Agreed. There are a couple of important components.
The first is 802.1x but as important is fast roaming (secure handoffs
between APs). IEEE 802.11r is still a work in progress. PMK-caching is
the way to facilitate secure fast roaming in current generation products
but it's likely not going to appear for WPA devices (not sure exactly why?)
It appears the handset vendors will have to support WPA2. We're seeing a
number of interesting handsets which are starting to just now support
WPA but not WPA2. In many cases WPA2 will require brand new handsets
which have yet to see the light of day. Needless to say, we aren't
buying a lot of expensive VOIP wireless handsets right now but we are
testing several... :-)
Our VOIP over Wireless pilot uses WPA-PSK and we won't release devices
that exposes the PSK. I think that's the best way to deploy secure VOIP
over wireless in the short term. Not ideal, as Frank says, vendors
aren't very far along.
My prediction is that secure VOIP (at the application layer) will open
the floodgates on all VOIP (including VOIP over wireless)... We're
already starting to see this with Skype... The days for insecure VOIP
are numbered IMHO.
... Jonn Martell, Manager UBC Wireless (Wireless and VOIP Project Manager)
on 11/29/2005 1:41 PM Frank Bulk said the following:
Hear-hear, but the Wi-Fi handset vendors are by far and large not that far
long in the thought process....
Frank
-----Original Message-----
From: Michael Griego [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 2:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [SCFN] <offtopic> VoIP eavesdropping (fwd)
This highlights the exact reasons that VoFi systems *should* use 802.1x
authentication with per-station keys. That way, each handset has its own
key to encrypt its traffic over the air with, stopping the easy sniffing of
traffic passing through the air. This, of course, does nothing for
beyond-the-AP sniffing, but it is presumed that is handled by other security
measures in the environment.
--Mike
-----------------------------------
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
Lee Barken wrote:
Any comments? (Originally sent to socalfreenet.org)
---------- Forwarded message ----------
Date: Tue, 29 Nov 2005 09:20:11 -0800 (PST)
From: Lee Barken <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [SCFN] <offtopic> VoIP eavesdropping
This is somewhat offtopic for a wireless list-- but kinda relevent
considering our plans to implement VoIP in our wireless clouds....
VoIP, in essence, uses CLEARTEXT protocols... making passive capture
trivial in a wireless environment..... (?) What is the risk that
somebody will capture unauthorized recordings of voice communication?
Is there a legal precendent for prohibiting wiretapping in a digital
environment?
http://oreka.sourceforge.net/
"The open source, cross-platform audio stream recording and retrieval
system Oreka is a modular and cross-platform system for recording and
retrieval of audio streams. The project currently supports VoIP and
sound device based capture. Recordings metadata can be stored in any
mainstream database. Retrieval of captured sessions is web based."
"Record VoIP RTP sessions by passively listening to network packets.
Both sides of a conversation are mixed together and each call is
logged as a separate audio file. When SIP or Cisco Skinny (SCCP)
signalling is detected, the associated metadata is also extracted."
Take it easy,
-Lee
_______________________________________________
SoCalFreeNet.org General Discussion List To unsubscribe, please visit:
http://socalfreenet.org/mailman/listinfo/discuss_socalfreenet.org
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
