Fighting against DDoS specially with volumetric attack is always challenging for an ISP or transit provider. There isn't any single solution which help us to filter out bad traffic; it's require collaboration with upstream and related organization. Beside this fining out the target is also time consuming; where most the the provider struggles. In this presentation I talk about my experience implementing few community based effort which help me to better fight against volumetric DDoS attack.
BGP is an external routing protocol used between autonomous systems to exchange routing and reachability information. It uses path vector attributes and autonomous system numbers to prevent routing loops and make routing decisions based on attributes like local preference, weight, and MED. BGP configuration involves enabling BGP on the router, establishing neighbor relationships, defining networks to advertise, and controlling path selection using attributes and route maps.
This document discusses best practices for securing BGP routing in Bangladesh, including prefix filtering, next-hop filtering, BGP TTL security, AS path filtering, route flap dampening, and implementing RPKI and ROA. It provides an overview of these techniques and their importance for network security. Special thanks are given to resources that help support deploying these practices.
This document provides an overview of BGP (Border Gateway Protocol) including:
- BGP is an exterior gateway protocol used to exchange routing information between autonomous systems.
- BGP uses path vector routing to ensure loop-free paths and allows routing policies between autonomous systems.
- BGP establishes TCP connections between peers and exchanges routing updates in messages including open, keepalive, update, and notification types.
1. The document provides an introduction and tutorial on RPKI (Resource Public Key Infrastructure) and how it can be used to secure Internet routing and validate route origins using digital certificates and public key cryptography.
2. It describes the goals of RPKI to reduce routing leaks and hijacks by allowing ISPs to validate the authenticity of route announcements based on IP and ASN ownership.
3. The presentation demonstrates how to create ROAs (Route Origin Authorizations) and configure routers to validate route origins and make routing decisions based on the RPKI validation results.
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
Meredith Rose discusses using BGP to manage dual internet connections for redundancy. BGP allows traffic to be distributed across both connections simultaneously or fail over from one to the other. Key considerations include preventing the corporate network from becoming a transit path, influencing inbound and outbound traffic flows, and options for routes to import from each ISP like full routes, defaults only, or ISP customer routes plus a default. Proper configuration is needed to load balance connections and control traffic flows for both redundancy and performance.
The document provides an overview of Border Gateway Protocol (BGP) which is the routing protocol used to exchange routes between institutions and the KAREN network. BGP allows different autonomous systems (AS) to exchange routing information and is more than just a routing protocol as it contains additional route attributes that are used for policy rules. BGP can operate internally within an AS or externally between ASes to control route propagation based on commercial agreements.
BGP is an inter-AS routing protocol used to exchange routing and reachability information between autonomous systems on the internet. It uses path vector routing rather than distance vector, and carries richer metric information than IGPs. BGP configurations establish neighbor relationships between routers in different ASes to exchange routing updates.
Fighting against DDoS specially with volumetric attack is always challenging for an ISP or transit provider. There isn't any single solution which help us to filter out bad traffic; it's require collaboration with upstream and related organization. Beside this fining out the target is also time consuming; where most the the provider struggles. In this presentation I talk about my experience implementing few community based effort which help me to better fight against volumetric DDoS attack.
BGP is an external routing protocol used between autonomous systems to exchange routing and reachability information. It uses path vector attributes and autonomous system numbers to prevent routing loops and make routing decisions based on attributes like local preference, weight, and MED. BGP configuration involves enabling BGP on the router, establishing neighbor relationships, defining networks to advertise, and controlling path selection using attributes and route maps.
This document discusses best practices for securing BGP routing in Bangladesh, including prefix filtering, next-hop filtering, BGP TTL security, AS path filtering, route flap dampening, and implementing RPKI and ROA. It provides an overview of these techniques and their importance for network security. Special thanks are given to resources that help support deploying these practices.
This document provides an overview of BGP (Border Gateway Protocol) including:
- BGP is an exterior gateway protocol used to exchange routing information between autonomous systems.
- BGP uses path vector routing to ensure loop-free paths and allows routing policies between autonomous systems.
- BGP establishes TCP connections between peers and exchanges routing updates in messages including open, keepalive, update, and notification types.
1. The document provides an introduction and tutorial on RPKI (Resource Public Key Infrastructure) and how it can be used to secure Internet routing and validate route origins using digital certificates and public key cryptography.
2. It describes the goals of RPKI to reduce routing leaks and hijacks by allowing ISPs to validate the authenticity of route announcements based on IP and ASN ownership.
3. The presentation demonstrates how to create ROAs (Route Origin Authorizations) and configure routers to validate route origins and make routing decisions based on the RPKI validation results.
Using BGP To Manage Dual Internet ConnectionsRowell Dionicio
Meredith Rose discusses using BGP to manage dual internet connections for redundancy. BGP allows traffic to be distributed across both connections simultaneously or fail over from one to the other. Key considerations include preventing the corporate network from becoming a transit path, influencing inbound and outbound traffic flows, and options for routes to import from each ISP like full routes, defaults only, or ISP customer routes plus a default. Proper configuration is needed to load balance connections and control traffic flows for both redundancy and performance.
