Cisco 7925G Administration Guide - Page 46

Security for Voice Communications in WLANs Chapter 2 Overview of the VoIP Wireless Network Table 2-6 Static IP Addresses When DHCP is Disabled (continued) Static Setting DNS Server 1 DNS Server 2 TFTP Server 1 TFTP Server 2 Description If the system is configured to use host names for servers instead of IP addresses, identifies the primary and secondary DNS server to resolve host names. Identifies the TFTP servers that the phone uses to obtain configuration files. Security for Voice Communications in WLANs Because all WLAN devices that are within range can receive all other WLAN traffic, securing voice communications is critical in WLANs. To ensure that voice traffic is not manipulated or intercepted by intruders, the Cisco Unified Wireless IP Phone 7925G and Cisco Aironet APs are supported in the Cisco SAFE Security architecture. For more information about security in networks, refer to http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html. This section contains the following items: • Authentication Methods, page 2-16 • Authenticated Key Management, page 2-18 • Encryption Methods, page 2-18 • Choosing AP Authentication and Encryption Methods, page 2-18 Authentication Methods The Cisco Wireless IP telephony solution provides wireless network security that prevents unauthorized logins and compromised communications by using the following authentication methods. • Open Authentication-Any wireless device can request authentication in an open system. The AP that receives the request may grant authentication to any requestor or only to requestors on a list of users. Communication between the wireless device and AP could be non-encrypted or devices can use Wired Equivalent Privacy (WEP) keys to provide security. Devices that are using WEP only attempt to authenticate with an AP that is using WEP. • Shared Key Authentication-The AP sends an unencrypted challenge text string to any device attempting to communicate with the AP. The device that is requesting authentication uses a pre-configured WEP key to encrypt the challenge text and sends it back to the AP. If the challenge text is encrypted correctly, the AP allows the requesting device to authenticate. A device can authenticate only if its WEP key matches the WEP key on the APs. Shared key authentication can be less secure than open authentication with WEP because someone can monitor the challenges. An intruder can calculate the WEP key by comparing the unencrypted and encrypted challenge text strings. • Wireless Protected Access (WPA) Pre-Shared Key (PSK) Authentication-The AP and the phone are configured with the same authentication key. The pre-shared key is used to create unique pair-wise keys that are exchanged between each phone and the AP. You can configure the pre-shared key as a hexadecimal or ASCII character string. Because the pre-shared key is stored on the phone, it might be compromised if the phone is lost or stolen. 2-16 Cisco Unified Wireless IP Phone 7925G Administration Guide for Cisco Unified Communications Manager 7.0(1) OL-15984-01