillion this year and increase to $3.5 trillion by 2023. To keep up with the proliferation of Wi-Fi devices, it is essential to introduce technologies to keep pace with the changing tides. One of the most talked about wireless technologies in the recent times is the 802.11ax standard, or Wi-Fi 6.

What is Wi-Fi 6?

Wi-Fi 6 is currently deemed the future of Wi-Fi. Why? This is because it introduces significant wireless enhancements over the current Wi-Fi 5 technology.

With the rise in the number of devices and bandwidth-intensive applications, one of the biggest challenges we face on Wi-Fi networks is poor performance. In addition to having high, system-wide throughput, it is also essential to ensure high performance on a per-client basis, specifically for high-density use cases.

This is where Wi-Fi 6 could greatly improve performance, concurrent connections and business productivity. The significant benefits introduced by Wi-Fi 6 include:

  • Orthogonal Frequency Division Multiple Access (OFDMA) Wi-Fi 6 introduces OFDMA, which is an enhancement over orthogonal frequency-division multiplexing (OFDM), a technology that is used in Wi-Fi 5 and dates back to the 802.11a era. OFDM allows only one transmission at a time. OFDMA, in comparison, divides a channel into resource units to allow multiple communications simultaneously.With Wi-Fi 6, each resource unit can be as low as 2MHz and as high as 160MHz. This enables multiple data transmissions across multiple devices at the same time, improving overall network efficiency and capacity. Doing so allows frequencies to be divided into smaller subcarriers so that traffic can be coordinated to serve more packets from more devices, increasing the network’s capacity.
  • Upstream and Downstream Multi-User Multiple-In Multiple-Out (MU-MIMO)
    With Wi-Fi 5 Wave 2, MU-MIMO was restricted to only downstream communication, whereas Wi-Fi 6 adds support for MU-MIMO in both upstream and downstream communications. Previously, only the wireless access point (AP) could transmit data to clients simultaneously. Now, clients can transmit data simultaneously back to the AP.
  • 1024 Quadrature Amplitude Modulation (QAM)
    Wi-Fi 5 supports 256 QAM, while Wi-Fi 6 can support 1024 QAM. This denser modulation enables a speed burst of more than 35 percent. This boosts Wi-Fi performance and is most effective for users closer to the access point.
  • Target Wake Time (TWT)
    This mechanism enables AP and client devices to coordinate wake times when devices need to be awake. Doing so improves efficiency, reduces contention and enables power-saving by identifying times when the devices will be awake to send or receive data. This is especially useful in the Internet of Things (IoT) space, leading to significant power-savings for battery-powered devices.
  • Enhancement to 5GHz and 2.4GHz Frequency Bands
    Unlike the Wi-Fi 5 standard that introduced enhancement to only the 5GHz band, Wi-Fi 6 introduces enhancement to both 2.4GHz and 5GHz bands. Data speed of up to 9.6 Gbps is possible with Wi-Fi 6. Enhancements offered by Wi-Fi 6 boost average per-client performance by up to four times in comparison with Wi-Fi 5. In addition, Wi-Fi 6 is backwards-compatible with older technologies like Wi-Fi 5 and Wi-Fi 4.

Solving Challenges with the Wi-Fi 6 Wireless Standard

Wi-Fi 6 is designed for IoT and high-density deployments, including stadiums, universities, shopping malls, transportation hubs, where there are large congregations of people.

At this point in time, Wi-Fi 6 technology is still being amended. The finalized draft is expected in late 2019. Until the standard is finalized, it is not advisable to purchase Wi-Fi 6 products.

In addition, there are no real-world clients to benefit from the Wi-Fi 6 enhancements. Let’s face it, even the latest Apple iPhone XS doesn’t even support Wi-Fi 5 Wave 2. The time is right to expand your network on Wi-Fi 5, as it still gaining traction.

SonicWall offers cutting-edge Wi-Fi 5 Wave 2 access points to address the growing needs of Wi-Fi 5 devices. To learn more about how you can securely expand your network, click here.

Executive Brief: Securing the Next Wave of Wireless

Wireless connectivity is ubiquitous in today’s mobile, global economy. Wireless devices range from smartphones and laptops to security cameras and virtual reality headsets. Businesses need to recognize and address their need for high quality, performance and security across wireless networks and endpoints.

What is MU-MIMO wireless technology?