The document provides an overview of Border Gateway Protocol (BGP) which is the routing protocol used to exchange routes between institutions and the KAREN network. BGP allows different autonomous systems (AS) to exchange routing information and is more than just a routing protocol as it contains additional route attributes that are used for policy rules. BGP can operate internally within an AS or externally between ASes to control route propagation based on commercial agreements.
BGP is an inter-AS routing protocol used to exchange routing and reachability information between autonomous systems on the internet. It uses path vector routing rather than distance vector, and carries richer metric information than IGPs. BGP configurations establish neighbor relationships between routers in different ASes to exchange routing updates.
Routing security incidents are increasing globally. Common issues include BGP hijacks, route leaks, and IP address spoofing. The MANRS initiative provides a solution by defining simple actions for network operators, including filtering, anti-spoofing, coordination, and global validation. Implementing these actions can dramatically improve routing security and reliability on the Internet.
- The document describes a lab scenario demonstrating basic BGP configuration and operation between autonomous systems.
- In the initial configuration, the boundary routers can exchange routes learned from their respective ISPs via EBGP, but cannot exchange routes learned from the opposite ISP due to the lack of IBGP configuration.
- Configuring IBGP between the boundary routers allows them to exchange all external BGP routes, without needing to redistribute via the IGP. However, the "BGP synchronization rule" prevents advertisement of routes before the next hop address is learned via the IGP.
BGP (Border Gateway Routing Protocol) is a standardized exterior gateway protocol designed to
exchange routing and reachability information between autonomous systems (AS) on the Internet. The
Border Gateway Protocol makes routing decisions based on paths, network policies or rule-sets
configured by a network administrator, and are involved in making core routing decisions.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the routing
protocol employed on the Internet.
In this webinar, we cover how Border Gateway Protocol works. Starting from key concepts, you'll learn about Autonomous Systems, the BGP protocol, AS Path, learning and advertising routes, RIBs and route selection. See the webinar recording at https://www.thousandeyes.com/webinars/how-bgp-works
The Border Gateway protocol (BGP) is the routingProtocolused to route internet
trafficbetweendifferentautonomous system. BGP isdividedinto the Internal Border Gateway Protocol (iBGP)
and External Border Gateway Protocol (eBGP). Internet Service Provider (ISP) runsInternal Border Gateway
Protocol to distribute inter domainrouting information amongtheir Border Gateway Protocol routers. There are
some issues in Border Gateway Protocol, whichincludei BGP scalability ,Routing table growth , Loadbalancing,
Security, etc. In thispaper, efforts are put on investigation scalability issues of iBGP. Issuesrelated to scalability
and theirimprovements are alsodiscussed.
Topic: Border Gateway Protocol (BGP)
Outline:
# Introduction
# History
# Current version
# Uses
# Operation
# BGP infrastructure
# Problems
# Success
Introduction
BGP: The Border Gateway Protocol (BGP) is the protocol used throughout the Internet to exchange routing information between networks. It is the language spoken by routers on the Internet to determine how packets can be sent from one router to another to reach their final destination. BGP has worked extremely well and continues to be protocol that makes the Internet work.
History
Date Text
1994-08-15 Concluded group
1992-05-30 Changed milestone "Post the specfication of BGP 4 as an Internet-Draft.", resolved as "Done"
1991-08-30 Changed milestone "Post an Internet-Draft specifying multicast extensions to BGP.", resolved as "Done"
1990-05-01 Changed milestone "Develop a MIB for BGP Version 3.", resolved as "Done"
1990-05-01 Changed milestone "Complete development of Version 2 of the Border Gateway Protocol (BGP).", resolved as "Done"
1989-01-01 Started group
Current version
The current version of BGP is version 4 (BGP4) codified in RFC 4271 since 2006. Early versions of the protocol are widely considered obsolete and are rarely supported. RFC 4271, which went through more than 20 drafts, is based on the earlier RFC 1771 version 4. The RFC 4271 version corrected a number of errors, clarified ambiguities and brought the RFC much closer to industry practices. Version 4 of BGP has been in use on the Internet since 1994. The major enhancement in version 4 was support for Classless Inter-Domain Routing and use of route aggregation to decrease the size of routing.
Uses
Most Internet service providers must use BGP to establish routing between one another (especially if they are multihomed). Compare this with Signaling System 7(SS7), which is the inter-provider core call setup protocol on the PSTN.
Very large private IP networks use BGP internally. An example would be the joining of a number of large OSPE (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another reason to use BGP is multihoming a network for better redundancy, either to multiple access points of a single ISP or to multiple ISPs.
Operation
When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).
