Posts

What is MU-MIMO wireless technology?

Did you know that wireless technology dates back to the 19th century? Through the years, great inventors like Michael Faraday, Thomas Edison and Nicola Tesla helped mold the concepts and theories behind electromagnetic radio frequency (RF).

It wasn’t until 1997, however, that the first 802.11 technology was introduced, which is known as the 802.11 legacy standard today. Since then, each new standard either introduced new technology or significantly improved over an older one.

The same holds true for 802.11ac technology. 802.11ac Wave 1 offered a significant enhancement over its predecessor, 802.11n. 802.11ac Wave 1 provided higher channel bandwidth and a new modulation scheme, significantly increasing the max data rates.

The Wave 2 wireless standard

Technology is always replaced and improved upon. Here, 802.11ac Wave 1 technology was replaced by today’s 802.11ac Wave 2 technology. With technologies like the Multi-User Multiple Input Multiple Output (MU-MIMO), increased channel width and more spatial streams (SS) than ever before to make Wave 2 technology a game-changer. Even though the theoretical maximum data rate as per the Wave 2 standard is 6.9 Gbps (8SS AP), the theoretical maximum with a 4SS access point (AP) is 3.5 Gbps.

Specs802.11n802.11ac Wave 1802.11ac Wave 2
Frequency band2.4 GHz and 5 GHz5 GHz5 GHz
MIMO supportSU-MIMOSU-MIMOMU-MIMO
Max channel width40 MHz80 MHz160 MHz
Max Spatial streams448
Modulation64-QAM256-QAM256-QAM
Beamformingimplicit and explicitexplicitexplicit
Backward compatibility11a/b/g11a/b/g/n11a/b/g/n
Max data rates600 Mbps1.7 Gbps6.9 Gbps

Compare the evolution of wireless capabilities from 802.11n to today’s Wave 2 standard.

What is MU-MIMO and how is it different from SU-MIMO?

MU-MIMO is a Wave 2 technology. With Single User Multiple Input Multiple Output (SU-MIMO), the AP is able to talk to only one client at a time. However, with MU-MIMO technology the AP can now transmit up to four devices at a time in the downstream direction.

Talking to more devices in a single transmission decreases airtime, increases efficiency and delivers a better user experience. For MU-MIMO to work, both the AP and the client must support the technology. Since the 11ac Wave 2 technology is backwards-compatible, if the Wave 2 AP has to transmit to a Wave 1 device it will fall back to the Wave 1 technology and use SU-MIMO to transmit.

MU-MIMO improves wireless speed, performance

Faster data transmission with MU-MIMO improves efficiency and ensures more airtime for all clients.  802.11ac Wave 2 enhancements lead to faster data rates, providing higher throughputs, better performance and user experience.

With a 4SS AP, operating on 160MHz channel, sending data to a 3SS client device, the maximum data rate that can be achieved is 2.6 Gbps. However, this is the maximum theoretical data rate. For reference, the latest Apple MacBook Pro is a 3SS 802.11ac Wave 1 device. The MacBook Air is a 2SS 802.11ac Wave 1 device and the Galaxy S3 is a 1SS 802.11ac Wave 1 device.

Overall, MU-MIMO increases network capacity and throughput. This allows the wireless network to meet the rising demand for data-hungry applications. Since the wireless access point can talk to multiple devices at the same time, the number of devices in the queue decreases, resulting in reduced wait time and latency. Increase in the overall network capacity and reduced latency benefits not just the Wave 1 and Wave 2 devices, but also the legacy clients. More than one client is needed to take advantage of MU-MIMO.

Specs1SS2SS3SS4SS
4SS, 80MHz43386713001733
4SS, 160MHz867173326003466

Wave 2 access point data rates in Mbps with different client types.

What happens during MU-MIMO transmission?

A MU-MIMO-capable AP sends a sounding signal to the client devices in the network. Each of the clients sends back a Channel State Information (CSI) based on the information it receives from the sounding signal. The AP calculates the phase and signal strength based on the CSI it receives from each client and selects the MU-MIMO-capable devices that can be grouped in one transmission.

Does MU-MIMO rely on any external factors?