Did you know that wireless technology dates back to the 19th century? Through the years, great inventors like Michael Faraday, Thomas Edison and Nicola Tesla helped mold the concepts and theories behind electromagnetic radio frequency (RF).

It wasn’t until 1997, however, that the first 802.11 technology was introduced, which is known as the 802.11 legacy standard today. Since then, each new standard either introduced new technology or significantly improved over an older one.

The same holds true for 802.11ac technology. 802.11ac Wave 1 offered a significant enhancement over its predecessor, 802.11n. 802.11ac Wave 1 provided higher channel bandwidth and a new modulation scheme, significantly increasing the max data rates.

The Wave 2 wireless standard

Technology is always replaced and improved upon. Here, 802.11ac Wave 1 technology was replaced by today’s 802.11ac Wave 2 technology. With technologies like the Multi-User Multiple Input Multiple Output (MU-MIMO), increased channel width and more spatial streams (SS) than ever before to make Wave 2 technology a game-changer. Even though the theoretical maximum data rate as per the Wave 2 standard is 6.9 Gbps (8SS AP), the theoretical maximum with a 4SS access point (AP) is 3.5 Gbps.

Specs802.11n802.11ac Wave 1802.11ac Wave 2
Frequency band2.4 GHz and 5 GHz5 GHz5 GHz
MIMO supportSU-MIMOSU-MIMOMU-MIMO
Max channel width40 MHz80 MHz160 MHz
Max Spatial streams448
Modulation64-QAM256-QAM256-QAM
Beamformingimplicit and explicitexplicitexplicit
Backward compatibility11a/b/g11a/b/g/n11a/b/g/n
Max data rates600 Mbps1.7 Gbps6.9 Gbps

Compare the evolution of wireless capabilities from 802.11n to today’s Wave 2 standard.

What is MU-MIMO and how is it different from SU-MIMO?

MU-MIMO is a Wave 2 technology. With Single User Multiple Input Multiple Output (SU-MIMO), the AP is able to talk to only one client at a time. However, with MU-MIMO technology the AP can now transmit up to four devices at a time in the downstream direction.

Talking to more devices in a single transmission decreases airtime, increases efficiency and delivers a better user experience. For MU-MIMO to work, both the AP and the client must support the technology. Since the 11ac Wave 2 technology is backwards-compatible, if the Wave 2 AP has to transmit to a Wave 1 device it will fall back to the Wave 1 technology and use SU-MIMO to transmit.

MU-MIMO improves wireless speed, performance

Faster data transmission with MU-MIMO improves efficiency and ensures more airtime for all clients.  802.11ac Wave 2 enhancements lead to faster data rates, providing higher throughputs, better performance and user experience.

With a 4SS AP, operating on 160MHz channel, sending data to a 3SS client device, the maximum data rate that can be achieved is 2.6 Gbps. However, this is the maximum theoretical data rate. For reference, the latest Apple MacBook Pro is a 3SS 802.11ac Wave 1 device. The MacBook Air is a 2SS 802.11ac Wave 1 device and the Galaxy S3 is a 1SS 802.11ac Wave 1 device.

Overall, MU-MIMO increases network capacity and throughput. This allows the wireless network to meet the rising demand for data-hungry applications. Since the wireless access point can talk to multiple devices at the same time, the number of devices in the queue decreases, resulting in reduced wait time and latency. Increase in the overall network capacity and reduced latency benefits not just the Wave 1 and Wave 2 devices, but also the legacy clients. More than one client is needed to take advantage of MU-MIMO.

Specs1SS2SS3SS4SS
4SS, 80MHz43386713001733
4SS, 160MHz867173326003466

Wave 2 access point data rates in Mbps with different client types.

What happens during MU-MIMO transmission?

A MU-MIMO-capable AP sends a sounding signal to the client devices in the network. Each of the clients sends back a Channel State Information (CSI) based on the information it receives from the sounding signal. The AP calculates the phase and signal strength based on the CSI it receives from each client and selects the MU-MIMO-capable devices that can be grouped in one transmission.

Does MU-MIMO rely on any external factors?

Yes, MU-MIMO relies heavily on multipath and beamforming. Multipath is the process of two or more signals reaching the client at the same time or within nanoseconds of each other. Multipath happens due to RF barriers like walls, metal surfaces and concrete that cause the signals to reflect, refract, etc. Beamforming, however, directs the signal in the direction of the client.

Is it the right time to buy 802.11ac Wave 2 or should I wait for 802.11ax?

