What security risks may cause the Internet speed to suddenly slow down?

[[434023]]

This article is reprinted from the WeChat public account "Computer World", written by Eric Geier. Please contact the Computer World public account to reprint this article.

Using 5GHz and band switching

The 5GHz band offers more channels than 2.4GHz, so it's necessary to use a dual-band AP that also supports 5GHz. This allows older WiFi devices to connect on the lower band, and newer dual-band devices to connect on the higher band. Lower bands are less congested, which generally means faster connections, and higher band devices generally support higher data rates, both of which help reduce the time it takes for a device's signal to propagate. Not all new WiFi devices are dual-band, but more and more are today, especially high-end smartphones and tablets.

In addition to supporting 5GHz, consider using any band switching capabilities your AP offers. This can encourage or force dual-band devices to connect to the higher band rather than leaving it up to the device or user to handle.

Many APs only allow you to enable or disable the band switching feature, but some APs can configure the signal threshold yourself so that dual-band devices that have a stronger signal on 2.4GHz are not forced to use 5GHz. This can be very helpful for faster network speeds, as 5GHz does not provide the same transmission distance as the lower frequency bands. If your AP supports it, you may want to use the signal threshold setting to provide users with the best signal while alleviating congestion on 2.4GHz.

Use WPA2 and/or WPA3

It's no secret that WEP (Wired Equivalent Privacy) is not secure, although almost all APs support it. WPA (Wi-Fi Protected Access) is more secure, but it depends on the specific version you use. Keep in mind that with the first version of WPA, the data rate of a wireless network is limited to 54Mbps, which is the maximum rate of the two older standards 802.11a and 802.11g. To ensure that you can take advantage of the higher data rates provided by new equipment, it is safer to use only WPA2 and/or WPA3.

Reduce the number of SSIDs

If you configure multiple SSIDs on your AP, remember that each virtual wireless network must broadcast separate beacons and management packets. This consumes more signal propagation time, so use multiple SSIDs with caution. A private SSID and a public SSID are certainly acceptable, but try to avoid using virtual SSIDs for things like isolating wireless access by department.

If network isolation is required, consider using 802.1x authentication to dynamically assign VLANs to users upon connecting to the SSID. This way you can have a single dedicated SSID but still isolate wireless traffic virtually.

Don't hide your SSID

You may have heard that hiding the network name by disabling the SSID in beacon broadcasts can help increase security. However, this only hides the network name from the average user. Most devices will indicate that there is an unnamed network nearby. But anyone with a WiFi analysis tool can usually spot the SSID because it will still appear in some administrative traffic.

Figure 3. The WiFi analysis tool showing the hidden SSID of 'cottage111' after a device has connected to the network.

Hiding the SSID also brings additional management traffic on the network, such as probe requests and responses, which consume more signal propagation time. In addition, hidden SSIDs can be confusing and time-consuming for users, because users must manually enter the network name when connecting to WiFi. Therefore, this so-called security practice actually does more harm than good.

A more favorable security approach is to use the enterprise mode of WPA2 and/or WPA3. If you find that not all devices on your network support enterprise mode or it is difficult to set up, be sure to set a strong, long password that uses a mix of uppercase and lowercase letters. Also consider changing the password regularly, and be sure to change it after any user leaves the organization or loses a Wi-Fi device.

Disable lower data rates and standards

Although modern WiFi devices can support speeds of over 1Gbps, for some traffic, the AP can only transmit at 1Mbps in the 2.4GHz band and 6Mbps in the 5GHz band. Generally speaking, the farther away from the AP, the lower the signal speed and the lower the data rate.

However, even when coverage and signal are good, most APs by default send management or multicast traffic, such as SSID beacons, at a much lower rate rather than at the highest data rate (which is the highest data rate when sending regular data traffic). Increasing the AP's minimum or multicast data rate can force management traffic to be sent at a higher rate, effectively shortening the overall signal propagation time.

This trick can also help devices automatically connect to better APs more quickly. For example, some devices may not find another AP to connect to by default unless it completely loses connection to the AP it was previously connected to. Or this may not happen if the device is so far away that the signal and data rate are the minimum supported by the AP. So, if you increase the minimum data rate, it is equivalent to reducing the maximum coverage area of ​​each AP, but at the same time improving overall network performance.

Not all networks should use the lowest data rate, and this decision depends on the network's unique coverage, client capabilities, and other factors. But keep in mind: by disabling lower data speeds, you're actually disabling support for older wireless standards. For example, if you disable all data rates of 11Mbps and below, you won't be able to use 802.11b devices because the maximum data rate for that standard is 11Mbps.

For most networks, disabling 802.11b support is acceptable, but you shouldn't completely disable both standards: 802.11a and 802.11g, which have a maximum rate of 54Mbps. So, the highest data rate you should consider disabling is 48Mbps, which still allows the use of legacy standards 802.11a/g/n/ac.

By Eric Geier Eric Geier is a freelance writer who writes about technology and also founded NoWiresSecurity, a cloud-based WiFi security service, WiFiSurveyors, which provides RF site surveys, and On Spot Techs, which provides general IT services.

Original URL:

https://www.networkworld.com/article/3617490/9-tips-for-speeding-up-your-business-wi-fi.html