Securing wireless SIP comms through WEP on WAP2 network

jabaroon

Hi All,

I have been waiting and waiting and waiting.....etc...for a wireless SIP manufacturer to release a wireless handset that supports WPA2 wireless networks.

Alas, I have given up waiting and am going to bite the bullet and buy one that can only do WEP. The challenge is that I dont want to downgrade my entire network security to WEP.

As such, I am wondering if anyone can suggest how I could install a new wireless access point on the network and secure it using WEP, but only connect SIP devices to the AP. Given that the AP will be dedicated to SIP traffic, what could I do to lock it down in such a way as to minimise the changes of my network being comrpromised?

I am thinking of the following:
- Only open ports required by SIP (can this be done with a wireless AP?)
- MAC filtering
- Fixed IP address

What else could I do? Not trying to break the bank here btw!

Ta,
Jab

jabaroon

Forgot to say....some phones can do WPA, but I believe that this is very crackable and that WPA2 is really your best man!

Webmonkey

From my understanding WPA is a lot more secure then WEP? WEP can be hacked in seconds.

jabaroon

Webmonkey wrote: »

From my understanding WPA is a lot more secure then WEP? WEP can be hacked in seconds.

Hi Webmonkey,

I think WEP can also be hacked pretty easily, but WPA2 is very tricky.
As such, I really dont want to use WEP either, but if I have to, is there a way to secure it/isolate the traffic onto my main lan etc...

Ta
Jab

BigEejit

As far as I know WPA-PSK can only be cracked by using a program to guess passwords (brute forcing), WPA2 similarly can only be cracked this way. A password that is long and is a mix of upper and lower case letters and numbers should be secure ..... there are online password generators that will make a random long password.

What I do is copy and paste that password into a text file and put it on my usb stick, if I add another wireless client then just copy and paste the password into the wireless configuration utility.

TimTim

This is a solution I've been pondering about before but I got a VoIP phone which has a base station that has an ethernet port.

But if I had to do that, I'd buy a seperate AP and some sort of embedded linux box. Connect the AP to the linux box and then the linux box to your home network. Set up iptables to only allow connections to and from your VoIP providers IP.

axer

How many phones are you talking about? What type of networking equipment (switches and routers) have you already? You could connect any AP to a managed switch that can put that AP (and others if needed) on a seperate VLAN and control the access that VLAN has to the internet and other devices on the network with an access-list or something similiar.

There is the problem that someone could eavesdrop and listen to all the calls made by these phones since the person could capture the traffic and decrypt it with the WEP key.

Is there a reason why you are not using the likes of the N95 (and probably any other nokia phone that supports WIFI and SIP) - maybe the E51? or are you looking for less of a mobile-type of phone? or are they too expensive?