FCC proposes BGP security measures

“It is vital that communication over the internet remains secure,” Rosenworcel said in the statement. “Although there have been efforts to help mitigate BGP’s security risks since its original design, more work needs to be done. With this proposal, we would require broadband providers to report to the FCC on their efforts to implement industry standards and best practices that address BGP security.”

New solution to an old problem

BGP is decades old. It was first described in RFC 1105 in June 1989, and updated in . The current version, BGP4, was published as RFC 4271 in January 2006, although other RFCs have proposed updates enhancements since. Exploits of BGP, too, have been around for years.  The absence of security and authentication controls in early drafts makes it challenging to verify the legitimacy of route operations, leaving networks vulnerable to unauthorized route advertisements.

To address this, the FCC proposal calls for adoption of origin validation and RPKI (Resource Public Key Infrastructure), enabling cryptographic verification of route origins and associations between IP address blocks and network holders, the statement added.



Source link