tailieunhanh - A Survey of BGP Security
Standard security hardening procedures should be applied to the guest OS, including disabling unnecessary network services, removing unnecessary packages, restricting remote root access, and enforcing strong password policies. Use if possible a centralized authentication service such as Kerberos. Consider installation of monitoring and intrusion detection tools. It is possible to install additional applications and provision additional users on the cell OS instance, but it is recommended that you do not do this—widening access to the cell OS may decrease security. . | A Survey of BGP Security KEVIN BUTLER Systems and Internet Infrastructure Labratory Pennsylvania State University TONI FARLEY Arizona State University PATRICK MCDANIEL Systems and Internet Infrastructure Labratory Pennsylvania State University and JENNIFER REXFORD Princeton University The Border Gateway Protocol BGP is the de facto interdomain routing protocol of the Internet. Although the performance BGP has been historically acceptable there are mounting concerns about its ability to meet the needs of the rapidly evolving Internet. A central limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities of existing interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored and the systemic and operational implications of their design considered. We centrally note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper but also for further introspection on the problems and solutions of BGP security. Categories and Subject Descriptors Computer-Communication Networks General Security and Protection Computer-Communication Networks Network Protocols Routing protocols Computer-Communication Networks Local and Wide-Area Networks Internet General Terms Security Additional Key Words and Phrases authentication authorization BGP border gateway protocol integrity interdomain routing network security networks routing This work was performed while Farley and Butler were interns at AT T Labs. Authors addresses T. Farley Information and Systems Assurance Laboratory Arizona State University 1711 S. .
đang nạp các trang xem trước