According to multiple analyst sources, the Wi-Fi market is not slowing down. For instance, IHS forecasts 11ac Wave 2 technology to increase 12 percent annually for the next three years. There are a number of Wave 2-capable devices in the market today and this will increase in the near future.

Should you wait for 802.11ax? The answer is simple: no. You are looking at a couple of years for the full-fledged adoption of 11ax products. The standard in itself is expected to be ratified in late 2019 after which it needs to pass interoperability testing by Wi-Fi Alliance.

Once manufacturers release 11ax-capable APs that are certified by the Wi-Fi Alliance, mainstream adoption will occur, which is expected to be around 2020. At the same time, 11ax-capable client devices are required to reap the full benefits of the 11ax network. For the next couple of years, 11ac Wave 2 technology will remain the next-gen wireless connectivity standard.

Where can I buy Wave 2 wireless access points?

SonicWall SonicWave Wave 2 access points (432i/432e/432o 802.11ac) provide all the benefits of Wave 2 technology. You can expect superior performance and reliability with these access points. MU-MIMO technology enables SonicWave 400 series access points to transmit up to four devices at the same time.

To implement best practices in wireless networking and wireless security, download our complimentary technical brief, “SonicWall Wireless Network Security.” Learn how SonicWall wireless network security solutions can alleviate performance and security concerns, enabling you to extend your business network without jeopardizing its integrity.

IoT & Mobile Threats: What Does 2017 Tell Us About 2018?

“SPARTANS! Ready your breakfast and eat hearty. For tonight, WE DINE IN HELL!!”

Remember this passionate line by King Leonidas from the movie “300”? We are at the brink of another war — the modern cyber arms race. You need to gear up and be prepared for the thousands of malicious “arrows” that shoot down on you.

This cyber arms race is aimed against governments, businesses and individuals alike, and it’s comprised of different types and forms of cyber attacks. These attacks grow more sophisticated each year, with over 12,500 new Common Vulnerabilities and Exposures (CVE) reported in 2017 — 78 percent of which were related to network attacks.

It’s critical we learn from the past experiences — successes and failures. So, what can 2017 teach us to be better prepared in 2018? Let’s first look at the hard data.

According to the 2018 SonicWall Cyber Threat Report, SonicWall Capture Labs detected 184 million ransomware attacks and a 101.2 percent increase in new ransomware variants from more than 1 million sensors across more than 200 countries. The increase in new variations signifies a shift in attack strategies.

In addition, SonicWall Capture Labs logged 9.32 billion malware attacks. Network attacks using encryption tactics are also on the rise. Without the ability to inspect such traffic, an average organization would have missed over 900 file-based attacks per year hidden by SSL/TLS encryption.

IoT attacks loom

Internet of Things (IoT) threats and memory attacks are also impending challenges that we face across wired and wireless solutions. According to Gartner, by 2020, IoT technology will be in 95 percent of electronics for new product designs.

Recently, Spiceworks performed a survey that resulted in IoT devices being the most vulnerable to Wi-Fi attacks. This makes IoT and chip processors the emerging battlegrounds. IoT was also a big target as “smart” (pun intended) hardware is not updated regularly and is often physically located in unknown or hard-to-reach places, leading to memory attacks and vulnerabilities.

IoT ransomware attacks are alone on the rise and gain control of a device’s functionality. While many of the IoT devices may not hold any valuable data, there is a risk for owners or individuals to be held at ransom for personal data. Gartner also predicts, through 2022, half of all security budgets for IoT will go to fault remediation, recalls and safety failures rather than protection.

There are many smart devices and IoT devices in the market that connect over Wi-Fi, such as cameras, personal and TVs. Imagine an attack on your personal privacy and a hacker gaining control over your device. Distributed Denial of Service (DDoS) attacks still remain a major threat to these devices. Each compromised device can send up to 30 million packets per second to the target, creating an IoT powered botnet.

