Securing BGP Through Secure Origin BGP (soBGP)

摘要

To miss the heightened interest in network security, you'd have had to hide yourself from almost everything written about the Internet in the last year. A significant amount of work is going into building strategies and methods to secure the network, including the routers, switches and servers that comprise it, as well as the information it carries. The Internet's routing system has come under increased scrutiny, including the reachability information, routing policy and protocols that carry this information through the network. The Border Gateway Protocol (BGP, as specified in the IETF's RFC 1771) is the routing protocol that runs the Internet. Since BGP provides the "road signs" for Internet traffic, the security challenge is to make certain these "road signs" aren't muddled to the point that travel across the network stops, or that travel to or from a particular organization's servers isn't possible. For instance, if someone wants to make a competitor's website unreachable, they can simply inject false BGP routing information into the system, and misdirect the traffic (see "Routing System Attacks and Defenses," p. 52). How can we prevent such attacks?