Yes, MU-MIMO relies heavily on multipath and beamforming. Multipath is the process of two or more signals reaching the client at the same time or within nanoseconds of each other. Multipath happens due to RF barriers like walls, metal surfaces and concrete that cause the signals to reflect, refract, etc. Beamforming, however, directs the signal in the direction of the client.

Is it the right time to buy 802.11ac Wave 2 or should I wait for 802.11ax?

According to multiple analyst sources, the Wi-Fi market is not slowing down. For instance, IHS forecasts 11ac Wave 2 technology to increase 12 percent annually for the next three years. There are a number of Wave 2-capable devices in the market today and this will increase in the near future.

Should you wait for 802.11ax? The answer is simple: no. You are looking at a couple of years for the full-fledged adoption of 11ax products. The standard in itself is expected to be ratified in late 2019 after which it needs to pass interoperability testing by Wi-Fi Alliance.

Once manufacturers release 11ax-capable APs that are certified by the Wi-Fi Alliance, mainstream adoption will occur, which is expected to be around 2020. At the same time, 11ax-capable client devices are required to reap the full benefits of the 11ax network. For the next couple of years, 11ac Wave 2 technology will remain the next-gen wireless connectivity standard.

Where can I buy Wave 2 wireless access points?

SonicWall SonicWave Wave 2 access points (432i/432e/432o 802.11ac) provide all the benefits of Wave 2 technology. You can expect superior performance and reliability with these access points. MU-MIMO technology enables SonicWave 400 series access points to transmit up to four devices at the same time.

To implement best practices in wireless networking and wireless security, download our complimentary technical brief, “SonicWall Wireless Network Security.” Learn how SonicWall wireless network security solutions can alleviate performance and security concerns, enabling you to extend your business network without jeopardizing its integrity.

Wireless Security: Why You Need to Take It Seriously In 2018

When waves of cyber attacks hit last year, such as WannaCry and Not Petya ransomwares, businesses lost billions of dollars in high-profile breaches. In addition, more than half of the U.S. population’s Social Security information was compromised in the Equifax breach. It was a record-breaking year.

Perhaps the only good that came out of these fiascos is that users became more aware of the importance of cyber security. But it is no longer sufficient to only care about wired network security. Organizations and businesses also have to pay attention to other aspects of security, such as physical security and wireless security.

In line with multiple cyber security forecasts, such as our 8 Cyber Security Predictions for 2018, organizations need to watch out for more sophisticated attacks in 2018. According to the Wi-Fi Alliance, more than 9 billion wireless devices will be used in 2018. Gartner forecasts connected devices to rise from 11 billion in 2018 to over 20 billion by 2020. With the proliferation of wireless-enabled and IoT devices, wireless network security is vital.

However, not all wireless security solutions are equal. Last year, for example, many dealt with KRACK (Key Reinstallation Attack), which leveraged a WPA2 vulnerability that could lead to man-in-the-middle attacks. While many wireless vendors suffered this vulnerability, SonicWall wireless access points were not vulnerable.

How do I choose a wireless security solution?

It can be easy to get drawn in by sales pitches that show you pretty dashboards, features that you don’t need or seldom use, or super-expensive gear that you pay a premium for just because of the brand name.

Instead, take a step back and think of what you really should care about: a Wi-Fi connection that actually works with unfaltering security. Make sure you are committing yourself to a vendor that takes security, user experience and reliability very seriously.

How can I make my Wi-Fi secure?

Organizations, small- and medium-sized businesses (SMB) and individual users can implement cyber security best practices to drastically reduce Wi-Fi vulnerabilities.

  • First and foremost, make sure that you are not broadcasting an open SSID (how others see and connect to your wireless network)
  • Adjust the transmit power on your access points to serve just the area of coverage that is required
  • For corporate networks, separate guest users from internal users
  • Turn on rogue detection and ensure that firewall settings, such as DPI-SSL/TLS are enabled on your network
  • To further improve security, add a firewall to your network

Wireless is an overlay to your wired network. Adding a firewall with an integrated wireless controller capability to your network will further enhance the security of your entire network. The benefits of adding such a firewall include:

  • Complete management of wireless and wired infrastructure
  • Granular application identification, control and visualization
  • Discover and block advanced threats and vulnerabilities
  • Improved security posture and performance that scale to your business requirements

Though there are many wireless security features that can enhance your wireless security, some are more critical than others. Basic functionalities like Wireless Intrusion Detection System (WIDS) and Wireless Intrusion Prevention System (WIPS) must be supported across wired and wireless infrastructure.