In fact, at one point in 2017, SonicWall Capture Labs was recording more than 62,000 IoT Reaper hits each day. Considering there could be an estimated 6 billion mobile devices in circulation by 2020, it wouldn’t be totally surprising if the next wave of ransomware targets mobile devices,

How to secure wired, wireless and mobile networks

It is critical to secure your network, both from a wireless and wired perspective. Total end-to-end security is the key to prevent such attacks from happening in the first place. To survive this cyber war, you can follow certain best practices to ensure your protection:

  • Layer security across your wired, wireless, mobile and cloud network
  • Deploy next-gen firewalls that can provide real-time intrusion detection and mitigation
  • Patch your firewalls and endpoint devices to the latest firmware
  • Secure your IoT devices to prevent device tampering and unauthorized access
  • Educate your employees on the best practices
  • Change default login and passwords across your devices

SonicWall solutions include next-generation firewalls, 802.11ac Wave 2 access points, secure mobile access appliances and the Capture Advanced Threat Protection (ATP) cloud sandbox service, all of which combine to provide an effective zero-day threat protection ecosystem.

To protect customers against the increasing dangers of zero-day threats, SonicWall’s cloud-based Capture ATP service detects and blocks advanced threats at the gateway until a verdict is returned. In addition, Capture ATP also monitors memory-based exploits via Real-Time Deep Memory InspectionTM (RTDMI). With innovative SonicWall solutions, rest assured your IoT and mobile devices are protected for the cyberwar.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

READ THE FULL REPORT

Wireless Security: Why You Need to Take It Seriously In 2018

When waves of cyber attacks hit last year, such as WannaCry and Not Petya ransomwares, businesses lost billions of dollars in high-profile breaches. In addition, more than half of the U.S. population’s Social Security information was compromised in the Equifax breach. It was a record-breaking year.

Perhaps the only good that came out of these fiascos is that users became more aware of the importance of cyber security. But it is no longer sufficient to only care about wired network security. Organizations and businesses also have to pay attention to other aspects of security, such as physical security and wireless security.

In line with multiple cyber security forecasts, such as our 8 Cyber Security Predictions for 2018, organizations need to watch out for more sophisticated attacks in 2018. According to the Wi-Fi Alliance, more than 9 billion wireless devices will be used in 2018. Gartner forecasts connected devices to rise from 11 billion in 2018 to over 20 billion by 2020. With the proliferation of wireless-enabled and IoT devices, wireless network security is vital.

However, not all wireless security solutions are equal. Last year, for example, many dealt with KRACK (Key Reinstallation Attack), which leveraged a WPA2 vulnerability that could lead to man-in-the-middle attacks. While many wireless vendors suffered this vulnerability, SonicWall wireless access points were not vulnerable.

How do I choose a wireless security solution?

It can be easy to get drawn in by sales pitches that show you pretty dashboards, features that you don’t need or seldom use, or super-expensive gear that you pay a premium for just because of the brand name.

Instead, take a step back and think of what you really should care about: a Wi-Fi connection that actually works with unfaltering security. Make sure you are committing yourself to a vendor that takes security, user experience and reliability very seriously.

How can I make my Wi-Fi secure?

Organizations, small- and medium-sized businesses (SMB) and individual users can implement cyber security best practices to drastically reduce Wi-Fi vulnerabilities.

  • First and foremost, make sure that you are not broadcasting an open SSID (how others see and connect to your wireless network)
  • Adjust the transmit power on your access points to serve just the area of coverage that is required
  • For corporate networks, separate guest users from internal users
  • Turn on rogue detection and ensure that firewall settings, such as DPI-SSL/TLS are enabled on your network
  • To further improve security, add a firewall to your network

Wireless is an overlay to your wired network. Adding a firewall with an integrated wireless controller capability to your network will further enhance the security of your entire network. The benefits of adding such a firewall include:

  • Complete management of wireless and wired infrastructure
  • Granular application identification, control and visualization
  • Discover and block advanced threats and vulnerabilities
  • Improved security posture and performance that scale to your business requirements

Though there are many wireless security features that can enhance your wireless security, some are more critical than others. Basic functionalities like Wireless Intrusion Detection System (WIDS) and Wireless Intrusion Prevention System (WIPS) must be supported across wired and wireless infrastructure.

Others cyber security capabilities, like application control, content filtering and deep-packet inspection (DPI) even over encrypted traffic, are all essential.

Adding multi-layered security protection to your overall network infrastructure will help minimize network breach success. In order to support the next-generation mobile workforce, BYOD and ability to implement wireless guest services is significant. Site tools can be used to survey wireless signals to optimize the required area of coverage.

These wireless security capabilities, coupled with single-pane-of-glass management, makes it effective and efficient for network admins to have visibility into the network and detect threats on a real-time basis.

Should I buy a SonicWall wireless access point?

