http://www.gcn.com/online/vol1_no1/44433-1.html By William Jackson GCN Staff 06/06/07 The National Institute of Standards and Technology has released a set of best practices to help protect the Border Gateway Protocol, the core routing protocol used on the Internet. Although it can be used within large IP networks, BGP most commonly is used by gateway hosts for routing between autonomous networks on the Internet. It maintains a table of prefixes designating IP networks that can be reached. It is a decentralized routing protocol. Although end users do not often use BGP, Internet service providers often use it to establish routing with each other, so it is integral to the Internet. NIST Special Publication 800-54 [1], titled Border Gateway Protocol Security, gives an introduction to the protocol along with guidelines for securing it. The guidelines are intended to be easily implemented on most BGP routers using the current version of the protocol, Version 4. While enhanced protocols for BGP have been proposed, these generally require substantial changes to the protocol and may not interoperate with current BGP implementations, NIST said. The recommendations offered are intended to improve security within the present framework. The recommendations include the use of access control lists, restrictions on which networks and blocks are announced, the use of filtering and allowing peers to connect only through port 179. [1] http://csrc.nist.gov/publications/drafts/800-54/Draft-SP800-54-version2-Jun2007.pdf _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 12 2007 - 00:11:53 PDT