Friday, 15 January 2016

Make your Wi-Fi faster and more secure

Make your Wi-Fi faster and more secure

Clive Webster shows you how to make your Wi-Fi router as fast as possible and secure it against hackers

The British preference for brick or stone houses causes headaches that many of our North American, timber-housed cousins rarely understand. While a single router can cover a typical US house, we struggle to get a strong Wi-Fi signal once we move upstairs, or possibly even into the next room. Thankfully your Wi-Fi woes can be remedied with a quick trawl through your router’s settings, or with a little networking nous. And while you’re there you can upgrade your security, too.

In this month’s Advanced Projects we’ll explain all the relevant settings, what they do and how to use them, and also debunk those security myths that not only make your Wi-Fi more of a hassle to use, but could even draw the attention of data thieves and hackers.


SPEED AND RELIABILITY


First, is your ISP to blame for slow speeds rather than your Wi-Fi? To check your service isn’t being throttled, plug a PC or laptop directly into your router with a network cable and log your download speed and ping (latency) over the course of a typical day. We used www.speedtest.net to give us a rough estimate. If you suffer a drop in internet speed (or an increase in latency) between 6pm and 10pm, your router’s Wi-Fi might not be the cause of unresponsive web pages.

It’s doubtful that your internet connection speed will ever be greater than your Wi-Fi speed, so to gauge whether your Wi-Fi is slower than it should be you’ll need to transfer files across your local network. Create a RAM disk on a PC plugged directly into the router and on a laptop connected by Wi-Fi (the free version of Dataram’s RAMDisk, from tinyurl.com/ap-ram-disk, is fine), then time how long it takes to copy a file from the PC’s RAM disk to the laptop’s RAM disk over the network. Divide the file size by the time taken (in seconds) and you have your transfer speed in MB/s. To find the speed in Mbit/s, multiply the MB/s speed by eight (there are eight bits to the byte).

You can also use LAN Speed Test Lite from totusoft.com/downloads.html to automate the test. Repeat the speed test at various points around your house, not forgetting important areas such as under the TV, on your bed, in the loo and the garden bench, and plot your results on to a rough map of your home. If your router supports 5GHz Wi-Fi you should produce a second ‘heatmap’ for that network beside the 2.4GHz network.

Certain Wi-Fi specifications can only achieve certain speeds, and even the maximum speed is a theoretical figure: you can’t expect an 802.11g network to deliver much more than 20Mbit/s (2.5MB/s) in reality. If your router doesn’t support at least 802.11n, the easiest way to get extra speed and reliability is to upgrade to an 802.11ac router such as the TP-Link Archer C9 or an 802.11ac modem/router such as D-Link’s DSL-3590L. This will probably give you better security options, too. You could also use an access point, such as the Draytek AP-900.

THE HEAT IS ON


Once your heatmap is complete you can analyse it to find solutions to your Wi-Fi problems. If your Wi-Fi sphere is lop-sided, try moving the router to a more central position. If it looks like your walls are too thick, perhaps placing your router in the loft might help it beam its signal down into rooms. We’ve even seen people line the wall behind a router with tin foil to try to reflect the signal. As 5GHz Wi-Fi sacrifices range for speed, try using the 2.4GHz network for mobile devices and your 5GHz network for static devices, such as smart TVs and Blu-ray players.

Delve into your router’s web page (typically type 192.168.1.1 into a web browser) and you may find an option to increase the broadcast signal; crank that up to maximum. You might also be able to test for Wi-Fi channel congestion via the router’s control page; if not, use a free application (Android: Wifi Analyzer, tinyurl.com/ap-wifi-a; iOS: AirPort Utility and Vladimir Mekhnin’s help, tinyurl.com/ap-wifi-i; Windows, WifiInfoView, tinyurl.com/ap-wifi-w; Linux, Kismet, tinyurl.com/ap-wifi-l; OS X, built-in). If some channels are congested, force your router to use other channels instead. You could also try offloading DHCP and DNS responsibilities to your NAS, which should have a faster processor than your router; you’ll need to refer to your NAS’s manual to find out how to do this.

