Posts

5 Best Practices for Fast, Secure Wi-Fi on K-12 Campuses

When I was a high school student, bringing a smartphone into classrooms was not permitted. If you were caught with any electronic device, it would be confiscated. Pronto.

In this new digital era, schools are embracing this transformation everywhere. Classrooms are changing, with Wi-Fi being the primary form of internet access. Students, faculty and guests also use more than one device at a time, including laptops, tablets, wearables and smartphones. As the number of devices grow, it becomes critical to plan your K-12 networks effectively and future-proof it to be able to implement newer and safer technology.

If you’re expanding, upgrading or building a secure wireless network for K-12 campus or districts, review these five helpful best practices.

Plan for density

Secure Wi-Fi networks are often planned based on coverage. If the wireless signal simply covers a classroom it does not signify that it can actually handle the device density in that room. With students and faculty using multiple devices, the number of devices connected to a particular wireless access point increases. Ensure that you are prepared for max traffic density in your classroom — and across the entire campus.

How? As a first approach, ensure you have sufficient coverage and layer this with density. Use a site survey tool like the SonicWall WiFi Planner to make this process easier to visualize. Next, estimate where you find max device density, peak traffic and plan your Wi-Fi deployment around this.

Go cloud

More applications and functions are moving to the cloud (or are likely already there). For K-12 schools untethering Wi-Fi from their wireless controller or firewalls, the cloud offers powerful infrastructure and applications to simplify management and security.

By going this route, K-12 districts and schools have the flexibility to manage wireless security solutions from the cloud, scale limitlessly and also drive down TCO.

How? Transition to a cloud-managed wireless solution. The SonicWall wireless solution can be managed by the WiFi Cloud Manager, which is a scalable, centralized Wi-Fi network management system, simplifying wireless access, control and troubleshooting capabilities across networks of any size or region.

Accessible through SonicWall Capture Security Center (CSC), WiFi Cloud Manager unifies multiple tenants, locations and zones while simultaneously supporting tens of thousands of SonicWave wireless access points.

Single-pane-of-glass management

Managing multiple management dashboards is challenging as there is a high risk of things falling through the cracks. To avoid this and to streamline the process it is essential to have a single-pane-of-glass management system with real-time analytics to capture threats and abnormalities in your network. This type of management saves you time and helps you become proactive rather than reactive.

How? Empower yourself with the right management solution to govern your entire network security ecosystem from a single dashboard. Capture Security Center is a scalable cloud-based security management system that’s a built-in, ready-to-use component of your SonicWall product or service.

Capture Security Center features single sign-on (SSO) and single-pane-of-glass management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, mobile and cloud security resources.

Enable content filtering

Wi-Fi is an easy gateway for malicious attacks. It must be protected with the right encryption and security mechanisms. Create granular policies to ensure that students are protected against malicious and non-reputable websites.

How? Ensure that you enable content filtering on your network. SonicWall provides a Content Filtering Service (CFS) that compares requested sites against a massive database in the cloud containing millions of rated URLs, IP addresses and domains. It provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 50 pre-defined categories.

Future-proof with the latest technology

Ensure that you deploy the latest wireless technology in your schools. Future-proofing secure Wi-Fi is the best way to ensure that you get your money’s worth in the long term while providing the best user experience.

How? This does not mean you have to rip and replace your entire existing network. It could be a gradual approach, wherein you upgrade only critical units based on your needs. Build your network on the latest certified wireless standard: 802.11ac wave 2. Future-proof with wireless access points that are 802.11ac Wave 2-capable.

Adhering to these best practices will make your WiFi network efficient and secure — all while saving you time and money.

SonicOS 6.5, the Biggest Update in Company History, Delivers Powerful Security, Networking and Usability Capabilities

Keeping organizations running safely, while improving business and user productivity in today’s accelerating threat environment, continues to be a non-trivial task for IT leaders. At the current pace of cyber attacks, we understand all too well that the effects of recent events, such as the Equifax, WannaCry and NotPetya attacks, have demonstrated their capacity to change the global business environment from normal to total hysteria in the blink of an eye.

When news breaks on new data breaches, we see a surge in conversations with our SonicWall partner and customer communities about security and risk assessments. These engagements reinforce our development commitment to ensure every new product release delivers more tools and capabilities to protect their networks and data, and subsequently avoid the unnecessary breach.

