Sophos Mesh Network



How to set up a Mesh Network with a Sophos Access Point 50 'A Wireless Repeater is a Mesh access point which broadcasts wireless networks. That means it uses a wireless connection (the Mesh network) to connect to the UTM, while offering other wireless connections.' Sophos UTM: How to setup a wireless mesh network; Sophos XG Firewall: How to setup a wireless mesh network; Sophos Central: How to setup a wireless mesh network. Sign up to the Sophos Support Notification Service o get the latest product release information and critical issues. Previous article ID: 127948.

Sophos Wireless: Wi-Fi Fundamentals

Jelan explains fundamental knowledge required to deploy Sophos Wireless Access points, to avoid problems like slow or inconsistent Wi-Fi.
Timestamps:
00:00 Overview
00:29 Wireless Fundamentals
04:21 Network Requirements
09:18 Site Surveys/Heatmaps
10:53 Additional Considerations
12:04 More info
Sophos Wireless recommended reads:
https://community.sophos.com/products/sophoswireless/f/recommended-reads/121021/sophos-wireless-wi-fi-fundamentals
Sophos Central Wireless: FAQ
https://community.sophos.com/kb/en-us/125337
Wireless Access Points Tech Specs:
https://www.sophos.com/en-us/products/secure-wifi/tech-specs.aspx
Sophos Wireless Access Point: How to do a site survey:
https://community.sophos.com/kb/en-us/133772
Sophos Central Wireless: Creating Sites:
https://www.sophos.com/en-us/medialib...
Creating Mesh Networks:
https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosCentral/ctrl_WirelessCreatingSites.pdf
Join our Sophos Community!
https://community.sophos.com
Have a suggestion for a new video? Please visit our User Assistance forum on the Community to share your idea! https://community.sophos.com/products/feedback-on-user-assistance/

Embed

Choose your embed type above, then paste the code on your website.

The internet was designed to be resilient and decentralized. Its multiple, redundant pathways between any two network nodes and its ability to accommodate new nodes on the fly should enable it to keep carrying data in the face of blocked nodes, censorship from repressive regimes or natural disasters.

However, its implementation has far diverged from its original design, with ISPs now holding the reins of the highly-centralized platform into which the internet has evolved.

Nowadays, each end user/node is stuck at the end of an isolated cul-de-sac. With the flip of ISPs’ switches, an overwhelming majority of a country’s nodes go dark.

Which is exactly what happened to protesters in Egypt when they were plunged into digital darkness after the country’s regime made some five phone calls to ISPs in the early hours of 28 January 2011.

The easily-persuaded ISPs pulled their plugs, disabling 93% of the country’s internet access within a mere 28 minutes.

This is all detailed in a fascinating article by Julian Dibbell in the March issue of Scientific American.

Wireless

In the article, Dibbell delivers an account of how Egypt’s internet shutdown was “an object lesson in the internet’s vulnerability to top-down control,” with a shutdown that was “alarmingly instructive and perhaps long overdue.”

The Egyptian cutoff is only the starkest of a growing number of examples of how vulnerable the internet has become to top-down control, writes Mr. Dibbell:

During the Tunisian revolution the month before, authorities had taken a more targeted approach, blocking only some sites from the national internet. In the Iranian post-election protests of 2009, Iran's government slowed nationwide internet traffic rather than stopping it altogether. And for years China's 'great firewall' has given the government the ability to block whatever sites it chooses. In Western democracies, consolidation of internet service providers has put a shrinking number of corporate entities in control of growing shares of internet traffic, giving companies such as Comcast and AT&T both the incentive and the power to speed traffic served by their own media partners at the expense of competitors.

In the face of an internet that can be controlled all too easily by corporations and regimes, activists are building alternative mesh networks that can never be blocked, filtered or shut down.

These networks often amount to what’s called an “internet in a suitcase”.

For example: FunkFeuer, a mesh network in greater Vienna, relies on 200 small, weatherized Wi-Fi routers on rooftops, each owned and maintained by the user who installed it, and each contributing bandwidth to a communal, high-speed internet connection throughout the city.

