Archive for October, 2015

TalkTalk but no listen, listen.

Thursday, October 29th, 2015

At Net-Ctrl we’ve been banging on about how to minimise the impact of a data breach but still not enough companies are investing sufficient funds in making their data safe. And it’s not rocket science, really it’s not. I’d like an honest answer now, it’s just between the two of us; How many of you out there believe that your firewall/IDP/IDS systems will 100% stop a breach. Umm, as I thought, no one.

The way to make breaches less important is to kill the data….. Encrypt it, make it illegible to all but those who have access rights to it. And people do that, they do encrypt it but they leave the keys on an insecure server. So put the keys in a safe place, a Hardware Security Module (HSM).

You can call us on 01473 281 211, email us at sales@net-ctrl.com or go via our contact page and we’ll help plan your defence with you.

Data Breaches Prove Organisations Are Not as Secure as They Think

Wednesday, October 28th, 2015

Organisations-noy-as-Secure-as-They-Think

If organisations are going to win against today’s sophisticated data breaches they must balance their security focus between preventing malware, and stopping malware’s mission to steal data. iboss CEO and Co-founder, Paul Martini discusses how a new approach to cybersecurity can increase organisations’ security posture and keep them from becoming the next data breach headline.

Question: Security leaders often have what we might call an inflated sense of their own organisation’s ability to detect malware infection and data exfiltration. In your experience, what are they overlooking?

Paul Martini: Most organisations are focused on building thicker walls, or new mousetraps. Every time new technology comes out that allows them to detect malware in a different way, they jump on it. But at the end of the day, even the Great Wall of China has been compromised. What’s important is to examine the situation and ask yourself the right questions. It’s not just what you have in place to detect malware, but what is in place to detect the data that it’s trying to hijack. There’s a lot of technology and solutions with algorithms that focus on malware. They’re looking at command and control centre callbacks, intrusion prevention systems, and other preventive measures. But if you take a step back, you realise there’s a lot of data that doesn’t have a callback, or a destination that’s obvious. For instance, a cloud storage solution such as drop-box can host people’s data and it can also host an organisation’s data.

Question: So with all the attention that is given to cyberattacks now, why do you find that there remains such a wide gap between the time of malware infection and ultimate detection?

Paul Martini: First you have to accept that there’s always the possibility your network will be infected because there is no such thing as a 100% certainty about anything in life. There is going to be an instance when you do get compromised, so the time from infection to detection will never go to zero. That’s why focusing on the data is so important, including proactively monitoring your inbound and outbound traffic. You need to know if your outbound data is moving, for example, to a high risk country or region. Because if you’re not watching it, your offering a huge opportunity for hackers sitting in any part of the world to target your data. That’s really where their focus is and what they’re looking to do. Unfortunately, there are a lot of organisations with a legacy-type approach and they just continually build thicker armour. Then there are more progressive approaches to security, where organisations focus on detecting command and control centre callbacks. However, they are still focusing on finding the malware, asking, “Where is the malware on my network right now?” “Who downloaded the malware?” Questions like that. The most progressive organisations are looking at the data itself, the data that doesn’t have a fingerprint, which means there’s no key by which you can detect malware. This type of evasive threat is what allows infection dwell time to be much longer than it should be, resulting in more data leaving the network unnoticed.

Question: So let’s make this real to an organisation. Within that wide gap between infection and detection, what do you find to be the value of lost hours, lost days, and then the potential business impacts of that downtime?

Paul Martini: When you are talking about permanent data, meaning data not subject to change, there’s really no value you can put on it. People look at the direct victims, who are the people that the organisation sells to and services, but there are also many other victims. For example, there is the CIO’s job, the CISO’s job, the board, the organisation’s leadership, which can all be impacted. Then there is the problem of brand reputation, and the embarrassment a major data breach brings with it. The brand damage resulting from a breach not only affects consumer’s confidence in purchasing products or services, there is also the issue of losing the confidence of partners or other organisations with whom you do business. And even beyond that, consider a case like Sony where you have an organisation that was so impacted by the breach that they had to sell assets and get rid of departments that were completely unrelated to the breach or to making movies, in order to cover their losses.

Read the Entire Interview:
Malware from Infection to Detection: Closing the Security Gap to Reduce Data Exfiltration

If you’re concerned about how secure your organisation is, speak to Net-Ctrl about how the iboss platform can help you. Email us at sales@net-ctrl.com, call us on 01473 281 211 or go via our contact page.

Net-Ctrl is a UK based iboss reseller.

7 Reasons why you should consider upgrading to Wave 2 11ac

Monday, October 12th, 2015

802.11ac-is-here.
Wave 2 of 802.11ac is here and adding new capabilities that improve overall Wi-Fi system performance and capacity.

So don’t be put off by naysayers spewing FUD that Wave 2 APs won’t add immediate value to existing Wi-Fi infrastructures. They already have.