Finally, you may not be using your router’s QoS service to full effect (it might be called Prioritisation, Media Prioritisation or Quality of Service). Basic QoS may prioritise a certain device (your Blu-ray player, for example) but you can prioritise services and games as well, thus achieving best performance whichever device you use. Many routers have a list of services and games built-in, with the likes of Netflix, Skype and Xbox Live available alongside EVE Online, League of Legends and World of Warcraft. However, newer services and games are rarely listed; to add them you’ll need to find out which ports they use, so Google ‘<service> port numbers’ and hope the service provider publishes them (Amazon Instant Video doesn’t, for example).

Our Hearthstone addiction knows no bounds, so after Googling ‘Hearthstone port numbers’ we selected ‘Add new game’ in the Media Prioritization section of our Linksys router. After entering the ports given on Blizzard’s support page, we clicked OK and dragged the new option to the High Priority list, to make sure Hearthstone’s traffic was always the priority no matter what else was happening on the network. Finally, we also ensured that WMM (Wireless Multi-Media) was enabled in the Settings menu, as this helps media streaming over Wi-Fi.

If none of these measures helps, consider a Wi-Fi extender kit such as the Devolo dLAN 1200+ WiFi ac Starter Kit which uses PowerLine technology to create a new sphere of Wi-Fi coverage away from your router. A cheaper option is BT’s Dual-Band Wi-Fi Extender, which merely extends your current Wi-Fi sphere.

SECURITY TIPS


Let’s deal with the myths first. Don’t bother hiding your SSID: there are plenty of free phone apps that can easily discover ‘hidden’ Wi-Fi signals, and hiding your SSID only indicates to hackers that you might be hiding something valuable. Whitelisting the MAC addresses (the unique ID) of your own devices and blocking unknown MAC addresses is also more hassle than it’s worth as hackers can scan your devices and then clone a whitelisted MAC address on to their own laptop. We also question the usefulness of reducing the strength of your Wi-Fi signal; any data thief worthy of the title will use a high-gain antenna to creep on to even weak Wi-Fi signals. Instead of using these fiddly tricks, follow our checklist of the most effective security measures.

There are a number of more advanced deterrents to deploy if you want to be extra secure. Changing your DNS provider to OpenDNS, Norton ConnectSafe or Comodo, can help. There’s also a known (though slight) vulnerability in WPS, so only enable it for the short time it takes to connect a new device. As a guest account gives insecure access to your router, you might want to avoid using it even if you have guests round. If you do use guest access, remember to turn it off once your guests have left.

Your router should provide a firewall, so check this is working. Our Linksys router offered the basics (ident and anonymous request blocking, VPN controls) but OpenWRT allows fine control over network traffic. A common service to block is Telnet (the remote login service), which uses port 23; consult your router’s manual to see how to block a service based on its port number. You might also find that your router’s firewall can block WAN requests (effectively hiding your router from the internet), DoS (Denial of Service) and remote management (which will disable app-based management to some degree). These three services are potential security weaknesses, but could also hinder or prevent the normal use of your router or network, depending on how you use them.

SAFE ZONE


Finally, remember to place any ‘outward facing’ computers, such as a web server, in your DMZ (de-militarised zone). A DMZ is a logical partition of your local network that places a publicly accessible computer on the wrong side of your firewall; if this easily discovered computer is compromised, the hacker shouldn’t be able to gain access to the rest of your network. Typically this involves finding the IP address of the server and entering this in the DMZ list of your router.

Aside from a strong WPA2 Wi-Fi password, possibly the best action you can take to ensure that your Wi-Fi is secure is to check for interlopers regularly. Your router may list devices that have connected to it, and you can also use a monitoring application such as inSSIDer ($20, Windows and OS X), Kismet (Linux, free, www.kismetwireless.net) or KisMac2 (free, OS X, tinyurl.com/ap-kismac2). Equally, Who Is On My Wifi ($10 a month, Windows and OS X) can monitor for suspicious behaviour on your network and give you instant alerts.


SECURITY CHECKLIST
- Use the strongest possible password encryption: WPA2
- Use a strong Wi-Fi password: 8-13 characters long, including capitals, symbols and numbers
- Change your SSID: don’t include the router manufacturer or personal details such as family name, house name or number
- Change your router’s log-in credentials from ‘admin, admin’
- Schedule a sleep timer to shut down Wi-Fi during the night
- Turn your router off when the house is empty
- Update the router’s firmware (schedule automatic updates if possible)
- If you use your router’s provided password, change it after a burglary; the thief may have taken a photo of the back/underside of your router before escaping