Home / News I have a News Tip

Geoff Huston on Securing the Internet Routing System

Excerpts of a recent interview by Network World's Carolyn Duffy Marsan with Geoff Huston, one of the foremost authorities on Internet routing and scaling issues, has been published on the site. Questions include: "Can you explain in plain English what RPKI is trying to do and how it relates to improving the security of the Internet's routing system?" Huston's response:

Attacks on the routing system can result in outcomes that pervert many conventional forms of security defense and happen in ways that are extremely difficult to detect. Routing attacks can "hijack" addresses, redirecting users' traffic to other than the intended destination, allowing an attacker to "spoof" the identity of the intended victim. Routing attacks also can redirect traffic flows, allowing an attacker to inspect transit traffic without the knowledge of either end party. And routing attacks can disrupt the network, causing chaos and disruption, either directed at a single victim, or more generally at a collection of addresses or at infrastructure elements such as DNS servers.

All these attacks rely on one feature of BGP: the ability for a party to "lie" in routing and for the lie to propagate across the entire network and not be readily and automatically detected as a lie. The RPKI is an essential component of a mechanism that allows such routing lies to be readily identifiable by everyone else using automated processes...

Read full story: Network World

Related topics: Cyberattack, Cybersecurity, Internet Protocol, IP Addressing

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?