Wave 2 802.11ac-capable access points make more efficient use of the RF spectrum by getting clients on and off the medium faster, leaving more airtime for clients, even those that don’t support Wave 2 capabilities. Because Wi-Fi is a shared medium, reducing the time to serve even some clients will benefit all clients.

And as multi-user MIMO clients hit Wi-Fi networks this year, Wave 2 is capable of serving those clients simultaneously—allowing others the opportunity to access the RF spectrum sooner. It’s carpooling. If you can get people to carpool, even those who don’t carpool benefit because there are fewer cars on the road.

Having more spatial streams available to use also provides incremental value in the form of spatial diversity, regardless if the clients have one, two, or three spatial streams. More antennas improve MIMO by increasing reliability and signal quality, pushing data throughput closer to data rates.

The other obvious and BIG benefit that wave 2 provides is simple: investment protection. Customers are tired of having to architect and re-architect their Wi-Fi networks every couple years to accommodate the barrage of new devices with new features and functions that can’t benefit from their existing networks. Wave 2 effectively mitigates this risk, extending Wi-Fi refresh cycles.

But, maybe you’re still hearing the same tired message when companies want you to buy Wave 1 instead of Wave 2 saying: “Wave 1 is good enough; no need for Wave 2.” To help demystify a lot of the fear, uncertainty and doubt (FUD) that vendors are belching, here are some more detailed radio truths to help you in your buying decision.

1. Increased Wi-Fi Capacity with MU-MIMO

Looking closer, if there’s only one reason why Wave 2 makes sense now (and there’s much more) it’s this: MU-MIMO allows an AP to send downlink frames to multiple stations at the same time. This increases capacity compared with single user MIMO.

increased-mu-mimo
Historically, Wi-Fi was only capable of serving clients one-at-a-time. Slow devices consume extra airtime, and all devices served by that AP suffer as a result. This is especially true in mobile-rich deployments. And what networks aren’t packed with smart mobile devices today?

2. Better Transmit and Receive Performance

There may not be many 4×4 clients on the market this year, but adding radio chains helps improve reliability even if you have 1×1, 2×2, or 3×3 clients.

Adding more transmit radio chains improves downlink performance, especially for MU-MIMO. That extra transmitter provides more signal steering control and higher data rates with less interference.

Adding more receive radio chains also improves uplink performance. Using maximal ratio combining (MRC), the AP has the ability better hear signals on multiple antennas and in different polarisations (if the AP supports dual polarisation), combining those signals to ensure better reception. This is especially useful for single- or dual-stream clients with small antennas and weak transmit power (e.g. smart phones).

3. Legacy Clients Benefit

If you’re having a hard time seeing the benefit of MU-MIMO because some portion of your client devices won’t support MU, realise that every MU-capable client in your network ultimately benefits legacy clients (single-user, or non-MU) as well.

With 2-3x greater efficiency from MU, every extra bit of productivity gained is added to the airtime pool for other clients (especially legacy clients that need the boost) to utilise.
Su-MIMO-MU-MIMO

4. More Spatial Streams Helps Everyone

The number of spatial streams and the transmission bandwidth together indicate potential throughput performance and number of devices supported. Initial Wave 2 radio chips are 4×4:4 (4 transmit and 4 receive radio chains with support for 4 spatial streams), while most Wave 1 chips were 3×3:3.

While we all wait for four- stream Wi-Fi devices, more spatial streams provides unique benefits, particularly for wireless meshing. Wi-Fi meshing has always suffered from multi-hop throughput loss. With additional, higher bandwidth streams, APs should now be able to connected wirelessly at true gigabit wireless speeds.

5. Investment Protection

MU-MIMO client support is happening this year. In fact, MU-capable clients are already on the market. Many of the mobile device chipsets in devices used today are actually “multi-user ready” with a firmware upgrade. So, don’t be surprised if software upgrades this year enables widespread MU support with no need to buy new devices. And yes, MU-MIMO does require client support, so not all 11ac clients can use it. But MU-MIMO support in clients is a near-term reality.

MU-MIMO is a long-term investment – it’s simple myopia to defer Wave 2 because “no MU clients exist today.” And even a short-term AP investment spans 3 years, so why would we focus on client support in the market RIGHT NOW instead of forecasting client feature support 6 months from now? With that perspective, MU-ready APs make even a 4 or 5-year AP investment plan very reasonable.

MU-MIMO also adds margin for imperfect designs – a small contingency of Wi-Fi consultants and administrators are true experts at maximising spectral efficiency (proper channel reuse, AP location, Tx power, antenna choice, etc). Given the budget, time, building layout, and business requirement, they can fine-tune until Wi-Fi Zen is reached. For the rest of us, all performance features that offer margin to offset “best effort” designs are a huge help for maximising investment—and making network admins look like experts, even if they aren’t.