SonicWall is a pioneering leader in cyber security, providing seamless security and comprehensive breach detection across wired, wireless, cloud and mobile networks. Best-in-class security latest 802.11ac Wave 2 technology, and an attractive price point make SonicWave wireless access point solutions a sound choice for organizations of all sizes and industries.

[foogallery id=”5554″]

SonicWave wireless access points come in three options:

  • SonicWave 432i (internal antenna version)
  • SonicWave 432e (external antenna version)
  • SonicWave 432o (outdoor access point)

The SonicWave 432 Series comes with a built-in third radio for dedicated security scanning. While many companies provide security and wireless products, SonicWall offers a true end-to-end secure wireless solution.

Need more information about wireless access security? Read our executive brief, “Why You Need Complete Wireless and Mobile Access Security.” Together, let’s make sure your network is ready to face these challenges, and create a fail-proof network for a secure, next-generation user experience.

Wave 2 Wireless Standard Powers SonicWall’s New High-Performance SonicWave Access Points

Over the past few months, Verizon has launched a series of television ads in which the main character utters the line, “Right plan, wrong network.” The actor saying the line is talking to another character who is clearly having an unhappy experience with his/her cellular connection. If you own a mobile phone, it’s likely you’ve gone through something similar at one point.

While the focus is on cellular in this case, the same can be said for Wi-Fi. It’s all about the user experience. Slow wireless performance is a big turn-off. If you’re providing wireless connectivity to employees, customers, students or guests, odds are you’ve heard complaints about the performance of your wireless network at some point.

Of course, there are a number of factors that impact the quality of the wireless connection, such as physical objects, proximity to an access point and, if you’re outdoors, weather. None of this matters to Wi-Fi users, however. They just expect to have lightning-fast connectivity.

The Wave 2 Wireless Standard Is Here

Something else that affects performance is the technology behind the wireless signal. If you’re like me and still have an iPhone 5 that only supports the 802.11n wireless standard, you’re not expecting much. However, if you have a more modern phone you can take advantage of the faster 802.11ac standard, which has been around for the past five or so years.

This assumes the access point (AP) you’re connecting to also supports that standard. Times are changing once again and the new standard is 802.11ac Wave 2, which promises multi-gigabit wireless performance.

In fact, we’re right in the middle of the transition to Wave 2 technology, which means more client devices (e.g., phones, laptops, tablets, etc.) that support the new standard are coming to market along with Wave 2 wireless access points. To take advantage of the faster speeds, both the client and access point must support Wave 2.

Introducing SonicWave Wireless Access Points

Given the seemingly universal use of wireless in retail stores, schools, doctors’ offices and other locations, and the need for high-speed connectivity, SonicWall is extending its portfolio of wireless products with the introduction of a series of 802.11ac Wave 2 wireless access points.

The SonicWave series features two indoor access points, the 432e and 432i, and one outdoor access point, the 432o. All three models are built on the idea of delivering an exceptionally fast, secure and reliable wireless experience.

SonicWave access points support the 802.11ac wireless standard, so they’re able to take advantage of performance and reliability features such as Multi-User MIMO (MU-MIMO), which enables simultaneous transmission from the access point to multiple wireless clients instead of just one.

A built-in 2.5 GbE port eliminates the need for multiple 1 GbE ports to facilitate multi-gigabit throughput. For enhanced reliability, beamforming focuses the wireless signal on an individual client instead of spreading the data transmission equally in all directions.

Wireless Security, Speed

From an organizational standpoint, providing high-speed wireless is essential. It enables the use of bandwidth-intensive apps and faster sharing of data. Securing that data as it travels across the wireless network is equally important.

SonicWall’s solution to the need for wireless security and speed is something we call Wireless Network Security, which combines SonicWave access points with our next-generation firewalls, such as the NSA series.

All inbound and outbound Wi-Fi traffic is scanned by the SonicWall firewall’s high-speed deep packet inspection (DPI) engine, including TLS/SSL encrypted connections, so threats such as ransomware and intrusions are removed. Unknown files are analyzed by our Capture Advanced Threat Protection service to eliminate zero-day threats.

Other security and control capabilities, such as content filtering, application control and intelligence, can be run on the wireless network to provide added layers of protection. The solution also integrates additional security-related features, including wireless intrusion detection and prevention, virtual access points and wireless guest services.

How else can SonicWall help you provide a fast, reliable and secure wireless experience?