Others cyber security capabilities, like application control, content filtering and deep-packet inspection (DPI) even over encrypted traffic, are all essential.

Adding multi-layered security protection to your overall network infrastructure will help minimize network breach success. In order to support the next-generation mobile workforce, BYOD and ability to implement wireless guest services is significant. Site tools can be used to survey wireless signals to optimize the required area of coverage.

These wireless security capabilities, coupled with single-pane-of-glass management, makes it effective and efficient for network admins to have visibility into the network and detect threats on a real-time basis.

Should I buy a SonicWall wireless access point?

SonicWall is a pioneering leader in cyber security, providing seamless security and comprehensive breach detection across wired, wireless, cloud and mobile networks. Best-in-class security latest 802.11ac Wave 2 technology, and an attractive price point make SonicWave wireless access point solutions a sound choice for organizations of all sizes and industries.

[foogallery id=”5554″]

SonicWave wireless access points come in three options:

  • SonicWave 432i (internal antenna version)
  • SonicWave 432e (external antenna version)
  • SonicWave 432o (outdoor access point)

The SonicWave 432 Series comes with a built-in third radio for dedicated security scanning. While many companies provide security and wireless products, SonicWall offers a true end-to-end secure wireless solution.

Need more information about wireless access security? Read our executive brief, “Why You Need Complete Wireless and Mobile Access Security.” Together, let’s make sure your network is ready to face these challenges, and create a fail-proof network for a secure, next-generation user experience.

Are there KRACKs in Your Wireless Network Security?

Information and recommendations on protecting your wireless deployment

On October 16, 2017, Belgian security researchers made public their findings that demonstrated fundamental design flaws in WPA2 that could lead to man-in-the-middle (MITM) attacks on wireless networks.

Named KRACKs, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the WiFi standard. Based on their research, CERT issued a series of CVEs to address this flaw, and most vendors affected have issued patches as of this writing.

More details on these vulnerabilities are available on the researchers’ website at www.krackattacks.com.

Are SonicWall wireless solutions vulnerable?

SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable. No updates are needed for SonicWall wireless access points or firewalls with integrated wireless.

What can I do to protect my wireless network?

Whether or not you are a SonicWall wireless network security user, we do recommend that you take immediate action to minimize the risk presented by these vulnerabilities.  We advise the following:

  • Patch all of your WiFi clients, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from your client vendors. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
  • If you are not a SonicWall wireless customer, check with your vendor to determine if you need to patch your wireless access points and/or routers. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources. Again, if you are a SonicWall wireless customer no updates to the access points are needed.
  • Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall. For SonicWall customers, we recommend the following:
  • Advise your users to transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
  • The new SonicWall SonicWave series includes a dedicated third radio for scanning.  For SonicWave wireless users, we recommend that you turn on the wireless intrusion detection feature that allows you to block traffic from rogue access points (specifically in this case an evil twin).  This will ensure that the third radio is continually scanning for these types of attacks in real-time.
  • Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
  • One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.

SonicWall believes that IT must be able to provide secure, high-speed access for the organization across both the wired and the wireless network, especially as Wi-Fi becomes more of a necessity and less of a luxury. However, cyber criminals are racing to leverage wireless to initiate advanced attacks.

SonicWall can help you extend breach prevention to your wireless network. SonicWall’s wireless network security solution provides deep packet inspection for both unencrypted and TLS/SSL-encrypted traffic along with a cloud-based, multi-engine Capture sandbox and a complete lineup of centrally managed SonicWave 802.11ac Wave 2 wireless access points.

To learn more, visit SonicWall Wireless and Mobile Access solutions.

Wave 2 Wireless Standard Powers SonicWall’s New High-Performance SonicWave Access Points

Over the past few months, Verizon has launched a series of television ads in which the main character utters the line, “Right plan, wrong network.” The actor saying the line is talking to another character who is clearly having an unhappy experience with his/her cellular connection. If you own a mobile phone, it’s likely you’ve gone through something similar at one point.

