Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    BGP Security Is in Black Hat’s Cross Hairs

    By
    Sean Michael Kerner
    -
    August 4, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Black Hat

      The Border Gateway Protocol (BGP) is a foundational component of the modern Internet, providing a mechanism by which carriers can share routing information for Internet traffic. As it turns out, BGP is at risk of manipulation by hackers, which is a topic that will be explored at the Black Hat USA security conference in Las Vegas this week.

      Among the scheduled talks on BGP is one by OpenDNS Chief Technology Officer Dan Hubbard on Aug. 6. Hubbard’s talk is titled “BGP Stream,” which is the name of a new tool that he plans on publicly releasing this week.

      “BGP is an old protocol, but it’s a key way that we all get to where we want to go on the Internet,” Hubbard told eWEEK.

      OpenDNS, which itself is in the process of being acquired by Cisco Systems in a deal valued at $635 million, acquired a company called BGPmon in March. BPGmon’s mission, Hubbard explained, is to monitor the Internet for BGP hijacking. BPGmon does this by placing sensors across approximately 100 strategic peering points around the world to collect information on BGP routing tables. Then, an analytics engine looks at differences in the routing tables to see what’s going on and if there is a security risk.

      With the commercial BGPmon service, OpenDNS enables an organization to monitor its own autonomous system (AS) numbers that are in BGP routing tables, providing alerts if those tables are being changed somewhere on the Internet. Hubbard said that until now, there has been no freely available central location where anyone could go to look at large-scale BGP hijacks or outages.

      “So we’re releasing a new service called BGP Stream which is a stream of all the big BGP table changes on the Internet, with some insight into why a given change is important,” he said.

      BGP Stream information will be publicly disseminated via a Twitter account (@BGPstream), which will programmatically tweet BGP changes. The tweets will include a link for more information on the given event. Hubbard added that an organization can also get access to the BGP Stream information via the Twitter API to be integrated into a dashboard.

      BGP security monitoring is now a particularly interesting topic because of information contained in the recently leaked documents from Italian security firm Hacking Team, according to Hubbard.

      “What Hacking Team did is they had a problem where some entity took over their IP space, which was used for their remote access Trojans,” he said. “So they couldn’t control their bots, so they used BGP to announce the address space back to key providers within a particular region.”

      The provider did not have any specific form of BGP filtering and took the routes announced by Hacking Team as being authoritative for how to get to the IP space, where the remote access Trojans were located, Hubbard said.

      “So even though Hacking Team didn’t have the transit rights to those IPs and the IPs were supposed to be going to another location, the Hacking Team-specified routes became the location where all the users were going,” he said.

      Hubbard emphasized that BGP is critically important because it can be used to manipulate entire routes of where people go on the Internet. Among the key challenges with BGP is the simple fact that it doesn’t have a formalized approach for a fully encrypted and authenticated system to verify BGP information. In the DNS world, there is a technology known as DNSsec which does provide cryptographic integrity checking, but there isn’t yet an equivalent for BGP.

      “The latest version of BGP that the Internet runs on is BGP version 4, and it’s over 10 years old and has changed little over the years,” Hubbard said.

      While there are risks, Hubbard noted that there are ways to protect against potential BGP hijacks, including filtering techniques, though in general, organizations listen to the routes that are broadcast from their upstream providers.

      “There isn’t a central authority for BGP information,” he said. “So when an organization connects to its upstream provider, it’s up to the organization to filter the information to understand who exactly the information is coming from and who is announcing the information.”

      The BGP Stream information isn’t just about potential security events; Hubbard said it could also be used to track potential outages on the Internet. He noted that often whenever there is an outage on the Internet, the knee-jerk reaction from the media is that something was hacked.

      “Knowing that there is a security incident is important, and also knowing when something is not a security incident is equally important,” Hubbard said.

      While BGP Stream will be a free public service, OpenDNS is still selling the commercial BGPmon service for those looking to monitor specific systems and get a higher level of real-time detail.

      “BGP Stream provides free access to large-scale events, but we only have 142 characters on Twitter, so we’re somewhat limited,” Hubbard said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×