  • Dedicated third security radio – Continually scan the wireless spectrum for rogue access points without impacting performance using the SonicWave access point’s third radio, something very few Wave 2 access points on the market provide.
  • MiFi Extender – Attach a 3G/4G/LTE modem to the SonicWave access point for use as either the primary wide area network (WAN) or as a secondary failover WAN link for business continuity.
  • Bluetooth Low Energy (aka Bluetooth Smart) radio – Use industrial, scientific and medical (ISM) applications for healthcare, fitness, retail beacons, security and home entertainment over a low-energy link.
  • AirTime Fairness – Distribute air time equally among connected clients, ensuring faster clients get more data in their time while slower clients receive less.
  • Band steering – Steer dual-band clients to connect automatically to the less-crowded 5 GHz frequency band, leaving the more-crowded 2.4 GHz frequency for legacy clients.

Wave 2 wireless technology is here and with it comes the promise of a faster and better user experience. To learn more about how the SonicWall SonicWave series can help you provide that experience, explore the new SonicWave series on our website.

Meet the New SonicWall NSA 2650 Next-Gen Firewall – Where Faster Meets More Secure

Today I am excited to share the new addition to SonicWall’s NSA product family of Next-Generation Firewalls, the NSA 2650.  Three key trends form the design drivers for the new NSA 2650

  1. Wireless Devices Explosion – The demand for increased bandwidth from wireless networks is constantly on the rise with the growing number of wireless devices used per person. The wireless industry is going through waves of transformation (pun-intended) to support the requirement for more bandwidth. With the latest 802.11ac Wave 2 wireless standards opening the door for multi-gig WiFi performance there is a strong need for switches and firewalls that connect to wireless access points to support these faster speeds without increasing the cost to the network infrastructure.
  2. Multi-gig Campus Requirements – Campus/branch networks require technology trend adoption without adding significant costs to the network infrastructure. For example, switches and firewalls supporting wireless access points must be able to do so with existing the Cat5e/Cat6 cabling infrastructure.
  3. Encrypted Traffic Surge – The trend towards Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption has been on the rise for several years. Articles on the use of SSL/TLS encryption typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Capture Labs Threat Research team shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. As vendors such as Google, Facebook, Twitter and others continue to move to HTTPS, we expect the use of HTTPS to increase. So, organizations now require a secure platform to protect their network from the sophisticated encrypted threats that evade the traditional security mechanisms. 

The NSA 2650 firewall is aimed at campus and branch networks that must secure their environments against the growing number of threats looking for new ways to burrow into networks. The new NSA 2650 firewall is the first branch and campus firewall to deliver automated real-time breach detection and prevention, as well as TLS/SSL decryption and inspection, over multi-gigabit wired and 802.11ac Wave 2 wireless networks. The SonicWall NSA 2650 represents the continuing evolution of SonicWall’s vision for a deeper level of network security without a performance penalty. More than simply a replacement for its predecessor, the NSA 2600, the NSA 2650 addresses the growing trends in web encryption and mobility by delivering a solution that meets the need for high-speed threat prevention.

The NSA 2650 is a 1U-device powered by four cores that provide the processing power necessary to support the compute-intensive deep packet inspection services such as:

  • Intrusion Prevention
  • Anti-Virus
  • Anti-Spyware
  • TLS/SSL inspection and decryption
  • Application Visualization
  • Application Control, Botnet detection
  • Geo-IP identification
  • Anti-Spam
  • User Identification and Advanced Threat Protection

Real-Time Inspection of SSL and TLS Attacks:

Unlike competing firewalls that perform well only with unencrypted connections, the NSA 2650 is built to support the need for more TLS/SSL inspection connections. The NSA 2650 features an unmatched number of encrypted web connections, up to 12,000 and performs deep packet inspection on each connection after first decrypting the traffic.

To protect against more advanced threats such as unknown and zero-day attacks that are concealed in encrypted web traffic, the NSA 2650 utilizes Capture, SonicWall’s cloud-based multi-engine sandboxing service that runs on the firewall. Suspicious files are sent to the award-winning SonicWall Capture service for analysis before rendering a verdict.

The NSA 2650 is a high-port density firewall that features 4×2.5-GbE SFP, 4×2.5-GbE, and 12×1-GbE interfaces with a dedicated management port. In addition to the multi-gigabit ports, high-speed processors and robust onboard memory, the NSA 2650 includes additional hardware enhancements that make it the ideal NGFW for mid-sized organization and distributed enterprises. An optional second power supply is available in case of failure for added redundancy. To help with scalability, the NSA 2650 includes two expansion slots. One is pre-populated with a 16 GB storage module to support features including logging, reporting, last signature update, backup and restores and more. The second slot provides flexibility to add future feature and physical capability expansion. Expandable in the future with additional modules, this versatile, high-port density firewall platform has the capacity to evolve through firmware updates to keep ahead of threats such as ransomware and intrusions.