It costs nothing more than the $150 hardware setup, which amounts to what FunkFeuer co-founder and lead developer Aaron Kaplan refers to as “a Linksys router in a Tupperware box, basically.”

But can mesh networks replace the current set up?

Even committed supporters of mesh networking don’t anticipate that its promise of low-cost, do-it-yourself internet access could or should force ISPs out of the market. Jonathan Zittrain, a Harvard Law School professor and author of The Future of the Internet: And How to Stop It, told Scientific American that the centralization of ISPs has real benefits, including ease of use.

Sophos User Portal

The magazine also quotes Ramon Roca, founder of Guifi.net, who doubts mesh networks could ever take much more than 15 percent of the market from the ISPs.

With that low level of penetration, however, mesh networks can serve to “sanitize the market,” Roca said, bringing the internet to low-income households and exerting downward price pressure on ISPs.

We can’t rely on market forces, nor widespread adoption due to ease of use; that makes government the next logical place to turn, Mr. Dibbell writes.

Whereas wireless mesh would serve the public good by delivering a network resistant to surveillance and censorship – things the network interprets as damage – the payoff for government would be in creating a communications channel that would route around actual damage, such as hurricanes, earthquakes or other natural disasters.

In those terms, it’s easy to imagine national security and law enforcement as being proponents of mesh.

But as Mr. Dibbell points out, it’s just as easy to imagine such entities distrusting a national mesh network, given that it’s outside the realm of surveillance and beyond earshot of the telephone and ISP companies that enable surveillance.

He writes:

Agent

Such are the complications of counting on government to support mesh networking when it is governments, often enough, that do the kind of damage mesh networks promise to help fix.

But we must bear in mind: surveillance actually does come in handy when you’re talking about cybercriminals and terrorists. As such, we could rightly wonder what the security situation might look like in a network independent of the watchful eye of ISPs and telephone companies.

As it turns out, security will likely be as do-it-yourself as the hardware, protocols, scripts and other technologies the activists are now hammering out.

For their part, those working on Eben Moglen’s FreedomBox mostly agree that it should serve as a web proxy to clean up and protect web traffic.

At this point, FreedomBox has posted a first draft of Privoxy, free software licensed under the GNU GPLv2 that serves as a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other “obnoxious internet junk.”

Sophos Wireless Mesh Network

According to the FreedomBox site, Privoxy upgrades web traffic to prefer SSL encryption wherever possible. It also strips tracking software from web pages to provide greater privacy and anonymity to web surfers.

Future FreedomBox work will include a script to test HTTPS Everywhere rules. HTTPS Everywhere is a Firefox extension that ensures communications with a number of major websites are encrypted.

While the FunkFeuer Free Net in Vienna does maintain a list of known vulnerabilities, the group’s policy is that the onus for security lies with each node operator.

Their policy, as tweaked a bit from a kludgy translation:

The Beacon IT security team helps the beacon node owners to maintain a safe and virus/Trojan/worm-free network (and thus a well-functioning network). This is done mainly by warnings and alerts . We will not directly help individual node owners to install anti-virus protection.

Ultimately, beacon is a 'bottom-up' power. This means that users are also responsible for the security of their router.

The IT security team reserves the right to warn, and in extreme cases, to block spammers and others who disturb the quality of the network. This should only be a last measure to protect other users or to ensure the basic function of the network.

If the idea of an internet that’s more robust in the face of surveillance and censorship appeals, now’s the time to pitch in and help projects in your country or region.

Here are a list of resources and opportunities from Scientific American:

  • FreedomBox is planning future hackfests in various cities. They need help with ideas, with bug squashing, with script writing, with script testing, and with hardware. Write to join@freedomboxfoundation.org.
  • The FunkFeuer Free Net network in Vienna/li>

You may also find it interesting to listen to a Scientific American podcast where attempts to build a hardier alternative internet are discussed.

Sophos Network Firewall

Internet world image, courtesy of Shutterstock