IT disaster recovery, cloud computing and information security news

The Internet’s Border Gateway Protocol is a key risk area which needs focus says ENISA 

ENISA, the European Union’s network and information security agency, has warned that hijacking attacks aimed at the Border Gateway Protocol (BGP) are increasing, creating risks to the resilience of the Internet.

Last year ENISA surveyed a range of large and small providers across the EU, confirming that BGP hijacks are an issue: 44 percent of respondents said that the impact of BGP incidents is high, affecting large numbers of users and last for many hours, and 93 percent  say it needs an urgent fix.

The Border Gateway Protocol is like a dynamic Internet route map, used by network operators to find the best route from one computer to another, across the globe; but it is 25 years old and was not designed with security in mind. The good news is that there are remedies, but unfortunately not all network operators are implementing.

BGP attacks are used for different purposes, ranging from financial crime targeting a few users for stealing crypto coins, to large scale espionage and can even be used to cause crippling internet outages. Today’s dependency on the Internet, increased usage, and an increase in the number and sophistication of cyber attacks, means that the risks of leaving BGP unsecured are very high.

ENISA makes the following recommendations for BGP security:

  • Monitoring and detection: monitor the routes used by your Internet traffic to detect anomalies, not only to guarantee resilience but also for the privacy and security of subscribers;
  • Coordination: it is crucial to coordinate with peers, by publishing route policies and partaking in peering databases;
  • Prefix filtering: it is important to filter prefixes that should never be announced or forwarded in your network, both on ingress and egress network traffic; 
  • Path filtering: it is important to filter BGP AS path attributes for items that should not be allowed in BGP route announcements to into or out of your network; 
  • Bogon Filtering: it is important to filter out bogus prefixes (also called bogons), as these prefixes should never appear in BGP announcements;
  • Time-to-live security (GTSM): it is important to implement TTL security, which makes it harder attack BGP sessions; 
  • Resource Public Key Infrastructure (RPKI): it is important to implement RPKI and digitally sign route announcements to allow peers to check that announcements are authentic and authorized.

Read the ENISA report ‘7 Steps to shore up BGP’.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.