2-14
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified Communications Manager Release 7.0
OL-15985-01
Chapter 2 Overview of the VoIP Wireless Network
Security for Voice Communications in WLANs
Security for Voice Communications in WLANs
Because all WLAN devices that are within range can receive all other WLAN traffic, securing voice
communications is critical in WLANs. To ensure that voice traffic is not manipulated or intercepted by
intruders, the Cisco Unified Wireless IP Phone 7921G and Cisco Aironet APs are supported in the Cisco
SAFE Security architecture. For more information about security in networks, refer to
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html
.
This section contains the following items:
•
Authentication Methods, page 2-14
•
Authenticated Key Management, page 2-16
•
Encryption Methods, page 2-16
•
AP Authentication and Encryption Methods, page 2-16
Authentication Methods
The Cisco Wireless IP telephony solution provides wireless network security that prevents unauthorized
logins and compromised communications by using the following authentication methods.
•
Open Authentication—Any wireless device can request authentication in an open system. The AP
that receives the request may grant authentication to any requestor or only to requestors on a list of
users. Communication between the wireless device and AP could be non-encrypted or devices can
use Wired Equivalent Privacy (WEP) keys to provide security. Devices that are using WEP only
attempt to authenticate with an AP that is using WEP.
•
Shared Key Authentication—The AP sends an unencrypted challenge text string to any device
attempting to communicate with the AP. The device that is requesting authentication uses a
pre-configured WEP key to encrypt the challenge text and sends it back to the AP. If the challenge
text is encrypted correctly, the AP allows the requesting device to authenticate. A device can
authenticate only if its WEP key matches the WEP key on the APs.
Shared key authentication can be less secure than open authentication with WEP because someone
can monitor the challenges. An intruder can calculate the WEP key by comparing the unencrypted
and encrypted challenge text strings.
•
Wireless Protected Access (WPA) Pre-Shared Key (PSK) Authentication—The AP and the phone
are configured with the same authentication key. The pre-shared key is used to create unique
pair-wise keys that are exchanged between each phone and the AP. You can configure the pre-shared
key as a hexadecimal or ASCII character string. Because the pre-shared key is stored on the phone,
it might be compromised if the phone is lost or stolen.
DNS Server 1
DNS Server 2
If the system is configured to use host names for servers instead of IP
addresses, identifies the primary and secondary DNS server to resolve
host names.
TFTP Server 1
TFTP Server 2
Identifies the TFTP servers that the phone uses to obtain
configuration files.
Table 2-5
Static IP Addresses When DHCP is Disabled (continued)
Static Setting
Description