[VOIPSEC] Cisco 7920 wireless IP Phones

Mark Teicher mht3 at earthlink.net
Thu May 26 13:07:53 CDT 2005 

Tom,

Not many entities have incorporated SSL or SSH properly just that not enough interested parties have decided to spend time inspecting every line of code and publicizing the issues.  
Has your employer incorporated SSL or SSH properly into their product? 
Or are you relying on the open source community is providing you some sort of gentlemen's nod that their libraries are free of buffer overflows, cannot be compromised as of this day, this hour, this minute??

"to the east is a white house with the kitchen window ajar"

/m




-----Original Message-----
From: "Porter, Thomas (Tom)" <tporter at avaya.com>
Sent: May 26, 2005 1:30 PM
To: Chris at infravast.com, "Robert Thompson Jr." <rthompson at columbiabank.com>, 
	Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones

Chris,

The point I am making is that wireless networks can be made as secure or
more secure (since typically, LAN traffic is not encrypted) than wired
networks. I think that most people would agree with this. Certainly WEP
& LEAP are not sufficient to protect these networks, but other IETF
standard forms of EAP (TLS/PEAP, TTLS, etc) & their implementations are.
802.11i (AES-CCM) rely upon digital certs & are not subject to
person-in-the-middle attacks. Yes, SSL & SSH *can* be hijacked, but if
implemented properly they *cannot* be. This is not meant as an offense
to you & Don Bailey, but the fact is: Many wireless, SSH, and SSL
implementations (not sure why you included these w/ wireless) can be &
are more secure than the corresponding wired networks. Head-on attacks
against these implementations are destined to fail - of course, no
amount of encryption, etc can protect against a single weak password,
but that is a separate issue.

Best, Tom

TLS is SSL all grown up. 

"SSL and SSH can be hijacked (MiM, Man in the middle) by hacker tools
crafted specifically for VoIP. A good example of ssl hijacking is a tool
called airsnarf.
http://airsnarf.shmoo.com/ I believe that this would be a trivial task
to convert to SIP since it is merely a cousin to html."

The author, Beetle, gave some very good demonstrations of how easy it is
to break "ANY" wireless encryption/protection scheme and, with this
tool, hijack any ssl/tls encrypted page to capture authentication/credit
card or any other info that was supposed to be encrypted. Over two days
he was able to show a class of about 60 people, many new to wireless how
to do the same thing.

When I say that IPSec adds too much overhead I refer to the fact that,
due to encapsulation, IPSec adds approximately 40% additional overhead
to an IP packet and often fragmentation due to packets that need to be
fragmented for encapsulation.

Chris

-----Original Message-----
From: Robert Thompson Jr. [mailto:rthompson at columbiabank.com]
Sent: Wednesday, May 25, 2005 1:19 PM
To: Chris at infravast.com; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones

I am very new to VOIP, so please bear with me.

But when you say that it is trivial to intercept the traffic, you just
mean to receive it right?  You are not talking about deciphering the
information and being able to listen in on the conversation are you?

Why would IPSEC add too much overhead?

Instead of SSH and SSL, could TLS be used?  As I am under the
understanding that TLS doesn't have any more overhead than SSL though is
quite more secure.

Rob.

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Christopher A. Martin
Sent: Tuesday, May 24, 2005 5:47 PM
To: 'Finnegan, James M SAM Contractor'; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Cisco 7920 wireless IP Phones


It is trivial to hijack, intercept, impersonate any type of traffic over
wireless, whether WEP, WAP, etc is implemented. IPSec over it is about
the only safe bet (which adds too much overhead). SSH and SSL can also
be compromised due to wireless hijacking.

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Finnegan, James M SAM Contractor
Sent: Tuesday, May 24, 2005 12:03 PM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] Cisco 7920 wireless IP Phones

Greetings all,

  I have run into a problem I was hoping to get feedback on. We are
using the 7920 IP Phones at our sites, running CCM 3.3.

 The Army has decided the wireless link needs to be encrypted with
something other than WEP or WEP  w/LEAP. Our standard wireless
encryption is 3DES.
The
7920's only support WEP or WEP w/LEAP. Has anyone run into this problem?

 

Thanks

 

Mike Finnegan

B.I.T.S.

U.S.Army Corp of Engineers

 

 

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list