Improving Autonomous System Security for BGP Networks
1 Introduction
The world today is largely dependent on the worldwide communication that the internet provides. Almost all sectors such as educational, entertainment, political and economic sectors rely on the internet network to exchange and store information. Even seconds of downtime can affect these sectors tremendously. This means that it is crucial for us to understand how these disruptions occur so that we can analyze it and improve its infrastructure. The Internet infrastructure has a lot of loopholes. It could be from any layer of the OSI model. In this project, my aim is to find out the insecurities that can disrupt the network due to a Border Gateway Protocol (BGP)
…show more content…
Such security incidents can hinder the day to day activities globally and cause stability.
2.2.1 Project Goals
The BGP security is a highly researched area. The security aspect of it are still currently being researched, analyzed and tested. The goal here would be to have an in-depth understanding of how the BGP protocols work and study the various methods to secure it.
2.2.2 Project Objectives
We will be deploying a basic network with two Autonomous Systems using GNS3. The reason for choosing a basic network is because the main function will be to analyze the BGP packets captured through Wireshark and we will use the same design to explain route degradation. We will also be adding an IPsec tunnel between the nodes. Adding another node will make it complex to explain. Graphical design of security solutions will be analyzed using GNS3. The security risk mitigation methods that will be analyzed are Route filtering and IPsec. This will be Implemented using GNS3 and the packet capturing will be done by Wireshark. An in-depth analysis of both the security solutions will be provided. Also, a detailed report on the comparison of the two will be provided.
2.3 Significance and potential benefits
The internet basically is not just a single network. It consists of a network of many Autonomous systems. These AS are connected internally. It is crucial that none of them fail at any given point. This shows how significant even a
With admirable foresight, the Internet Engineering Task Force (IETF) initiated as early as in 1994, the design and development of a suite of protocols and standards now known as Internet Protocol Version 6 (IPv6), as a worthy tool to phase out and supplant IPv4 over the coming years. There is an explosion of sorts in the number and range of IP capable devices that are being released in the market and the usage of these by an increasingly tech savvy global population. The new protocol aims to effectively support the ever-expanding Internet usage and functionality, and also address security concerns.
The trusted computing base (TCB) internal network in the Global Finance, Inc. Network Diagram hosts the company’s mission critical systems without which the company’s operations and financial situation would suffer. The Oracle database and email systems are among the most intensively used application servers in the company. GFI cannot afford system outages because its cash flow and financial systems heavily depend on the network stability. GFI has experienced DOS network attacks twice this year and its Oracle database and email servers had been down for a week. The recovery process required GFI to use $25,000 to restore its operations back to normal. GFI estimated the loss from these network attacks at more than $100,000 including lost customer confidence.
Undoubtedly, this paper will generate network information, diagrams, and/or tables; accordingly, these are all included in the Appendix section of the paper. Moreover, the training, vulnerability assessment, and SAQ results are also included as an Appendix in the final paper. Finally, fearing disclosure of proprietary information that could compromise network security, all project data are scrubbed and sanitized to remove sensitive information.
1. Model an attack by a remote user accessing the university network via the Internet. Explore attack vectors and attackers’ goals.
The internet operates under what is called the “end-to-end principle.” This is where “features are implemented as close to the end points of the network as possible.”4 It is often described as a “dumb network.” Much like how a water system provides the same amount to all users through pipes regardless of what its used for, only the end user decides and controls how a “dumb network” is utilized. Some claim that this is a major reason that the internet was so successful. However, it is also pointed out that internet is already not “a level playing field,” because of the advantages of bigger companies who can afford more robust servers and high-bandwidth services.1
Internet Protocol Security (IPsec) is a set of protocol for establishment of securing Internet Protocol (IP) communications. Safety on data was established through process of authentication and encryption of each IP packet in every communication session. At the beginning of the session, mutual authentication between agents will established and cryptographic keys to be used will arbitrated during the session. IPsec can be applied in protecting data flows not only between pair of hosts and pair of security gateway but also for between a security gateway and a host.
The Internet Protocol (IP) is the most broadly utilized protocol as a part of web communications because of its consistent communication technology . such a variety of individuals are relying upon the protocol, because of the security examinations the IP got numerous patches and modification as it has been sent comprehensively.
The main objective of this project is to enhance the security of a network using various modern day technologies.
The origins of the Internet date back to research commissioned by the United States Federal Government in the 1960s to build robust, fault-tolerant communication via computer networks. The linking of commercial networks and enterprises in the early 1990s marked the beginning of the transition to the modern Internet. (Bill Stewart, 2000)
In today’s world, the internet is a system of interconnected networks that everybody craves for. The internet is a network of networks that connects everyone from all parts of the world. Communications between the internet is becoming more accelerated everyday with the way and faster ways of doing things. The younger generations are so dependent on the internet that it is ridiculous. With the internet being exposed to millions of people every day, that give many people the opportunity to roam the internet and their options. The internet pose a great
In the beginning network protocols that formed part of the Internet infrastructure were designed without security in mind. Without a fundamentally secure infrastructure, network defense becomes more difficult. Furthermore, the Internet is an extremely dynamic environment in terms of both topology and emerging technology. [COH95]
Let it be known that the internet is not secure. It was originally created by the US military for communication purposes, and since then has grown into network upon networks of computers and computer systems, for everyone to use. With the exponential growth that the internet has taken on, it’s very hard to make it as secure as one would like. However, there are measures and protocols that are put in place to do just that, secure the internet. The internet is a combination of equipment, protocols and people, that when put together make everything just…work. It is a multi-layered system that depends on not just the technology itself, but those people who manage/operate it, and of course the investment it requires for
As the world progresses technology everyday, the reliance on the Internet and its uses become more and more necessary. Many people connect to hundreds of applications and devices they use every single day. Behind these applications are extremely complex networks that allow users to connect in ways that expand every single day. To achieve this, companies must design their networks for secure access and reliability to allow seamless access for users. On the back-end these companies must also have a secure network in place for their offices, remote workers, and any other remote resource to access confidential materials and other sensitive matter. This can be accomplished through a variety of WAN technologies that are used in the world today.
This paper is about basic network technology, structure, and protocols. This paper will cover the module question “Discuss how the structure of the TCP IP framework has enabled the expansion of the Internet into a worldwide network. Discuss issues with this network. Is it big enough? Are enough IP addresses for all? What is being done under IPV6? This will be accomplished by addressing the crore topics as well as how IP started to grow, the issues with the network in regards to technological limitations as well as the different types of vulnerabilities and attacks. This paper will conclude with a summary.
[3] focuses on grey hole attack. Grey hole attack affects the routing services provided by the network. Adhoc-on-demand (AODV) protocol is used for routing of data packets. This paper discusses about the security issues and also the layered architecture of Manet. This paper also gives the various applications of Manet. It also briefs the various work done in the area of adhoc network.