Delivering on that commitment, I am thrilled to introduce SonicWall’s biggest firewall feature release in its history. SonicWall SonicOS 6.5 is packed with powerful security, networking and usability capabilities, and meets the security operation requirements of organizations of various sizes and use cases. SonicOS 6.5 focuses on empowering IT leaders and their security teams to:

  • Elevate their breach detection and prevention capacity
  • Manage and enforce security controls across the entire organization
  • Bring the latest in wireless speed, performance and security for cloud and mobile users
  • Scale firewall networking, connectivity and performance for uncompromised, uninterrupted network services

SonicOS 6.5 delivers the following customer-focused outcomes as part of SonicWall’s expanding Automated Real-Time Breach Detection and Prevention Platform.

1. Bolster breach prevention capabilities for wired, wireless and cloud-enabled network environments

  • SonicOS 6.5 includes 60-plus new features, nearly half of which focus on enabling the latest Wi-Fi standard, 802.11ac Wave 2, to deliver matching network security performance, connectivity and security between wired and wireless networks.
  • The combination of SonicWall firewalls and the new SonicWave 802.11ac Wave 2 series of wireless access points gives customers the assurance that their users have uninterrupted, secure and fast access to business services and resources over wired and wireless connections.
  • Built-in features, like Wireless Deployment Tools, greatly aid in planning and building a robust wireless infrastructure, while Band Steering, Airtime Fairness and others improve the overall wireless service quality and performance to give users a safe, productive wireless experience. This helps eliminate dropped connections and slowness anytime, anywhere and in any environment within the workplace. Moreover, Dynamic VLAN assignment segments wireless users based on their roles and group associations to prevent advanced threats from spreading.
  • SonicOS 6.5 expands the threat API capabilities to help customers establish a path toward security automation. Through greater firewall collaboration with third-party security ecosystem, the firewall can automatically pull external intelligence sources for threat detection and protection, and security policies enforcement. For example, our Dynamic Botnet List feature enables customers to program their firewalls to download private third-party lists that contain desired security information, such as malicious IP and URL addresses, that they want the firewall to block for additional threat coverage.
  • For distributed organizations that have offices operating on different network domains, the new multi-domain security management capability in SonicOS 6.5 helps them manage and enforce discrete security policies across those domains. Based on service levels, risk tolerance, compliance and/or legal requirements, administrators can apply identical security controls to all domains or specific policy to a single domain or group of domains. This flexibility helps reduce the attack surface, eliminate security gaps, isolate risks and prevent any lateral movement of backdoor, network-based attacks, such as WannCry and NotPetya.

2. Increase scalability and connectivity of the firewall system

  • Advances in Layer 2/3 network and connectivity help customers optimize system availability and performance, and scale the firewall to deliver uncompromised, uninterrupted threat protection for every connected network domain. Supported on all SonicWall next-generation firewall (NGFW) models, including the newest NSA 2650, SonicOS 6.5 also supports daisy-chaining and management of Dell X-Series switches, Virtual Wire Mode, Dynamic LAG using LACP and Equal Cost Multi-Path (ECMP).
  • Using multi-domain security management in conjunction with virtual wire mode gives customers the ability to micro-segment and manage their virtual networks. These also provide independent security management, policies, controls and scanning to each virtual network with its separate security zone.

3. Improve ease of use and firewall management

  • SonicOS 6.5 introduces a completely redesigned user interface (UI) for a fresh, productive user experience (UX). This new UI gives users an executive dashboard loaded with security, user and traffic information. It also offers an organized, familiar and easily-understood menu-driven security management console. The dashboard presents a consolidated view of the live firewall security environment. This view includes a threat index, security events and data, network performance and connectivity, and application and bandwidth usage. The intuitive UI lets users complete security tasks faster, and with greater ease, from a single-pane-of-glass.

Exertis and SonicWall Pave the Way for KCSiE Guidance and Safer Internet Day

Note: This is a guest blog by Dominic Ryles, Marketing Manager at Exertis Enterprise, SonicWall’s leading distributor in the United Kingdom. Exertis is committed to providing a range of channel focused services designed to enhance your current technical knowledge and expertise in the areas of IT Security, Unified Communications, Integrated Networks and Specialist Software.


The Internet is forever changing education. Opening up a world of opportunities and transforming how students learn. New technologies inspire children and young people to be creative, communicate and learn, but the Internet has a dark side, making them vulnerable with the potential to expose themselves to danger, knowingly or unknowingly.