Finite-state machines
BGP state machine
In order to make decisions in its operations with peers, a BGP peer uses a simple finite state machine (FSM) that consists of six states: Idle; Connect; Active; OpenSent; OpenConfirm; and Established. For each peer-to-peer session, a BGP implementation maintains a state variable that tracks which of these six states the session is in. The BGP defines the messages that each peer should exc
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet.
The Border Gateway Protocol (BGP) is an inter-autonomous system routing protocol used to exchange routing information between autonomous systems on the internet. It constructs a graph of autonomous systems based on information exchanged between BGP routers. BGP uses path, policy, and attribute information to select routes and ensure loop-free routing between autonomous systems.
BGP Techniques for Network Operators, by Philip Smith.
A presentation given at APRICOT 2016’s BGP Techniques for Network Operators (Part 1 and 2) sessions on 23 February 2016.
Krzysztof Mazepa (Cisco Systems Poland) – architekt sieci / konsultant pracujący z najwiekszymi polskimi operatorami przewodowymi i kablowymi. Jego misją jest „tłumaczenie” wymogów businessowych klientów na oferowane rozwiązania technologiczne. Jego duże doświadczenie, 16 lat pracy w środowisku operatorskim, pozwala mu dostrzeć specyficzne wymagania tego rynku i zaproponować oczekiwane rozwiązanie.
Krzysztof jest częstym prelegentem na konferencjach PLNOG (Polish Network Operator Group), Cisco Forum, EURONOG (European Network Operator’s Group) oraz Cisco Live.
Posiada certyfikaty CCIE (Cisco Certified Internetwork Expert) #18 662, JNCIE (Juniper Networks Certified Internet Expert) #137, VMware Certified Professional 4 #99432 i wiele innych.
Krzysztof jest mieszkańcem Warszawy, w wolnym czasie ćwiczy biegi długodystansowe oraz gra w tenisa.
Temat prezentacji: BGP FlowSpec
Język prezentacji: Polski
Abstrakt: Celem sesji jest pokazanie podstaw działania BGP FlowSpec. Przedstawione zostaną podstawy teoretyczne oraz sposób wykorzystania przez operatorów SP do eliminowania ataków DDoS. Działanie rozwiązania zostanie zaprezentowane w wirtualnym środowisku korzystając z oprogramowania IOS XRv.
The document provides an overview of the Border Gateway Protocol (BGP) including:
- BGP establishes neighbor relationships to exchange routing information between autonomous systems (ASes). It uses path attributes like AS_PATH to choose the best route and prevent routing loops.
- BGP classifies neighbors as internal (iBGP) or external (eBGP) depending on if they are in the same AS or different ASes. iBGP does not modify the AS_PATH while eBGP does.
- Techniques like route reflectors, confederations, and multiprotocol BGP are used to improve scalability within large ASes. Route filtering uses features like prefix-lists, route-maps and regular expressions to control route
The document discusses troubleshooting BGP routing issues using Juniper examples. It begins by outlining some caveats and assumptions. Then it covers topics like originating routes, filtering routes, summarizing routes, and next hop problems. Examples are provided using show commands on Juniper routers to verify routes are being advertised and received correctly. Troubleshooting steps like modifying routing policies are demonstrated to resolve issues like more specific routes being advertised or next hop reachability problems.
Border Gateway Protocol (BGP) is the routing protocol that controls how data routes between autonomous systems on the Internet. It works by maintaining a table of IP network prefixes and their accessibility between networks. BGP allows for fully decentralized routing and is used internally by gateways to determine the best route to a given destination network. There are two types of BGP sessions - internal BGP (iBGP) for intra-autonomous system routing and external BGP (eBGP) for inter-autonomous system routing. BGP uses messages like OPEN, UPDATE, KEEPALIVE and NOTIFICATION to establish and maintain sessions between routers to exchange routing information.
Open Shortest Path First (OSPF) || 2020 || Ser-2Nutan Singh
Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998) for IPv4.
BGP is an exterior gateway protocol that exchanges routing and reachability information between autonomous systems on the Internet. It makes routing decisions based on configured network policies and paths. As the routing protocol of the Internet, BGP is robust and scalable, connecting multiple private networks and autonomous systems globally.
This document provides an overview of the Border Gateway Protocol (BGP) which is the routing protocol that allows routers on the internet to exchange information about reachable destinations. BGP focuses on security and scalability to allow internet service providers to exchange routing information in an open environment. The document discusses how BGP enables routers to share information about hundreds of thousands of IP address prefixes and examines approaches for troubleshooting connectivity issues with BGP.
This document provides an overview of MANRS (Mutually Agreed Norms for Routing Security) for network operators in Bangladesh. It discusses key routing security issues like prefix hijacking and route leaks. It describes the four MANRS actions for network operators: filtering, anti-spoofing, coordination, and global validation. Filtering involves setting policies to accept only valid routing announcements. Anti-spoofing uses techniques like uRPF to prevent spoofed source IP addresses. Coordination means maintaining up-to-date contact details in databases. Global validation facilitates routing validation through tools like the IRR and RPKI. The document explains how these actions improve routing security and reliability. It also outlines MANRS' goals and
Routing security incidents are increasing globally. Common issues include BGP hijacks, route leaks, and IP address spoofing. The MANRS initiative provides a solution by defining simple actions for network operators, including filtering, anti-spoofing, coordination, and global validation. Implementing these actions can dramatically improve routing security and reliability on the Internet.
