October 30, 2017 | By Holly Dragoo
A new set of standards for border gateway protocol (BGP) routing on the Internet has been published by the Internet Engineering Task Force (IETF). It’s the first real attempt to secure the routing layer of the Internet from well-known BGP vulnerabilities in traffic flow control that can lead to disastrous effects. The U.S. Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) partnered together to develop the new Secure Inter-Domain Routing (SIDR) standards, using Resource Public Key Infrastructure (RPKI), BGP Origin Validation, and BGP Path Validation as a three-pronged approach to securing network pathways.
IISP Analyst Holly Dragoo: "Long overdue, these new standards will be a great if imperfect solution to the relatively infrequent but certainly plausible BGP hijacking attacks. We’ve seen relatively few of these types of attacks (where the attacker will redirect, copy, or drop traffic as it flows through corrupted routing tables), but haven’t seen meaningful attempts to close the loophole until now. It’s almost as if the powers that be relied on the number of attacks to remain low to justify inaction toward creating new standards since the protocol originated in the 1980s."
For further reading
- NIST New Network Security Standards: https://www.nist.gov/news-events/news/2017/10/new-network-security-standards-will-protect-internets-routing
- IETF Datatracker: https://datatracker.ietf.org/wg/sidr/charter/