Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    BGP Security Is in Black Hat’s Cross Hairs

    By
    Sean Michael Kerner
    -
    August 4, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Black Hat

      The Border Gateway Protocol (BGP) is a foundational component of the modern Internet, providing a mechanism by which carriers can share routing information for Internet traffic. As it turns out, BGP is at risk of manipulation by hackers, which is a topic that will be explored at the Black Hat USA security conference in Las Vegas this week.

      Among the scheduled talks on BGP is one by OpenDNS Chief Technology Officer Dan Hubbard on Aug. 6. Hubbard’s talk is titled “BGP Stream,” which is the name of a new tool that he plans on publicly releasing this week.

      “BGP is an old protocol, but it’s a key way that we all get to where we want to go on the Internet,” Hubbard told eWEEK.

      OpenDNS, which itself is in the process of being acquired by Cisco Systems in a deal valued at $635 million, acquired a company called BGPmon in March. BPGmon’s mission, Hubbard explained, is to monitor the Internet for BGP hijacking. BPGmon does this by placing sensors across approximately 100 strategic peering points around the world to collect information on BGP routing tables. Then, an analytics engine looks at differences in the routing tables to see what’s going on and if there is a security risk.

      With the commercial BGPmon service, OpenDNS enables an organization to monitor its own autonomous system (AS) numbers that are in BGP routing tables, providing alerts if those tables are being changed somewhere on the Internet. Hubbard said that until now, there has been no freely available central location where anyone could go to look at large-scale BGP hijacks or outages.

      “So we’re releasing a new service called BGP Stream which is a stream of all the big BGP table changes on the Internet, with some insight into why a given change is important,” he said.

      BGP Stream information will be publicly disseminated via a Twitter account (@BGPstream), which will programmatically tweet BGP changes. The tweets will include a link for more information on the given event. Hubbard added that an organization can also get access to the BGP Stream information via the Twitter API to be integrated into a dashboard.

      BGP security monitoring is now a particularly interesting topic because of information contained in the recently leaked documents from Italian security firm Hacking Team, according to Hubbard.

      “What Hacking Team did is they had a problem where some entity took over their IP space, which was used for their remote access Trojans,” he said. “So they couldn’t control their bots, so they used BGP to announce the address space back to key providers within a particular region.”

      The provider did not have any specific form of BGP filtering and took the routes announced by Hacking Team as being authoritative for how to get to the IP space, where the remote access Trojans were located, Hubbard said.

      “So even though Hacking Team didn’t have the transit rights to those IPs and the IPs were supposed to be going to another location, the Hacking Team-specified routes became the location where all the users were going,” he said.

      Hubbard emphasized that BGP is critically important because it can be used to manipulate entire routes of where people go on the Internet. Among the key challenges with BGP is the simple fact that it doesn’t have a formalized approach for a fully encrypted and authenticated system to verify BGP information. In the DNS world, there is a technology known as DNSsec which does provide cryptographic integrity checking, but there isn’t yet an equivalent for BGP.

      “The latest version of BGP that the Internet runs on is BGP version 4, and it’s over 10 years old and has changed little over the years,” Hubbard said.

      While there are risks, Hubbard noted that there are ways to protect against potential BGP hijacks, including filtering techniques, though in general, organizations listen to the routes that are broadcast from their upstream providers.

      “There isn’t a central authority for BGP information,” he said. “So when an organization connects to its upstream provider, it’s up to the organization to filter the information to understand who exactly the information is coming from and who is announcing the information.”

      The BGP Stream information isn’t just about potential security events; Hubbard said it could also be used to track potential outages on the Internet. He noted that often whenever there is an outage on the Internet, the knee-jerk reaction from the media is that something was hacked.

      “Knowing that there is a security incident is important, and also knowing when something is not a security incident is equally important,” Hubbard said.

      While BGP Stream will be a free public service, OpenDNS is still selling the commercial BGPmon service for those looking to monitor specific systems and get a higher level of real-time detail.

      “BGP Stream provides free access to large-scale events, but we only have 142 characters on Twitter, so we’re somewhat limited,” Hubbard said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×