- The document describes a lab scenario demonstrating basic BGP configuration and operation between autonomous systems.
- In the initial configuration, the boundary routers can exchange routes learned from their respective ISPs via EBGP, but cannot exchange routes learned from the opposite ISP due to the lack of IBGP configuration.
- Configuring IBGP between the boundary routers allows them to exchange all external BGP routes, without needing to redistribute via the IGP. However, the "BGP synchronization rule" prevents advertisement of routes before the next hop address is learned via the IGP.
BGP (Border Gateway Routing Protocol) is a standardized exterior gateway protocol designed to
exchange routing and reachability information between autonomous systems (AS) on the Internet. The
Border Gateway Protocol makes routing decisions based on paths, network policies or rule-sets
configured by a network administrator, and are involved in making core routing decisions.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the routing
protocol employed on the Internet.
In this webinar, we cover how Border Gateway Protocol works. Starting from key concepts, you'll learn about Autonomous Systems, the BGP protocol, AS Path, learning and advertising routes, RIBs and route selection. See the webinar recording at https://www.thousandeyes.com/webinars/how-bgp-works
The Border Gateway protocol (BGP) is the routingProtocolused to route internet
trafficbetweendifferentautonomous system. BGP isdividedinto the Internal Border Gateway Protocol (iBGP)
and External Border Gateway Protocol (eBGP). Internet Service Provider (ISP) runsInternal Border Gateway
Protocol to distribute inter domainrouting information amongtheir Border Gateway Protocol routers. There are
some issues in Border Gateway Protocol, whichincludei BGP scalability ,Routing table growth , Loadbalancing,
Security, etc. In thispaper, efforts are put on investigation scalability issues of iBGP. Issuesrelated to scalability
and theirimprovements are alsodiscussed.
Topic: Border Gateway Protocol (BGP)
Outline:
# Introduction
# History
# Current version
# Uses
# Operation
# BGP infrastructure
# Problems
# Success
Introduction
BGP: The Border Gateway Protocol (BGP) is the protocol used throughout the Internet to exchange routing information between networks. It is the language spoken by routers on the Internet to determine how packets can be sent from one router to another to reach their final destination. BGP has worked extremely well and continues to be protocol that makes the Internet work.
History
Date Text
1994-08-15 Concluded group
1992-05-30 Changed milestone "Post the specfication of BGP 4 as an Internet-Draft.", resolved as "Done"
1991-08-30 Changed milestone "Post an Internet-Draft specifying multicast extensions to BGP.", resolved as "Done"
1990-05-01 Changed milestone "Develop a MIB for BGP Version 3.", resolved as "Done"
1990-05-01 Changed milestone "Complete development of Version 2 of the Border Gateway Protocol (BGP).", resolved as "Done"
1989-01-01 Started group
Current version
The current version of BGP is version 4 (BGP4) codified in RFC 4271 since 2006. Early versions of the protocol are widely considered obsolete and are rarely supported. RFC 4271, which went through more than 20 drafts, is based on the earlier RFC 1771 version 4. The RFC 4271 version corrected a number of errors, clarified ambiguities and brought the RFC much closer to industry practices. Version 4 of BGP has been in use on the Internet since 1994. The major enhancement in version 4 was support for Classless Inter-Domain Routing and use of route aggregation to decrease the size of routing.
Uses
Most Internet service providers must use BGP to establish routing between one another (especially if they are multihomed). Compare this with Signaling System 7(SS7), which is the inter-provider core call setup protocol on the PSTN.
Very large private IP networks use BGP internally. An example would be the joining of a number of large OSPE (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another reason to use BGP is multihoming a network for better redundancy, either to multiple access points of a single ISP or to multiple ISPs.
Operation
When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).
Finite-state machines
BGP state machine
In order to make decisions in its operations with peers, a BGP peer uses a simple finite state machine (FSM) that consists of six states: Idle; Connect; Active; OpenSent; OpenConfirm; and Established. For each peer-to-peer session, a BGP implementation maintains a state variable that tracks which of these six states the session is in. The BGP defines the messages that each peer should exc
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet.
The Border Gateway Protocol (BGP) is an inter-autonomous system routing protocol used to exchange routing information between autonomous systems on the internet. It constructs a graph of autonomous systems based on information exchanged between BGP routers. BGP uses path, policy, and attribute information to select routes and ensure loop-free routing between autonomous systems.
BGP Techniques for Network Operators, by Philip Smith.
A presentation given at APRICOT 2016’s BGP Techniques for Network Operators (Part 1 and 2) sessions on 23 February 2016.