On the 5th September 2016, the UK Government through the Department of Education (DfE) updated the Keeping Children Safe in Education (KCSiE) guidelines to include a dedicated section for online safety. This means that every school and college will need to consider and review its safeguarding policies and procedures, focusing particularly on how they protect students online. The guidance calls for effective online safeguarding mechanisms with a mandatory requirement for all schools and colleges to have an appropriate filtering and monitoring systems in place, striking a balance between safeguarding and ‘overblocking,’ and being conscious not to create unreasonable restrictions on the use of technology as part of the education process.

When we think of ‘inappropriate material’ on the internet we often think of pornographic images, or even access to illegal sites to download movies and music,  but due to the widespread access to social media and other available platforms, the Internet has become a darker place since it first opened its doors back in 1969. Physical danger from divulging too much personal information, illegal activity such as identity theft and participation in hate or cult websites can lead to cyber bullying, and radicalisation in the modern day school, thus making children and young people vulnerable.

Earlier this year, Exertis, in conjunction with SonicWall, set out on a mission to raise awareness of KCSiE through a series of online and offline activities to the channel. We first put together our comprehensive ‘Appropriate Web Filtering and Monitoring for Schools and Colleges’ guide, which to date has received an overwhelming response from our partner base. The guide provides our reseller partners with all the information they need to understand the statutory changes, and how the SonicWall and Fastvue security solutions can enable educational establishments to become compliant. Towards the latter part of 2016, we registered to support Safer Internet Day (SID) 2017, a day dedicated to raising awareness of online safety for children and young people. Already in its sixth year, Safer Internet Day is run by the UK Safer Internet Centre, a combination of three leading UK organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. It will be the first year both companies have supported Safer Internet Day and we have been busy raising awareness in our local community. We approached two schools; St Margaret Ward Catholic Academy and The Co-Operative Academy and commissioned them to produce a large canvas painting with the topic ‘What does the internet mean to you?’ Students and teachers from both schools will come together to create two canvas paintings depicting the good and the bad of the internet from their perspective. We have given the schools 4-weeks to complete the art project and will be revisiting both schools on Safer Internet Day, 7th February to meet with the students and teachers behind the project, provide a talk around e-Safety, and with it, hope to raise awareness of children and young becoming safe on the Internet.


About Safer Internet Centre.

The UK Safer Internet Centre are a partnership of three leading organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and last year reached 2.8 million children. To find out more. Please visit – https://www.saferinternet.org.uk/

About Exertis (UK) Ltd.

Exertis is one of Europe’s largest and fastest growing technology distribution and specialist service providers. We partner with 360 global technology brands and over 28,850 resellers, e-commerce operators and retailers across Europe. Our scale and knowledge, combined with our experience across the technology sector, enables us to continue innovate and deliver market leading services for our partners. To find out more, please visit our website – http://www.exertis.co.uk/

Wireless Firewall Solutions for Small Offices and Distributed Enterprises

If you are a small office, I have good news; the new SonicWall TZ Wireless Firewall Series now has integrated wireless. In an earlier life, the startup I was working for had a small compact office; it would be the perfect candidate for the integrated wireless product. For many, where the office is spread out or occupies multiple floors, the ability to use Access Points for an external solution would be the way to go.

Stay ahead of the threats with a product that reduces your threat surface with the security solution used by the big boys. If you are concerned that your security solution is not cutting it, now is the time to consider taking a look at the new TZ Wireless Firewall Series.

Why this is important for business owners

For the business owner, building the business is what commands your attention. Behind this is the absolute desire to avoid negative press associated with a data breach. Looking forward, the question remains “how do I use emerging trends to grow my business?” The new SonicWall TZ series gives you the confidence to grow your business and avoid embarrassing press. Security can help grow your business because a secure perimeter can be seen as a differential advantage, especially when working with enterprise customers.

Business owners are always dealing with tight budgets and look for ways to get the most out of their investment. No need to cut corners here. Both the wireless and wired products are not only affordable but over time deliver an impressively low total cost of ownership. With the TotalSecure bundle, combined with the wide range of product capabilities, the price to buy and the cost to own is something that should warrant investigation.

Over the past several years, SonicWall has invested in security to become the go-to provider of broad security solutions. With the SonicWall TZ products, there is a complete line of wired and wireless network security solutions that fit any type of business small to large. The TZ series enables businesses to achieve the same level of security on the wireless LAN that they have on their wired LAN through integrated wireless or by attaching an 802.11ac SonicWall SonicPoint wireless access point to the firewall. This high-speed “wireless network security” solution protects the WLAN by scanning wireless traffic for threats.

