Network World

research center:

Security

Search / DocFinder:
Advanced search
Home
Research Centers
Applications Convergence / VoIP LANs / Routers Network Management Network Storage Operating Systems Security Servers / Data Center Small / Med. Business Wide Area Network Wireless / Mobile
News Events Buyer's Guides
Vendor Solutions
White Papers Special Reports Webcasts Partner Sites  -Secure Routing  -ProCurve Networking  -Enterprise Security  -Software Dimension  -Application Acceleration  -IT Agility  -Networking Solutions
Site Resources
Product Tests Buyer's Guides NEW Video Library Demo.com Careers Newsletters This Week in Print Opinions Blogs Podcasts Encyclopedia Forums RSS Feeds Special Issues Network Life
About Us NW Subscription
Special Issues

Signature SeriesEnterprise All-Stars
Enterprise All-Stars NEW

You in action
You in action

New Data Center The New Data Center: Wireless & Mobility
Wireless & Mobility NEW

The New Data Center: Server Virtualization
Server Virtualization
NetworkWorld.com > Resource Links: Encyclopedia: S

S-BGP (Secure BGP)

A proposed specification aimed at increasing the security of BGP.

Begun in 1996 by BBN, S-BGP establishes a public-key infrastructure to stymie IP address spoofing. However, it is still a work in progress and has yet to be implemented in Internet routers. Router memory constraints, processing overhead concerns and the downtrodden state of the telecom economy are cited as reasons why.

"The state of security in BGP is pretty minimal," says Alex Zinin, area director of the routing and sub-IP working groups in the Internet Engineering Task Force (IETF). "As it is deployed today, there is no mechanism to authenticate and identify the authorization of a specific [routing information] announcement."

Secure BGP is intended to address a "fundamental problem" with BGP: the authenticity of routing update information, according to Steve Kent, BBN chief scientist for information security.

"What makes security for BGP tricky is that generally, this update information is transitive," he says. "One ISP is saying to another, 'I received this routing information from one of my neighbors with regard to this chunk of address space. If you want to send traffic for this chunk of address space to me, this is the path it would take.' Today, there's just no security for that. There's no way for the receiver to tell whether the update that's received is authentic."

S-BGP seeks to establish a public-key infrastructure that uses digital certificates to authenticate two pieces of data: which chunks of address space have been allocated to them and what autonomous system numbers have been allocated to them.

But S-BGP inhibits an ISP's ability to establish policy for its routers, says Cisco Fellow Fred Baker, whose company, along with ISPs such as Genuity, have written an alternative called Secure Origin BGP.

"[With S-BGP, the] downstream service provider cannot apply a policy that says, 'I'm going to accept this prefix from you but not that one,'" Baker says. "It fundamentally breaks BGP's ability to be used in a policy system where you might redivide the information. S-BGP is the right concept, but it's put together in a way that an ISP can't really effectively use."

The soBGP proposal is an effort to let ISPs authenticate route advertisements and implement policy on them. But according to Kent, soBGP provides too many ways to do certain things, which when implemented differently, hamper interoperability.

From Fortifying BGP: No quick fix, Network World, 10/06/03.

Additional resources

Secure BGP Project
Overview and links to relevant papers, IETF drafts and presentations.

Router and switch research center
Latest router news, analysis and links from Network World Fusion.


Add a comment

NOTE: Comments are reviewed by an editor before being posted.

Your rating of this resource (with 5 the best)
1 2 3 4 5

Subject:

Your user name (what other users will see on the review):

Your real name (for our records only):

Your e-mail (ditto):

Your comments (Use a blank line to separate paragraphs):

TOP STORIES | MOST DUGG STORIES

  1. Is the Cisco MARS mission going to abort?
  2. First iPhone worm spreads Rick Astley wallpaper
  3. 10 stunning 3D buildings made with Google SketchUp
  4. Open source software ready for big business
  5. Four reasons to buy (and one reason to avoid) the Droid
  6. Vendors scrambling to fix bug in 'Net's security
  7. Lamp hijacks electricity from unused telephone jacks
  8. AT&T sues Verizon over TV ads
  9. Microsoft Linux: Why one free software advocate wants it
  10. Volpi bragged he could get Cisco's top stars to jump ship

2009 Fave RavesNetwork World on Twitter: Get our tweets and stay plugged in to networking news

Vendor Solutions

An Executive Guide to Optimizing Networks
- Netcordia

10 Essential Steps to Web Security
- Clearswift

Watch your SOA Testing Blind Spots
- CrossCheck

Newsletters
Sign up for one of NWW's Network Security newsletters.
Security in Practice
Virus and Bug Patch Alert
Security Strategies
Security News Alert
VPNs
Messaging
View all newsletters
Email Address:

Vendor Solutions

White Papers

Forrester Study: The Total Economic Impact of Oracle Identity Manager
- Oracle

Adding Application Control to Your Security Toolbox
- Fortinet

Get a Free Evaluation of WatchGuard XTM
- WatchGuard

More...

Special Report

Mobile Security: The Essential Ingredient for Today's Enterprise - Qwest
Software and technology solutions help mitigate security risks and safeguard from threats, but they require IT staff to select, deploy and maintain them. Problem is, today's IT environments are lean. This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy.


Research Centers: Applications | Application Development | Applications-Standards | Applications Vendor Solutions | Collaboration | CRM / ERP | Databases | Directories | Grid Computing | Java | Messaging | .Net | RFID | SOAP | Web Services | XML | Convergence & VoIP | Convergence Regulatory | Convergence Services | Convergence Standards | Convergence VoIP Vendor Solutions | Video | IP PBX | SIP | VoIP | VoIP Services | E-Business | DNS | RFID | Supply Chain | Web security LANs & Routers | Acceleration | Gigabit Ethernet | Lans-Standards | Routers | Wireless LANs | Network Management | Application Management | Desktop Management | Management Test Patch Management | Operating Systems | Linux | NetWare | Unix | Windows Outsourcing | Managed Services | Offshoring Security | Firewalls - VPN - Intrusion | Identity management | Patch Management | Microsoft Security | Privacy | Security Standards | Spam & Phishing | Viruses & worms | Web Security | Wireless Security | Servers & Desktop | Backup-Recovery | DataCenter | Desktops | Desktop Management | Grid | Servers | Server Blades | Servers Desktops | Utility Computing | Small & Medium Business | Broadband | Telework | Handhelds & PDAs | Home Networking | Security | Storage | Compliance | Infiniband | Network-Attached Storage | SANs | Storage Management | Storage Virtualization | Virtualization | Vendor News | Bankruptcy | Earnings | Lawsuits | Layoffs | Standards | Start Ups | Vendor Markets | Education | Financial | Healthcare | HIPAA | Manufacturing | Retail | Wide Area Network | Broadband | Carriers | Frame Relay | Metro Ethernet | MPLS | Service providers | Wireless services | Wireless & Mobile | Wireless LANs | PDAs & handhelds | Wireless Security | Wireless Services | Wireless Standards | Wireless Switches | All Company Profiles
IDG Network: Computerworld CSO Darwin Demo GamePro GameStar.com GamerHelp.com Infoworld
IT Careers IT World Canada JavaWorld.com LinuxWorld Macworld MacCentral.com Outsourcing World PC World Playlistmag.com