By William Jackson
The National Institute of Standards and Technology has released a set of
best practices to help protect the Border Gateway Protocol, the core
routing protocol used on the Internet.
Although it can be used within large IP networks, BGP most commonly is
used by gateway hosts for routing between autonomous networks on the
Internet. It maintains a table of prefixes designating IP networks that
can be reached. It is a decentralized routing protocol.
Although end users do not often use BGP, Internet service providers
often use it to establish routing with each other, so it is integral to
the Internet. NIST Special Publication 800-54 , titled Border Gateway
Protocol Security, gives an introduction to the protocol along with
guidelines for securing it. The guidelines are intended to be easily
implemented on most BGP routers using the current version of the
protocol, Version 4.
While enhanced protocols for BGP have been proposed, these generally
require substantial changes to the protocol and may not interoperate
with current BGP implementations, NIST said. The recommendations offered
are intended to improve security within the present framework.
The recommendations include the use of access control lists,
restrictions on which networks and blocks are announced, the use of
filtering and allowing peers to connect only through port 179.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com