Why this is important for IT managers

For the small business, the IT department may be only one person. The focus is on maintaining a high performance network. The SonicWall TZ series can make the network more efficient by allocating the more bandwidth to important applications over the less important and unproductive apps. The moment you add remote or branch offices, the network becomes more complex. By deploying the same firewall across networks, the efficiencies found with one network expand to include all networks. Instead of complexity, you get simplicity.

Highly effective security can also make the life of an IT manger simpler as well. The security perimeter is much more robust when everyone has the same device and everyone can speak a common language. Our security engine is common to all of our products and has been recognized not only for security effectiveness, but value as well. Compared to Cisco we are more affordable; compared to Fortinet, we perform better; and compared with Palo Alto, we have a wider product offering for small businesses. With the multiple products we offer, there is a solution designed to fit your specific needs and your budget.

Network security is not a one shot event; it is a long-term race with many twists and turns. If you followed the Tour De France, you can see plenty of similarities. If you are going to wear the yellow jersey you need to be a leader but you also need a strong support team to help you can meet the challenges of the road ahead. In the security race that means that you need the latest technology and a strong team supporting you. Let SonicWall ‘s winning products bring a new level of performance to your security race.

Download eBook

Why Dual-Radio Wireless Makes Sense

You’ve decided to make the move to high-speed wireless. Maybe you’re upgrading to 802.11ac or you’re building a new wireless network from scratch. Either way, you’ve got to decide whether the access points you’re going to purchase will have a single radio or dual radios. If price is an issue, choosing an access point with only one radio will save you a little money. However is that the best decision for your wireless networking needs? Here’s why purchasing dual-radio access points makes financial and practical sense.

Dual-radio access points offer several advantages over those with a single radio.

  1. Extend your investment in 802.11x standards – An access point with two radios allows you to dedicate one radio to 802.11ac clients (laptops, tablets and smartphones) and the other to legacy 802.11b/g/n clients. If you still have a significant investment in devices supporting older wireless standards, a dual radio access point helps you extend that investment until you’re ready to upgrade.
  2. Use bandwidth-intensive services – Similarly, dual-radio access points allow you to dedicate one radio to services such as Voice over IP, streaming video and others that take up large amounts of bandwidth while your clients connect to the other radio without being negatively impacted by the services.
  3. Enhance wireless security – Having multiple radios enables you to enhance the security of your wireless network in two ways. First, you can use one radio for employees and provide them with access to internal resources while everyone else (guests, partners, etc.) connects to the second radio which offers internet-only access. Second, having a second radio allows you to use one for wireless intrusion detection and prevention scanning including scanning for rogue access points while the other is used to provide client access. Having only one radio would require all users to disconnect in order to perform the scan and then reconnect again later.
  4. Achieve better signal quality – The 802.11ac wireless standard operates in the less-crowded 5 GHz frequency band, providing better signal quality. Dedicating one radio to 5 GHz and the other to 2.4 GHz enables you to take advantage of the higher signal quality 802.11ac offers while still supporting legacy 802.11b/g/n clients over 2.4 GHz thanks to backward compatibility.
  5. Realize higher client capacities – Very simply, an access point with two radios allows you to have more WiFi-enabled devices connected at the same without experiencing signal interference.

Secure, high-speed wireless

If you have access points with multiple radios then you’re in position to realize the advantages listed above. If you’re looking at purchasing new access points, consider the benefits dual-radio solutions provide over those with a single radio. SonicWall offers several dual-radio access points as part of its SonicPoint Series. The SonicWall SonicPoint ACe and SonicPoint ACi feature two radios, one dedicated to 802.11ac and the other to 802.11n, while the SonicPoint N2 includes two 802.11n radios. Read more about the SonicPoint Series and how these secure, high-speed access points can help your organization.

Tips for Deploying Wireless in Your Small Business

As a product manager in the security industry I have the opportunity to travel all over the world. On my trips it’s been very rare that I’ll find a location that does not provide some sort of wireless access. Even the most remote locations that may have a small coffee shop, eating establishment or small gathering area offer WiFi. Today it should be a no brainer for businesses of all kinds to provide wireless access to employees and maybe even extend this to their guests.

Most employees use mobile devices such as laptops, smartphones and tablets. Looking at the latest laptop models online most, if not all, come standard with an 802.11ac wireless adapter and you would be hard pressed to find a smaller laptop that has a LAN network interface which does not require an additional dongle or add-on cable.

Now let’s look at what it will take to roll out a wireless deployment for a small business properly and securely.

