http://www.gcn.com/online/vol1_no1/44433-1.html
By William Jackson
GCN Staff
06/06/07
The National Institute of Standards and Technology has released a set of
best practices to help protect the Border Gateway Protocol, the core
routing protocol used on the Internet.
Although it can be used within large IP networks, BGP most commonly is
used by gateway hosts for routing between autonomous networks on the
Internet. It maintains a table of prefixes designating IP networks that
can be reached. It is a decentralized routing protocol.
Although end users do not often use BGP, Internet service providers
often use it to establish routing with each other, so it is integral to
the Internet. NIST Special Publication 800-54 [1], titled Border Gateway
Protocol Security, gives an introduction to the protocol along with
guidelines for securing it. The guidelines are intended to be easily
implemented on most BGP routers using the current version of the
protocol, Version 4.
While enhanced protocols for BGP have been proposed, these generally
require substantial changes to the protocol and may not interoperate
with current BGP implementations, NIST said. The recommendations offered
are intended to improve security within the present framework.
The recommendations include the use of access control lists,
restrictions on which networks and blocks are announced, the use of
filtering and allowing peers to connect only through port 179.
[1] http://csrc.nist.gov/publications/drafts/800-54/Draft-SP800-54-version2-Jun2007.pdf
Received on Tue Jun 12 02:03:10 2007