Krzysztof Mazepa (Cisco Systems Poland) – architekt sieci / konsultant pracujący z najwiekszymi polskimi operatorami przewodowymi i kablowymi. Jego misją jest „tłumaczenie” wymogów businessowych klientów na oferowane rozwiązania technologiczne. Jego duże doświadczenie, 16 lat pracy w środowisku operatorskim, pozwala mu dostrzeć specyficzne wymagania tego rynku i zaproponować oczekiwane rozwiązanie.
Krzysztof jest częstym prelegentem na konferencjach PLNOG (Polish Network Operator Group), Cisco Forum, EURONOG (European Network Operator’s Group) oraz Cisco Live.
Posiada certyfikaty CCIE (Cisco Certified Internetwork Expert) #18 662, JNCIE (Juniper Networks Certified Internet Expert) #137, VMware Certified Professional 4 #99432 i wiele innych.
Krzysztof jest mieszkańcem Warszawy, w wolnym czasie ćwiczy biegi długodystansowe oraz gra w tenisa.
Temat prezentacji: BGP FlowSpec
Język prezentacji: Polski
Abstrakt: Celem sesji jest pokazanie podstaw działania BGP FlowSpec. Przedstawione zostaną podstawy teoretyczne oraz sposób wykorzystania przez operatorów SP do eliminowania ataków DDoS. Działanie rozwiązania zostanie zaprezentowane w wirtualnym środowisku korzystając z oprogramowania IOS XRv.
The document provides an overview of the Border Gateway Protocol (BGP) including:
- BGP establishes neighbor relationships to exchange routing information between autonomous systems (ASes). It uses path attributes like AS_PATH to choose the best route and prevent routing loops.
- BGP classifies neighbors as internal (iBGP) or external (eBGP) depending on if they are in the same AS or different ASes. iBGP does not modify the AS_PATH while eBGP does.
- Techniques like route reflectors, confederations, and multiprotocol BGP are used to improve scalability within large ASes. Route filtering uses features like prefix-lists, route-maps and regular expressions to control route
The document discusses troubleshooting BGP routing issues using Juniper examples. It begins by outlining some caveats and assumptions. Then it covers topics like originating routes, filtering routes, summarizing routes, and next hop problems. Examples are provided using show commands on Juniper routers to verify routes are being advertised and received correctly. Troubleshooting steps like modifying routing policies are demonstrated to resolve issues like more specific routes being advertised or next hop reachability problems.
Border Gateway Protocol (BGP) is the routing protocol that controls how data routes between autonomous systems on the Internet. It works by maintaining a table of IP network prefixes and their accessibility between networks. BGP allows for fully decentralized routing and is used internally by gateways to determine the best route to a given destination network. There are two types of BGP sessions - internal BGP (iBGP) for intra-autonomous system routing and external BGP (eBGP) for inter-autonomous system routing. BGP uses messages like OPEN, UPDATE, KEEPALIVE and NOTIFICATION to establish and maintain sessions between routers to exchange routing information.
Open Shortest Path First (OSPF) || 2020 || Ser-2Nutan Singh
Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998) for IPv4.
BGP is an exterior gateway protocol that exchanges routing and reachability information between autonomous systems on the Internet. It makes routing decisions based on configured network policies and paths. As the routing protocol of the Internet, BGP is robust and scalable, connecting multiple private networks and autonomous systems globally.
This document provides an overview of the Border Gateway Protocol (BGP) which is the routing protocol that allows routers on the internet to exchange information about reachable destinations. BGP focuses on security and scalability to allow internet service providers to exchange routing information in an open environment. The document discusses how BGP enables routers to share information about hundreds of thousands of IP address prefixes and examines approaches for troubleshooting connectivity issues with BGP.
This document provides an overview of MANRS (Mutually Agreed Norms for Routing Security) for network operators in Bangladesh. It discusses key routing security issues like prefix hijacking and route leaks. It describes the four MANRS actions for network operators: filtering, anti-spoofing, coordination, and global validation. Filtering involves setting policies to accept only valid routing announcements. Anti-spoofing uses techniques like uRPF to prevent spoofed source IP addresses. Coordination means maintaining up-to-date contact details in databases. Global validation facilitates routing validation through tools like the IRR and RPKI. The document explains how these actions improve routing security and reliability. It also outlines MANRS' goals and
This summary provides the key details about the document in 3 sentences:
The document discusses security issues with the Border Gateway Protocol (BGP) and proposes a method to secure BGP using cyclic shift algorithm and secure hash algorithm-1 (SHA-1) to authenticate BGP peers and establish secure sessions. It analyzes how prefix hijacking can disrupt routing and communication. The proposed approach uses hashing of a dynamically generated key via SHA-1 to authenticate BGP peers during session establishment and secure the exchange of routing updates between trusted peers.
