๐ŸŽ‚ BGP: Time to Secure the 35 y.o. Core of the Internet





The recent release of the White House's "Roadmap to Enhancing Internet Routing Security" on September 3, 2024, addresses vulnerabilities in the Border Gateway Protocol (BGP), which was introduced in 1989 as part of the internet's development.


⚠️ Why is BGP security important?
If not properly secured, BGP can be exploited to misroute, intercept, or disrupt internet traffic, leading to espionage, data theft, and service outages. BGP security ensures the reliability and safety of global internet infrastructure.

⏳ Did we have enough time to implement BGP security?
Yes, but kind of... haven’t fully succeeded. While the basic hardening procedures for securing BGP are well understood, they have not been widely implemented. Protocols and tools like RPKI have been available for years, but many networks - particularly large ones - have been slow to adopt them. As a result, the current state of BGP security remains vulnerable.

Proof of BGP insecurity can be seen in several major incidents:
๐Ÿ”ปAmazon Route Leak (2017): A misconfiguration by a Japanese ISP caused massive routing issues, leading to service disruptions for AWS users globally, affecting services like Slack and Reddit.
๐Ÿ”ปIndosat BGP Hijack (2014): Indonesian ISP Indosat accidentally announced over 400,000 prefixes, leading to widespread routing issues and highlighting how a single BGP misconfiguration can affect the global internet.
๐Ÿ”ปChina Telecom BGP Hijack (2010): Around 15% of global internet traffic was misrouted through China for 18 minutes, raising concerns about data privacy and network security.

These incidents, and probably many others that are less visible, demonstrate the ongoing risks of unsecured BGP.

๐Ÿ’ก What is the proposal now?
Governments and regulators, along with network experts, are advocating for the implementation of RPKI (Resource Public Key Infrastructure) and other cryptographic mechanisms to validate route announcements. This is in addition to the general hardening of BGP configurations, which should be standard practice.

๐Ÿง What’s intriguing is that this feels like a blast from the past, showing how many systems remain in their original form or are less protected than today’s threats require. It also highlights how many critical technologies operate behind the scenes of modern IT and cybersecurity.

Ref:https://phoenixnap.com/kb/rpki

Comments

Post a Comment

Popular posts from this blog

Impact of IP Protocols with Data as AI Works

In the rapidly evolving landscape of data communications, the role of IP protocols cannot be underestimated. These protocols serve as the backbone for internet-based communication and play a crucial role in ensuring the seamless transfer of data packets. With the emergence of Artificial Intelligence (AI) and its integration into various fields, the impact of IP protocols becomes even more significant. In this article, we will explore how various IP protocols, such as QOS, MPLS-TE, SDN, ECMP, and others, contribute to regulating IP traffic and enabling efficient data communications. Understanding IP Protocols and their Role in AI-driven Data Communications Quality of Service (QoS) QoS, as an IP protocol, plays a pivotal role in ensuring the efficient delivery of data packets by prioritizing certain types of network traffic over others. It employs various techniques, such as traffic shaping and bandwidth allocation, to manage network congestion and optimize the utilization of available r
Read more

Demystifying Network Slicing

Image
Network slicing represents a paradigm shift in how we think about networks and their management. At its core, network slicing involves the creation of multiple virtual networks on the same physical network infrastructure. These virtual networks can be tailored to meet the diverse requirements of different types of services, applications, or users. In this blog post, we will delve into the intricacies of network slicing, unpacking its components, benefits, and operational dynamics. ## Understanding Network Slicing Network slicing is a transformative technology that enables the division of a single physical network into multiple virtual networks, each designed to serve a specific purpose or service type with distinct performance characteristics. This segmentation allows for more efficient resource use and enables a tailored approach to network management. ### The Composition of a Network Slice A network slice is a complex entity composed of both physical and virtual network resources. It
Read more

How much extra are you using IPV6 for Internet-based communication?

In the ever-evolving world of technology, the importance of efficient and seamless communication cannot be overstated. With the growing prevalence of Internet-based communication, it becomes crucial to understand the impact of IPV6 utilization. In this article, we delve into the facts, benefits, and comparison of IPV6 with traditional methods of internet connectivity. IPV6 Usage: A Global Trend According to recent statistics, the adoption rate of IPV6 has been steadily increasing worldwide. It is estimated that approximately 30% of all internet traffic is already utilizing IPV6. Major tech giants, such as Google, Facebook, and Netflix, have committed significant efforts towards IPV6 adoption. This widespread implementation of IPV6 is a testament to its importance in ensuring the future scalability and growth of the internet. Benefits of IPV6 Enhanced Address Space One of the most significant advantages of IPV6 is its expanded address space. IPV6 provides a mind-boggling 340 undecillion
Read more