How to solve the security problem of Wi-Fi network VoIP (1)

Over the past few years, the penetration rate of VoIP systems in both the enterprise and residential markets has been greatly improved. VoIP integrates data and voice services into a unified network, which can greatly save costs for enterprise IT departments or home users. We also saw that various service providers began to deploy a small number of VoIP systems to connect the gateway to broadband access devices such as DSL or cable modem.

The current generation of Residential Gateway provides a data WLAN connection mechanism. Today, most WLANs are for data applications and are used to replace Ethernet and connect to a laptop or desktop computer. Some devices, such as printers, cameras, or WLANIP phones, have insufficient user interfaces to restrict their deployment. Generally, WLAN-related security issues involve all devices connected to it. WLANIP phones or compound cellular/WLAN phones face more challenges in this regard.

Security in WLAN system

The 802.11i standard is an enhanced MAC layer standard that supports packet security and authentication security. The previous generation of password-based 802.11 security mechanisms were developed around the WEP protocol. However, the authentication provided by WEP is not two-way authentication. For example, the user cannot authenticate the network. Duplicate use of keys in WEP also makes it easy for hackers to crack keys. Finally, in the static WEP implementation, it is impossible for the network administrator to change the key on the Access Point (AP) because this requires changing the key on each site. In most cases, WEP is not implemented.

Take the following two steps to solve the security problem in WEP: first, provide a software upgrade Mechanism for the current product; the second is to create a new type of robust security network (RSN) that may require hardware changes ). The first measure has been adopted by the Wi-Fi Alliance as a wireless protection access (WPA), and the approved 802.11i specification has been adopted as wpa2.

WPA is equivalent to adding a security shell for the RC4 encryption solution used by WEP, providing mutual authentication between users and networks, automatic and secure key exchange, and providing voice (and data) package protection. WPA2 enhances the security of WPA by replacing RC4 with Advanced Encryption Standard (AES. In addition, WPA2 can protect users' infrastructure investment in WPA by using a similar automatic key exchange mechanism.

Figure 1: Key components of 802.1x authentication

Although the standard setting organization has spent a lot of effort on solving the security of the 802.11MAC layer, it does not actually solve the security problems of home users (or hotspot) applications. The lack of security is related to the technical terms and configuration steps that most end users cannot correctly understand. Understanding these terms and configuration steps is critical to establishing sufficient security.