1226534994

LABORATORY OF THE INTER-DOMAIN ROUTING - BGP SECURITY

Abstract

The aim of this work is to analyse the security vulnerabilities of the Border Gateway Protocol (BGP) including detailed description of various kinds of attacks and methods of protection. A set of best practices in BGP routers configuration is proposed, enhancing network security against both misconfiguration and premeditated attacks. A practical part of this work is laboratory scenario concerning BGP security.

Within the framework of previously developed Bachelor’s thesis, [22], the preliminary version of laboratory infrastructure for inter-domain routing has been proposed. The infrastructure consists of the selected router emulator and an application, which main purpose is assistance in router configuration, automatic verification and evaluation of performed exercises. In order to extend flexibility of the application, the infrastructure has been reorganised (see appendix E) and new functionalities has been implemented. Due to the experience of conducting multiple laboratory exercises with students, the scenario has been significantly improved and enhanced.

Using developed application and laboratory scenarios during practical experiments with students, improves the generał understanding of the inter-domain routing and expla-ining methods of implementing traffic engineering rules to routers. In addition, the use of Simple Network Management Protocol (SNMP) and Management Information Base (MIB) is enabled in the application, which constitute a valuable extension of laboratory concerns. In generał, the appliance of router emulator allow to conduct exercises with minimum effort and cost.

In the introduction, the concept and structure of the Internet network is presented. In the following chapter, the purpose of usage of BGP in this network is discussed, and its main characteristics are introduced: the attributes of UPDATE messages are described in details; examples of traffic engineering in inter-domain routing are presented. Then, the issues related with security vulnerabilities of BGP, which can affect the inter-domain routing are analysed. Possible types of attacks exploiting BGP vulnerabilities are presented as well. Next, the available Solutions to improve security of BGP are discussed (e.g., session security enhancement between neighbouring routers, common methods of BGP message filtering, and usage of the integrated security systems). Finally, the concepts of laboratories are presented including a description of the experiments and infrastructure reąuired to conduct them. The integral part of this work consists of annexes with exten-ded documentation of laboratory elements: a capabilities and operation instructions for selected router emulator; two laboratory instructions; an application manuał and a report containing a list of performed changes in the new version of application.

Keywords: BGP, laboratory, security