To begin with, initiate a site survey for the building. This will help you figure out how many access points you will need to provide awesome wireless coverage throughout the structure. It will also enable you to determine whether there are any issues with walls, microwaves or anything else that may interfere with the wireless signal.

Next, decide if you want to provide guest access. If you do, you will need to understand the wireless security requirements you’ll need to enforce, such as setting up a virtual access point, enforcing the use of encryption or leaving the guest access open, but requiring authentication to a captive portal, similar to what airports may use before guests are able to access the internet.

For employee wireless security you can require standards-based WPA2 encryption and decide if you will use PSK or EAP which require an authentication server. For an additional level of security you can mandate the use of SSL VPN to access company resources over the wireless network.

With this new wireless network you will also need to take into consideration the security of the traffic going into and out of the wireless network for both employees and guests. This may include adding content/web filtering as a way to limit access to sites that could contain malware, and scanning all traffic through a deep packet inspection engine to look for potential intrusions and malware-based attacks that could impact employee or guest devices.

Additionally, you will want to enforce application-level bandwidth controls on the wireless network to ensure employees and guests don’t consume all the Internet bandwidth watching HD movies or downloading content.

Now that you’ve read through some of the basic requirements for deploying a wireless network, it might be a good time to get in contact with your local reseller or partner who can help with the planning, deployment and ongoing management of your wireless network.

Three Reasons to Make The Jump to 802.11ac

Back in 2013 we started to hear about the next leap forward in wireless technology, 802.11ac. Then last year, we began to see WiFi-enabled products enter the market that integrated the new standard. Now, it’s getting harder to find the latest laptop, tablet or mobile phone that doesn’t come with 802.11ac as a standard feature. The previous wireless standard, 802.11n, will be phased out in the coming years. Given all this, is it time for your organization to upgrade its wireless access points (WAPs) to models that run 802.11ac?

The crux of the decision comes down to cost versus benefit. How much is it going to cost me to replace my existing WAPs or add new ones to my network? The answer is, it varies. You can purchase a low-end 802.11ac access point for a little over $100. On the other end of the spectrum a higher-end WAP can cost up to $1,000. Why the discrepancy? Pricing is based on the number of radios and antennas, quality of the internal components, software features and a few other factors. If you own a small- or mid-sized organization you probably don’t need all the bells and whistles. There are plenty of solutions that will allow you to take advantage of 802.11ac at a price that makes it worth your while.

Given the cost, what’s so compelling about 802.11ac WAPs that you should consider making the jump? After all, there’s a good chance most of the WiFi-ready devices accessing your network are still using 802.11n. Partly it’s planning for the future. It’s estimated that there will be more than 1 billion WiFi devices based on 802.11ac by the end of this year, and that number will only be going to grow. At some point you’re going to replace those old laptops and tablets and 802.11ac will be the only wireless option on the new devices. But what are the reasons that will really make it worth your while? Here are three.

  • Superior wireless performance – 802.11ac promises up to 1.3 Gbps of wireless throughout, 3x that of 802.11n. It’s likely you won’t see that level of performance since there are many factors that influence throughput. However there’s no denying the significant speed increase 802.11ac brings. Faster performance means faster access to information which translates into higher employee productivity. Not only that, it allows your employees to utilize higher-bandwidth mobile and collaboration apps such as streaming HD video and SharePoint without experiencing the same signal degradation you get with 802.11n.
  • Enhanced signal quality – Faster speeds are a great thing. So is having a high-quality wireless signal. The 802.11ac standard operates in the 5 GHz frequency band, which has fewer wireless devices competing for airspace and is therefore less prone to signal interference. In addition, 802.11ac uses wider 80 MHz channels and has more non-overlapping channels than 802.11n, which operates in the 2.4 GHz frequency band. Add these up and the result is better signal quality.
  • Backward compatibility – Like earlier wireless standards, 802.11ac is backward compatible. This means your 802.11a/b/g/n devices can still connect to an 802.11ac access point. So, if you have a significant investment in devices using these standards you’re in luck. Even better, if you choose an access point with dual radios and one of the radios supports 802.11ac, you can dedicate one radio to devices using 802.11ac and the other to devices running the older standards.

Making the move to wireless access points that support 802.11ac is going to cost you some money. Depending on your requirements, it doesn’t need to be that much. The performance benefits of high-speed wireless generally justify the expense and you’ll be setting your organization up for the future when every WiFi-enabled device you purchase comes standard with 802.11ac. SonicWall offers a family of high-speed 802.11ac wireless access points called the SonicPoint Series. Read more about how these secure, high-speed access points can help your organization.