With the NSA 2650, SonicWall yet again adds a ground-breaking security product to its portfolio. Combined with new 802.11ac Wave 2 SonicWave wireless access points, SonicWall creates a high-speed wireless network security solution that provides wireless users with an enhanced mobile experience.

Our latest firmware release, SonicOS 6.5, has more than 60 new features, and provides support for NSA 2650 hardware platform where faster meets more secure without any compromise on performance to all traffic including encrypted traffic.

Test drive the new NSA 2650 on SonicWall live demo: https://livedemo.sonicwall.com

Why Dual-Radio Wireless Makes Sense

You’ve decided to make the move to high-speed wireless. Maybe you’re upgrading to 802.11ac or you’re building a new wireless network from scratch. Either way, you’ve got to decide whether the access points you’re going to purchase will have a single radio or dual radios. If price is an issue, choosing an access point with only one radio will save you a little money. However is that the best decision for your wireless networking needs? Here’s why purchasing dual-radio access points makes financial and practical sense.

Dual-radio access points offer several advantages over those with a single radio.

  1. Extend your investment in 802.11x standards – An access point with two radios allows you to dedicate one radio to 802.11ac clients (laptops, tablets and smartphones) and the other to legacy 802.11b/g/n clients. If you still have a significant investment in devices supporting older wireless standards, a dual radio access point helps you extend that investment until you’re ready to upgrade.
  2. Use bandwidth-intensive services – Similarly, dual-radio access points allow you to dedicate one radio to services such as Voice over IP, streaming video and others that take up large amounts of bandwidth while your clients connect to the other radio without being negatively impacted by the services.
  3. Enhance wireless security – Having multiple radios enables you to enhance the security of your wireless network in two ways. First, you can use one radio for employees and provide them with access to internal resources while everyone else (guests, partners, etc.) connects to the second radio which offers internet-only access. Second, having a second radio allows you to use one for wireless intrusion detection and prevention scanning including scanning for rogue access points while the other is used to provide client access. Having only one radio would require all users to disconnect in order to perform the scan and then reconnect again later.
  4. Achieve better signal quality – The 802.11ac wireless standard operates in the less-crowded 5 GHz frequency band, providing better signal quality. Dedicating one radio to 5 GHz and the other to 2.4 GHz enables you to take advantage of the higher signal quality 802.11ac offers while still supporting legacy 802.11b/g/n clients over 2.4 GHz thanks to backward compatibility.
  5. Realize higher client capacities – Very simply, an access point with two radios allows you to have more WiFi-enabled devices connected at the same without experiencing signal interference.

Secure, high-speed wireless

If you have access points with multiple radios then you’re in position to realize the advantages listed above. If you’re looking at purchasing new access points, consider the benefits dual-radio solutions provide over those with a single radio. SonicWall offers several dual-radio access points as part of its SonicPoint Series. The SonicWall SonicPoint ACe and SonicPoint ACi feature two radios, one dedicated to 802.11ac and the other to 802.11n, while the SonicPoint N2 includes two 802.11n radios. Read more about the SonicPoint Series and how these secure, high-speed access points can help your organization.

Tips for Deploying Wireless in Your Small Business

As a product manager in the security industry I have the opportunity to travel all over the world. On my trips it’s been very rare that I’ll find a location that does not provide some sort of wireless access. Even the most remote locations that may have a small coffee shop, eating establishment or small gathering area offer WiFi. Today it should be a no brainer for businesses of all kinds to provide wireless access to employees and maybe even extend this to their guests.

Most employees use mobile devices such as laptops, smartphones and tablets. Looking at the latest laptop models online most, if not all, come standard with an 802.11ac wireless adapter and you would be hard pressed to find a smaller laptop that has a LAN network interface which does not require an additional dongle or add-on cable.

Now let’s look at what it will take to roll out a wireless deployment for a small business properly and securely.

To begin with, initiate a site survey for the building. This will help you figure out how many access points you will need to provide awesome wireless coverage throughout the structure. It will also enable you to determine whether there are any issues with walls, microwaves or anything else that may interfere with the wireless signal.

