SpectraLink NetLink Wireless Telephones Best Practices White Paper Wireless Telephone User Manual

White Paper

Page 13

5.0 Security

5.1 Security

Concerns

Security provisions are critical for any enterprise Wi-Fi network.
Wireless technology does not provide any physical barrier to the
network, since radio waves penetrate walls and can be monitored and
accessed from outside a facility. The extent of security measures
utilized are typically proportional to the value of the information
accessible on the network. The security risk for Wi-Fi telephony is not
limited to the typical wired telephony concerns of eavesdropping on
telephone calls or making unauthorized toll calls, but is equivalent to the
security risk of the data network that connects to the APs. Several
different security solutions can be implemented with NetLink Wireless
Telephones. Determining the proper level of security should be based
on identified risks, corporate policy, and an understanding of the pros
and cons of the available security methods.

5.1.1 Wired

Equivalent

Privacy (WEP)

NetLink Wireless Telephones support Wired Equivalent Privacy (WEP)
encryption as defined by the 802.11 standard. The handsets can use
either 40-bit or 128-bit key lengths. WEP is intended to provide the same
level of security over a wireless LAN as on a wired Ethernet LAN.
Although security flaws have been identified, WEP still provides strong
encryption that requires an experienced and dedicated hacker to break.

5.1.2 Cisco

Fast

Secure Roaming
(FSR)

802.1x based authentication protocols such as EAP-TLS or Cisco’s
LEAP were developed to provide a higher level of security for wireless
networks. These advanced methods require a back-end authentication
server to authenticate users and generate new keys. This authentication
and re-keying process can take up to several seconds and is required
each time a user hands-off from one AP to the next in the same subnet.
While this is taking place, the client device is not authenticated to an AP
and there is an interruption in the data stream and therefore in the voice
conversation. This interruption caused by the authentication process is
unacceptable for voice communication in most enterprise applications.

To address the voice quality issues with most security mechanisms,
SpectraLink and Cisco have worked together to deliver a Fast Secure
Roaming (FSR) mechanism. FSR allows the authentication process to
be done in a way that minimizes the number of messages required
between the NetLink Wireless Telephones and the Cisco wireless LAN
infrastructure. It is designed to be compatible with wireless standards
and allow backward compatibility with devices utilizing previous security
mechanisms, such as Cisco’s LEAP.

Implementation of FSR for Cisco Aironet APs utilizes several standard
and proprietary security components, including Cisco Client Key
Management (CCKM), LEAP authentication, Michael message integrity
check (MIC), and Temporal Key Integrity Protocol (TKIP). FSR not only
addresses the roaming issue, but also provides strong security
measures for authentication, privacy, and data integrity.