Best practices for BGP security
- By William Jackson
- Jun 06, 2007
The National Institute of Standards and Technology has released a set of best practices to help protect the Border Gateway Protocol, the core routing protocol used on the Internet.
Although it can be used within large IP networks, BGP most commonly is used by gateway hosts for routing between autonomous networks on the Internet. It maintains a table of prefixes designating IP networks that can be reached. It is a decentralized routing protocol.
Although end users do not often use BGP, Internet service providers often use it to establish routing with each other, so it is integral to the Internet. NIST Special Publication 800-54
, titled 'Border Gateway Protocol Security,' gives an introduction to the protocol along with guidelines for securing it. The guidelines are intended to be easily implemented on most BGP routers using the current version of the protocol, Version 4.
'While enhanced protocols for BGP have been proposed, these generally require substantial changes to the protocol and may not interoperate with current BGP implementations,' NIST said. The recommendations offered are intended to improve security within the present framework.
The recommendations include the use of access control lists, restrictions on which networks and blocks are announced, the use of filtering and allowing peers to connect only through port 179.
William Jackson is a Maryland-based freelance writer.