BGP Security Configuration in ISP Networks
The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used to exchange network reachability information between ISP networks in the global Internet. The border gateway router of ISP network runs BGP protocol and maintains a table of prefixes designating IP networks that can be reached. However, as the Internet routing infrastructure, BGP is vulnerable to both accidental misconfigurations and malicious attacks because it trusts unverified control plane information received from its peers. This paper considers the security risks of BGP system and surveys works relating to BGP security. While a number of enhanced protocols for BGP (such as S-BGP, SO-BGP, PGBGP, etc.) have been proposed to solve BGP security problem, these generally relay on a public key infrastructure or a central authority like ICANN, or require substantial changes to the protocol, hence none of them has been widely deployed. We present a security configuration framework based on currently available technologies to improve the security of BGP routers. The security configuration framework provides a set of guidelines to protect the BGP routers from misconfigurations and malicious attacks. We describe the countermeasures and security mechanisms of BGP system when it encounters potential attacks, such as BGP peer spoofing, BGP session hijacking, malicious or unallocated route injection, etc. Our proposition is easily deployable in ISP networks without additional cost and it can effectively improve the security of BGP system.
Hexing Wang Cuirong Wang Ge Yu
Northeastern University at Qinhuangdao,Qinhuangdao 066004,China School of Information Science and Engineering,Northeastern University Shenyang 110004,China
国际会议
Progress in Electromagnetics Research Symposium 2009(2009年电磁学研究新进展学术研讨会)(PIERS 2009)
北京
英文
700-704
2009-03-23(万方平台首次上网日期,不代表论文的发表时间)