While the focus is on cellular in this case, the same can be said for Wi-Fi. It’s all about the user experience. Slow wireless performance is a big turn-off. If you’re providing wireless connectivity to employees, customers, students or guests, odds are you’ve heard complaints about the performance of your wireless network at some point.

Of course, there are a number of factors that impact the quality of the wireless connection, such as physical objects, proximity to an access point and, if you’re outdoors, weather. None of this matters to Wi-Fi users, however. They just expect to have lightning-fast connectivity.

The Wave 2 Wireless Standard Is Here

Something else that affects performance is the technology behind the wireless signal. If you’re like me and still have an iPhone 5 that only supports the 802.11n wireless standard, you’re not expecting much. However, if you have a more modern phone you can take advantage of the faster 802.11ac standard, which has been around for the past five or so years.

This assumes the access point (AP) you’re connecting to also supports that standard. Times are changing once again and the new standard is 802.11ac Wave 2, which promises multi-gigabit wireless performance.

In fact, we’re right in the middle of the transition to Wave 2 technology, which means more client devices (e.g., phones, laptops, tablets, etc.) that support the new standard are coming to market along with Wave 2 wireless access points. To take advantage of the faster speeds, both the client and access point must support Wave 2.

Introducing SonicWave Wireless Access Points

Given the seemingly universal use of wireless in retail stores, schools, doctors’ offices and other locations, and the need for high-speed connectivity, SonicWall is extending its portfolio of wireless products with the introduction of a series of 802.11ac Wave 2 wireless access points.

The SonicWave series features two indoor access points, the 432e and 432i, and one outdoor access point, the 432o. All three models are built on the idea of delivering an exceptionally fast, secure and reliable wireless experience.

SonicWave access points support the 802.11ac wireless standard, so they’re able to take advantage of performance and reliability features such as Multi-User MIMO (MU-MIMO), which enables simultaneous transmission from the access point to multiple wireless clients instead of just one.

A built-in 2.5 GbE port eliminates the need for multiple 1 GbE ports to facilitate multi-gigabit throughput. For enhanced reliability, beamforming focuses the wireless signal on an individual client instead of spreading the data transmission equally in all directions.

Wireless Security, Speed

From an organizational standpoint, providing high-speed wireless is essential. It enables the use of bandwidth-intensive apps and faster sharing of data. Securing that data as it travels across the wireless network is equally important.

SonicWall’s solution to the need for wireless security and speed is something we call Wireless Network Security, which combines SonicWave access points with our next-generation firewalls, such as the NSA series.

All inbound and outbound Wi-Fi traffic is scanned by the SonicWall firewall’s high-speed deep packet inspection (DPI) engine, including TLS/SSL encrypted connections, so threats such as ransomware and intrusions are removed. Unknown files are analyzed by our Capture Advanced Threat Protection service to eliminate zero-day threats.

Other security and control capabilities, such as content filtering, application control and intelligence, can be run on the wireless network to provide added layers of protection. The solution also integrates additional security-related features, including wireless intrusion detection and prevention, virtual access points and wireless guest services.

How else can SonicWall help you provide a fast, reliable and secure wireless experience?

  • Dedicated third security radio – Continually scan the wireless spectrum for rogue access points without impacting performance using the SonicWave access point’s third radio, something very few Wave 2 access points on the market provide.
  • MiFi Extender – Attach a 3G/4G/LTE modem to the SonicWave access point for use as either the primary wide area network (WAN) or as a secondary failover WAN link for business continuity.
  • Bluetooth Low Energy (aka Bluetooth Smart) radio – Use industrial, scientific and medical (ISM) applications for healthcare, fitness, retail beacons, security and home entertainment over a low-energy link.
  • AirTime Fairness – Distribute air time equally among connected clients, ensuring faster clients get more data in their time while slower clients receive less.
  • Band steering – Steer dual-band clients to connect automatically to the less-crowded 5 GHz frequency band, leaving the more-crowded 2.4 GHz frequency for legacy clients.

Wave 2 wireless technology is here and with it comes the promise of a faster and better user experience. To learn more about how the SonicWall SonicWave series can help you provide that experience, explore the new SonicWave series on our website.