The document provides an overview of multihoming and BGP routing. It discusses how multihoming works without BGP by default routing traffic out multiple connections, but requiring the ISPs to advertise routes to bring traffic back in. It then explains how BGP allows networks to advertise specific routes and policies to control traffic flow when multihomed. The document outlines basic BGP concepts like autonomous systems, route attributes, and how routes and policies are exchanged between networks using BGP.
The document discusses different peering options and requirements for setting up peering between internet service providers (ISPs). It describes the steps to set up bi-lateral peering between two ISPs as an example. The main peering options covered are: 1) Mandatory multi-lateral peering using a route server, 2) Bi-lateral peering agreements resulting in a partial or full mesh, and 3) A hybrid model combining multi-lateral and bi-lateral peering. The advantages and disadvantages of each option are provided.
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYIJNSA Journal
The Border Gateway Protocol (BGP) is the path vector routing protocol that connects different
autonomous systems.. These ASes have unique integer numbers which assign by IANA organization. The
traditional BGP protocol is not sufficient to provide security and authentication for AS path and
verification of AS number ownership as well as network IP prefix. The BGP remains vulnerable to various
types of misconfiguration by users and attacks. Many secure BGP algorithms have been proposed but
complexity of algorithm and attack on that models still remain open problem. In this paper, we propose an
efficient model for SBGP; initially establish trust relationship between BGP peers. In this process BGP use
TCP protocol for reliable communication. The BGP routers will attempt to create secure BGP session by
exchanging BGP Open messages. During this Open messages master BGP router generate private key with
help of cyclic shifting of ASCII of password called cyclic shift algorithm. Then hash of this private key send
towards neighbour. Instead of key exchange, we use hashing algorithm, we generate hash of only key
through SHA-1. This hash code for private key sent with Open messages during session establishment.
When this Open messages receive by neighbor BGP routers, first it generate key using same password with
same algorithm & generate hash code for same and then compare both hash code. If it matches then
establish secure session with master BGP router & accept the Autonomous system number which is sent by
master router during Open Messages. In this manner both BGP speakers make trust relationship between
each other & then exchange route UPDATE within secure channel. If hash code at receiver end does not
match then simply receiving BGP router discard Open messages and does not make connection with
unauthorized AS number. If malicious router wants to inject false route or false ip prefix then it does not
create secure session by lack of secure private key. So malicious router does not participate in above BGP
routing process.
A NOVEL APPROACH FOR SECURE ROUTING THROUGH BGP USING SYMMETRIC KEYIJNSA Journal
The Border Gateway Protocol (BGP) is the path vector routing protocol that connects different autonomous systems.. These ASes have unique integer numbers which assign by IANA organization. The traditional BGP protocol is not sufficient to provide security and authentication for AS path and verification of AS number ownership as well as network IP prefix. The BGP remains vulnerable to various types of misconfiguration by users and attacks. Many secure BGP algorithms have been proposed but complexity of algorithm and attack on that models still remain open problem. In this paper, we propose an efficient model for SBGP; initially establish trust relationship between BGP peers. In this process BGP use TCP protocol for reliable communication. The BGP routers will attempt to create secure BGP session by exchanging BGP Open messages. During this Open messages master BGP router generate private key with help of cyclic shifting of ASCII of password called cyclic shift algorithm. Then hash of this private key send towards neighbour. Instead of key exchange, we use hashing algorithm, we generate hash of only key through SHA-1. This hash code for private key sent with Open messages during session establishment. When this Open messages receive by neighbor BGP routers, first it generate key using same password with same algorithm & generate hash code for same and then compare both hash code. If it matches then establish secure session with master BGP router & accept the Autonomous system number which is sent by master router during Open Messages. In this manner both BGP speakers make trust relationship between each other & then exchange route UPDATE within secure channel. If hash code at receiver end does not match then simply receiving BGP router discard Open messages and does not make connection with unauthorized AS number. If malicious router wants to inject false route or false ip prefix then it does not create secure session by lack of secure private key. So malicious router does not participate in above BGP routing process.
The document discusses IP spoofing and proposes solutions to mitigate it. It discusses how IP spoofing is used in denial-of-service attacks and makes detection and prevention difficult. It then proposes using inter-domain packet filtering (IDPF) using information from Border Gateway Protocol (BGP) route updates to filter spoofed packets. Validation of BGP updates is also performed. The document further discusses enhancing the solution by securing BGP updates and introducing a new BGP route selection algorithm to improve filtering.
This document discusses strengthening Sri Lanka's internet infrastructure by adopting best practices for network operations. It recommends that Sri Lanka develop a healthy ecosystem of interconnected networks including more service providers and consumer/corporate networks. It also provides guidance on implementing best practices for number registry, internet routing, and network security such as securing BGP configurations, implementing traffic filtering, and deploying DNSSEC. Adopting these practices would help develop a more robust internet infrastructure for Sri Lanka that is on par with other economies in the region.