6. Newer Chipsets Bring Efficiency and Performance Gains

Every new generation of Wi-Fi chips comes with efficiency and performance improvements. Every new AP hardware revision is an opportunity to improve radio components, fine-tune the layout, enhance antenna subsystems, and generally improve performance. If you remember back when the first 11ac APs were coming out, the industry as a whole saw a marked performance increase even for 11n clients (specs didn’t change, but performance did). For all clients, expect new APs to enhance speed.

7. Impressive Power Efficiency

Unfortunately, when you add more radio chains, APs require more power.

With Wave 2, The Ruckus R710 is designed to provide full GHz 802.11ac functionality on 802.3at power, while offering a pretty sweet deal on 802.3af “efficiency mode.” We simply reduce 2.4 GHz radio output power to 25 dBm and disable the USB and second Ethernet port. That’s it.

And you won’t have to think about it. The new ZoneFlex R710 is smart enough to detect how it’s being powered. Whether by DC, 802.3at PoE, or 802.3af PoE, it automatically makes the necessary adjustments to maximise 802.11ac performance.

Other Considerations

Wave 2 will be slightly more expensive than current Wave 1 APs, so you can still buy Wave 1 if you are budget conscious. IT JUST may not take you as far.

And if you’re waiting around for Wave 2 because of the data rates promised by 160 MHz channels, don’t be fooled. Wide channels are the enemy of spectral efficiency in the enterprise. Most client devices won’t support 160 MHz, so there’s really no reason to want it…other than for suspect marketing claims like “fastest AP ever.”

And if you’re worrying about 802.11ac stabbing you in the backhaul, don’t.

For an AP to require more than Gbps the situation would need to be highly unusual, if not completely unlikely. This would mean a 4 spatial stream 802.11ac WiFi client running 80 MHz channels and an 802.11n 3 spatial stream client (on a 40Mhz wide channel) all using the AP at the same time, Keep in mind there currently doesn’t exist 4 spatial stream WiFi clients (but they ARE coming), and given the limited channels available, you’d never want to set the 2.4GHz radio to 40 MHz wide channels So given the real world device and traffic mix, you’ll rarely need more than 1 Gbps uplinks for Wave 2 APs. Even if you do, link aggregation is there to help.

View the original article at The Ruckus Room.

If you have any questions about the content of this article, or would like to discuss Wave 2 in greater detail, please contact us by phone on 01473 281 211, email us at sales@net-ctrl.com or via our contact page.

Cause a Ruckus the Right Way. Cause a Ruckus with Net-Ctrl

Unhappy with your WebFilter?

Wednesday, October 7th, 2015

iboss-Education-competitive-swap-out

Are you unhappy with your current WebFilter solution?

Net-Ctrl is an established iboss reseller and over the last few months we have been replacing a lot of competitive solutions. Our current customers have found iboss to be easier to use than the market leaders (you know who they are!) that the solution creates less false positives, and is much faster on high speed (100Mbps +) networks.

If you’re currently not happy with your WebFilter, or would just like some more information on other solutions in the market, we would like to invite you to a one-on-one webinar with an iboss specialist to get a better understanding of the solution.

On your private webinar they will go through the iboss offering, provide a tour around the dashboard, discuss how it compares to other products on the market and answer any questions.

In addition, we’re currently offering some great discounts into education, for some ideas on pricing please get in touch.

If this is of interest, email sales@net-ctrl.com, call us on 01473 281 211 or go via our contact page with some suitable times and dates and we will aim to accommodate your schedule.

Ruckus Unleashed – The New Controller-less WiFi Solution from Ruckus

Wednesday, October 7th, 2015

ruckus-unleashed
Ruckus has just released a new way to do WiFi in smaller sites that have limited budgets and limited IT resources. They call it Ruckus Unleashed.

Ruckus Unleashed is a controller-less Ruckus solution whereby one AP acts as a Master AP that runs ZoneDirector code and manages your solution. The entire solution can be deployed in minutes and configured in just 60 seconds.

This solution is capped at 25Aps and is currently only available with the R500 and R600 APs, however you can leverage your existing Unleashed investments to seamlessly upgrade to the controller-based management platform.

Now you can take advantage of smart Wi-Fi, controller-less

Features:
Simple Deployment

  • Deploy easily with no controller
  • Configure a new Wi-Fi network
  • Network investment protection

  • Reduce your total cost of ownership
  • Forward compatible with all future Ruckus architectures
  • Optimal Wi-Fi user experience

  • Deliver a reliable Wi-Fi experience to your customers
  • Increase your network performance and capacity with Ruckus proprietary technologies such as BeamFlex+ and ChannelFly
  • Enhance your customers’ experience

  • Drive customer engagement by deploying a high RF performance network
  • Leverage a wide range of guest access services such as: Captive portal, Email/SMS Guest Pass, Custom Logo, and Hotspot
  • ZeroIT enables easy on-boarding of multiple guests simultaneously
  • For more information email sales@net-ctrl.com, call us on 01473 281 211 or go via our contact page.