Meet the New SonicWall NSA 2650 Next-Gen Firewall – Where Faster Meets More Secure

Today I am excited to share the new addition to SonicWall’s NSA product family of Next-Generation Firewalls, the NSA 2650.  Three key trends form the design drivers for the new NSA 2650

  1. Wireless Devices Explosion – The demand for increased bandwidth from wireless networks is constantly on the rise with the growing number of wireless devices used per person. The wireless industry is going through waves of transformation (pun-intended) to support the requirement for more bandwidth. With the latest 802.11ac Wave 2 wireless standards opening the door for multi-gig WiFi performance there is a strong need for switches and firewalls that connect to wireless access points to support these faster speeds without increasing the cost to the network infrastructure.
  2. Multi-gig Campus Requirements – Campus/branch networks require technology trend adoption without adding significant costs to the network infrastructure. For example, switches and firewalls supporting wireless access points must be able to do so with existing the Cat5e/Cat6 cabling infrastructure.
  3. Encrypted Traffic Surge – The trend towards Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption has been on the rise for several years. Articles on the use of SSL/TLS encryption typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Capture Labs Threat Research team shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. As vendors such as Google, Facebook, Twitter and others continue to move to HTTPS, we expect the use of HTTPS to increase. So, organizations now require a secure platform to protect their network from the sophisticated encrypted threats that evade the traditional security mechanisms. 

The NSA 2650 firewall is aimed at campus and branch networks that must secure their environments against the growing number of threats looking for new ways to burrow into networks. The new NSA 2650 firewall is the first branch and campus firewall to deliver automated real-time breach detection and prevention, as well as TLS/SSL decryption and inspection, over multi-gigabit wired and 802.11ac Wave 2 wireless networks. The SonicWall NSA 2650 represents the continuing evolution of SonicWall’s vision for a deeper level of network security without a performance penalty. More than simply a replacement for its predecessor, the NSA 2600, the NSA 2650 addresses the growing trends in web encryption and mobility by delivering a solution that meets the need for high-speed threat prevention.

The NSA 2650 is a 1U-device powered by four cores that provide the processing power necessary to support the compute-intensive deep packet inspection services such as:

  • Intrusion Prevention
  • Anti-Virus
  • Anti-Spyware
  • TLS/SSL inspection and decryption
  • Application Visualization
  • Application Control, Botnet detection
  • Geo-IP identification
  • Anti-Spam
  • User Identification and Advanced Threat Protection

Real-Time Inspection of SSL and TLS Attacks:

Unlike competing firewalls that perform well only with unencrypted connections, the NSA 2650 is built to support the need for more TLS/SSL inspection connections. The NSA 2650 features an unmatched number of encrypted web connections, up to 12,000 and performs deep packet inspection on each connection after first decrypting the traffic.

To protect against more advanced threats such as unknown and zero-day attacks that are concealed in encrypted web traffic, the NSA 2650 utilizes Capture, SonicWall’s cloud-based multi-engine sandboxing service that runs on the firewall. Suspicious files are sent to the award-winning SonicWall Capture service for analysis before rendering a verdict.

The NSA 2650 is a high-port density firewall that features 4×2.5-GbE SFP, 4×2.5-GbE, and 12×1-GbE interfaces with a dedicated management port. In addition to the multi-gigabit ports, high-speed processors and robust onboard memory, the NSA 2650 includes additional hardware enhancements that make it the ideal NGFW for mid-sized organization and distributed enterprises. An optional second power supply is available in case of failure for added redundancy. To help with scalability, the NSA 2650 includes two expansion slots. One is pre-populated with a 16 GB storage module to support features including logging, reporting, last signature update, backup and restores and more. The second slot provides flexibility to add future feature and physical capability expansion. Expandable in the future with additional modules, this versatile, high-port density firewall platform has the capacity to evolve through firmware updates to keep ahead of threats such as ransomware and intrusions.

With the NSA 2650, SonicWall yet again adds a ground-breaking security product to its portfolio. Combined with new 802.11ac Wave 2 SonicWave wireless access points, SonicWall creates a high-speed wireless network security solution that provides wireless users with an enhanced mobile experience.

Our latest firmware release, SonicOS 6.5, has more than 60 new features, and provides support for NSA 2650 hardware platform where faster meets more secure without any compromise on performance to all traffic including encrypted traffic.

Test drive the new NSA 2650 on SonicWall live demo: https://livedemo.sonicwall.com