LkNOG 3: Strengthening the Internet infrastructure in Sri LankaAPNIC
APNIC Deputy Director General Sanjaya gives a keynote address on strengthening the Sri Lankan Internet infrastructure at LkNOG 3 in Colombo, Sri Lanka from 2 to 4 October 2019.
routing Protocols and Virtual private networkhayenas
This document discusses several routing protocols:
- RIP, RIP v2, IGRP, EIGRP, OSPF, IS-IS, and BGP. It provides key features of OSPF and comparisons between BGP, iBGP, and eBGP.
- It also discusses what a VPN is, the protocols used in VPNs including PPTP, L2TP, and IPsec, and the advantages and disadvantages of VPNs such as cost savings but also dependence on public networks.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
This document describes a student project to implement the OSPF routing protocol on routers using the Packet Tracer simulator. It includes an introduction to routing and OSPF, as well as chapters covering the OSPF process, router types, network architecture, results, advantages/disadvantages, and references. The project was completed by three students for their Bachelor of Technology degree and submitted to their department for acceptance.
The document discusses routing protocols and concepts. It provides an overview of dynamic routing protocols including distance vector protocols like RIP, EIGRP, and path vector protocols like BGP. It also discusses link-state protocols like OSPF. The document then covers routing protocol concepts like path selection, metrics, multipathing, and static routing. It includes configuration examples and explanations of routing protocol algorithms and behaviors.
IRJET - Designing a High Level Corporate Network Infrastructure with MPLS CloudIRJET Journal
This document discusses designing a high-level corporate network infrastructure using MPLS cloud technology. It proposes connecting a company's branch offices located around the world through an MPLS cloud. OSPF would be used as the interior gateway protocol within offices and between the cloud and offices, while BGP would route traffic between the cloud and headquarters. This setup provides secure, fast, and reliable data transmission between branch offices through the MPLS cloud using routing and redundancy protocols.
This document summarizes routing protocols and the Border Gateway Protocol (BGP). It discusses static versus dynamic routing, routing with partial information, and the original core routing architecture. It then describes autonomous systems (AS), external gateway protocols (EGP), and how BGP establishes peering sessions between ASes to automatically share routing information. BGP speakers in different ASes use external BGP to exchange routing information, while internal BGP is used within an AS. The document provides details on BGP update messages, path attributes, and how BGP enforces routing policies.
Here are the answers to the questions in bold red typeface:
1. What is a WAN?
**A WAN (wide area network) is a geographically dispersed telecommunication network that interconnects multiple computer networks and LANs (local area networks).**
2. What are the main components of a WAN?
**The main components of a WAN include routers, switches, firewalls, servers, and transmission media like fiber optic cables, coaxial cables, leased lines, satellites, and microwave links.**
3. What are some common WAN technologies?
**Some common WAN technologies include Frame Relay, ATM, MPLS, DSL, cable modem,
This document provides an overview of routing protocols and path selection algorithms. It discusses the main types of routing protocols including distance vector protocols like RIP, link-state protocols like OSPF, path vector protocols like BGP, and hybrid protocols like EIGRP. It describes how each protocol uses different algorithms and metrics to determine the best path, avoid loops, and populate the routing table. Key topics covered include distance vector algorithms, link-state algorithms, path vector algorithms, and the role of the routing and forwarding tables in path selection.
Similar to ION Bangladesh - Secure BGP and Operational Report of Bangladesh (20)
23 November 2017 - At ION Belgrade, Kevin Meynell discusses what happened at the recent IETF meeting, and how to get involved in the open Internet standards community.
The document provides information about the Internet Society and its Deploy360 program. It summarizes that the Internet Society was founded 25 years ago to support the technical evolution and use of the Internet. Its Deploy360 program aims to advance the real-world deployment of protocols like IPv6, DNSSEC, and TLS by providing hands-on technical resources for networks. The program involves online documentation, events, and engaging with first adopters to share deployment experiences. It encourages participation through its website, social media, and industry events.
This document provides information about joining the Internet Society and its Serbia chapter to help preserve the open internet. It encourages attendees to get involved by creating content or providing feedback to help develop resources for internet deployments. Contact details and links are given to follow developments and access presentation materials from the conference.
September 2017 - Aftab Siddiqui presents on the Mutually Agreed Norms for Routing Security (MANRS), and how we can work together to improve the security and resiliency of the Internet's routing system.
18 September 2017 - ION Malta
What’s happening at the Internet Engineering Task Force (IETF)? What RFCs and Internet-Drafts are in progress related to IPv6, DNSSEC, Routing Security/Resiliency, and other key topics? We’ll give an overview of the ongoing discussions in several working groups and discuss the outcomes of recent Birds-of-a-Feather (BoF) sessions, and provide a preview of what to expect in future discussions.
Collaboration and shared responsibility are two pillars supporting the Internet’s growth and success. While the global routing system has worked well, it has significant security challenges that we must address. In this panel, security experts will discuss how we can create a culture of collective responsibility and improve the global routing system, including an introduction to the “Mutually Agreed Norms for Routing Security” (MANRS).
