Security For Voice Communications In Wlans; Authentication Methods - Cisco 7925G - Unified Wireless IP Phone VoIP Administration Manual

Security for Voice Communications in WLANs

Table 2-6
Static Setting
DNS Server 1
DNS Server 2
TFTP Server 1
TFTP Server 2
Security for Voice Communications in WLANs
Because all WLAN devices that are within range can receive all other WLAN traffic, securing voice
communications is critical in WLANs. To ensure that voice traffic is not manipulated or intercepted by
intruders, the Cisco Unified Wireless IP Phone 7925G and Cisco Aironet APs are supported in the Cisco
SAFE Security architecture. For more information about security in networks, refer to
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html.
This section contains the following items:
•
•
•
•

Authentication Methods

The Cisco Wireless IP telephony solution provides wireless network security that prevents unauthorized
logins and compromised communications by using the following authentication methods.
•
•
•
Cisco Unified Wireless IP Phone 7925G Administration Guide for Cisco Unified Communications Manager 7.0(1)
2-16
Static IP Addresses When DHCP is Disabled (continued)
Authentication Methods, page 2-16
Authenticated Key Management, page 2-18
Encryption Methods, page 2-18
Choosing AP Authentication and Encryption Methods, page 2-18
Open Authentication—Any wireless device can request authentication in an open system. The AP
that receives the request may grant authentication to any requestor or only to requestors on a list of
users. Communication between the wireless device and AP could be non-encrypted or devices can
use Wired Equivalent Privacy (WEP) keys to provide security. Devices that are using WEP only
attempt to authenticate with an AP that is using WEP.
Shared Key Authentication—The AP sends an unencrypted challenge text string to any device
attempting to communicate with the AP. The device that is requesting authentication uses a
pre-configured WEP key to encrypt the challenge text and sends it back to the AP. If the challenge
text is encrypted correctly, the AP allows the requesting device to authenticate. A device can
authenticate only if its WEP key matches the WEP key on the APs.
Shared key authentication can be less secure than open authentication with WEP because someone
can monitor the challenges. An intruder can calculate the WEP key by comparing the unencrypted
and encrypted challenge text strings.
Wireless Protected Access (WPA) Pre-Shared Key (PSK) Authentication—The AP and the phone
are configured with the same authentication key. The pre-shared key is used to create unique
pair-wise keys that are exchanged between each phone and the AP. You can configure the pre-shared
key as a hexadecimal or ASCII character string. Because the pre-shared key is stored on the phone,
it might be compromised if the phone is lost or stolen.
Description
If the system is configured to use host names for servers instead of IP
addresses, identifies the primary and secondary DNS server to resolve
host names.
Identifies the TFTP servers that the phone uses to obtain
configuration files.
Chapter 2 Overview of the VoIP Wireless Network
OL-15984-01