Next, decide if you want to provide guest access. If you do, you will need to understand the wireless security requirements you’ll need to enforce, such as setting up a virtual access point, enforcing the use of encryption or leaving the guest access open, but requiring authentication to a captive portal, similar to what airports may use before guests are able to access the internet.

For employee wireless security you can require standards-based WPA2 encryption and decide if you will use PSK or EAP which require an authentication server. For an additional level of security you can mandate the use of SSL VPN to access company resources over the wireless network.

With this new wireless network you will also need to take into consideration the security of the traffic going into and out of the wireless network for both employees and guests. This may include adding content/web filtering as a way to limit access to sites that could contain malware, and scanning all traffic through a deep packet inspection engine to look for potential intrusions and malware-based attacks that could impact employee or guest devices.

Additionally, you will want to enforce application-level bandwidth controls on the wireless network to ensure employees and guests don’t consume all the Internet bandwidth watching HD movies or downloading content.

Now that you’ve read through some of the basic requirements for deploying a wireless network, it might be a good time to get in contact with your local reseller or partner who can help with the planning, deployment and ongoing management of your wireless network.

Three Reasons to Make The Jump to 802.11ac

Back in 2013 we started to hear about the next leap forward in wireless technology, 802.11ac. Then last year, we began to see WiFi-enabled products enter the market that integrated the new standard. Now, it’s getting harder to find the latest laptop, tablet or mobile phone that doesn’t come with 802.11ac as a standard feature. The previous wireless standard, 802.11n, will be phased out in the coming years. Given all this, is it time for your organization to upgrade its wireless access points (WAPs) to models that run 802.11ac?

The crux of the decision comes down to cost versus benefit. How much is it going to cost me to replace my existing WAPs or add new ones to my network? The answer is, it varies. You can purchase a low-end 802.11ac access point for a little over $100. On the other end of the spectrum a higher-end WAP can cost up to $1,000. Why the discrepancy? Pricing is based on the number of radios and antennas, quality of the internal components, software features and a few other factors. If you own a small- or mid-sized organization you probably don’t need all the bells and whistles. There are plenty of solutions that will allow you to take advantage of 802.11ac at a price that makes it worth your while.

Given the cost, what’s so compelling about 802.11ac WAPs that you should consider making the jump? After all, there’s a good chance most of the WiFi-ready devices accessing your network are still using 802.11n. Partly it’s planning for the future. It’s estimated that there will be more than 1 billion WiFi devices based on 802.11ac by the end of this year, and that number will only be going to grow. At some point you’re going to replace those old laptops and tablets and 802.11ac will be the only wireless option on the new devices. But what are the reasons that will really make it worth your while? Here are three.

  • Superior wireless performance – 802.11ac promises up to 1.3 Gbps of wireless throughout, 3x that of 802.11n. It’s likely you won’t see that level of performance since there are many factors that influence throughput. However there’s no denying the significant speed increase 802.11ac brings. Faster performance means faster access to information which translates into higher employee productivity. Not only that, it allows your employees to utilize higher-bandwidth mobile and collaboration apps such as streaming HD video and SharePoint without experiencing the same signal degradation you get with 802.11n.
  • Enhanced signal quality – Faster speeds are a great thing. So is having a high-quality wireless signal. The 802.11ac standard operates in the 5 GHz frequency band, which has fewer wireless devices competing for airspace and is therefore less prone to signal interference. In addition, 802.11ac uses wider 80 MHz channels and has more non-overlapping channels than 802.11n, which operates in the 2.4 GHz frequency band. Add these up and the result is better signal quality.
  • Backward compatibility – Like earlier wireless standards, 802.11ac is backward compatible. This means your 802.11a/b/g/n devices can still connect to an 802.11ac access point. So, if you have a significant investment in devices using these standards you’re in luck. Even better, if you choose an access point with dual radios and one of the radios supports 802.11ac, you can dedicate one radio to devices using 802.11ac and the other to devices running the older standards.

Making the move to wireless access points that support 802.11ac is going to cost you some money. Depending on your requirements, it doesn’t need to be that much. The performance benefits of high-speed wireless generally justify the expense and you’ll be setting your organization up for the future when every WiFi-enabled device you purchase comes standard with 802.11ac. SonicWall offers a family of high-speed 802.11ac wireless access points called the SonicPoint Series. Read more about how these secure, high-speed access points can help your organization.