18 September 2017 - ION Malta
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the reasons for deploying DNSSEC, examine some of the challenges operators have faced, and address those challenges and move deployment forward.
18 September 2017 - Rick Lamb, ICANN, on DANE:
If you connect to a “secure” server using TLS/SSL (such as a web server, email server or xmpp server), how do you know you are using the correct certificate? With DNSSEC now being deployed, “DANE” (“DNS-Based Authentication of Named Entities”) has emerged allowing you to securely specify exactly which TLS/SSL certificate an application should use to connect to your site. DANE has great potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates. In this session, we will explain how DANE works and how you can use it to secure your websites, email, XMPP, VoIP, and other web services.
18 September 2017 - At ION Malta, Adam Peake discusses the IANA transition:
The IANA transition was successfully completed in October 2016 creating strengthened relationships between the IETF (Internet protocols and standards), Regional Internet Registries RIRs (IP addresses), and ccTLD and gTLD operators and TLD community and ICANN. A new organisation, Public Technical Identifiers (PTI), an affiliate of ICANN, is now responsible for performing the IANA functions and delivering the IANA Services on behalf of ICANN. The session will discuss these new arrangements and how they have enhanced ICANN’s accountability and transparency to the global Internet community. The session will also describe how ICANN is preparing for the Root KSK Rollover.
This document summarizes Finland's efforts to promote IPv6 adoption. It discusses the formation of the Finnish IPv6 Task Force to develop recommendations for IPv6 implementation. It also describes Finland's national IPv6 launch in 2015, where major ISPs enabled IPv6 for over 5 million broadband subscriptions. As a result, IPv6 usage increased significantly. The document discusses challenges faced during the transition like upgrading network equipment and changing attitudes. It concludes that while work remains, the launch was successful and IPv6 introduction costs can be limited by starting with easier implementations.
The document discusses Marco d'Itri's thoughts on the transition to IPv6. It describes the transition as ongoing, with no flag days, as IPv6 adoption grows. It notes that while IPv4 NAT is easy for access networks, it is difficult for servers. Many large content providers already use IPv6. The transition involves steps before IPv4 addresses ran out, the current transition period, and after the transition when IPv4 will be optional. IPv6 adoption is growing in several countries like Belgium and the US. Eventually IPv4-only islands will need to make themselves accessible over IPv6. The document provides advice on starting an IPv6 transition and offers a simple IPv6 addressing plan.
MANRS protects networks and reputations by preventing BGP leaks and spoofing that can saturate networks or attack infrastructure. Implementing MANRS filtering of BGP customers and spoofed traffic helps avoid these issues. It also allows other networks to filter your routes to prevent leaks. While RPSL is complex, registering autonomous systems and routes in the RIPE database through simple objects helps third parties and saves time for automation. Overall, MANRS establishes basic management practices that benefit networks by improving stability and security.
The document provides information about celebrating 25 years of the Internet Society and getting involved in various initiatives. It encourages readers to help shape the future of the internet, visit websites for more resources, follow social media accounts, and find presentation archives from a past conference. Contact details are also listed.
The document summarizes Thato Mfikwe's presentation at the ION Conference 2017 in Durban about the ISOC South Africa Gauteng Chapter. It provides details about the chapter's establishment, vision, pillars, membership reach across Africa and Europe, and projects from 2014-2016 and planned for 2017 focusing on community networks, policy engagement, outreach, and training. It also discusses ICT, internet governance landscape, topics at the ION conference including DNS, IPv6, cyber threats, and secure routing.
7 September 2017 - At ION Conference Durban, South Africa, Kevin Meynell discusses what's happening at the IETF in the world of Internet standards, and how you can get involved in the process.
More from Deploy360 Programme (Internet Society) (20)
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
1. www.internetsociety.org
Secure BGP and Operational Report of
Bangladesh
ION Bangladesh and bdNOG 5
Md. Jahangir Hossain
Vice Chair, ISOC Bangladesh Chapter
EC member, bdNOG
2. The Internet Society
Key Areas
Prefix Filtering
Next-Hop Filtering
BGP TTL security (GTSM)
AS-path filtering
BGP community scrubbing
BGP route flap dampening
Control Plan Protection
Go with ROA in Resource Public Key Infrastructure (RPKI)
RPKI development status in Bangladesh
3. The Internet Society
Prefix Filtering
Filters with customers
Filters with Internet peers
Filters with upstream providers
Bogon prefix ---defined as Martians
4. The Internet Society
Next-Hop Filtering
= If we peering on a shared network, like an IXP, BGP can advertise prefixes with
a 3rd-party next-hop, thus directing packets not to the peer announcing the
prefix but somewhere else.
= In direct peerings between ISPs, this is undesirable, as one of the peers could
trick the other one to send packets into a black hole (unreachable next-hop) or to
an unsuspecting 3rd party who would then have to carry the traffic.
= Especially for black-holing, the root cause of the problem is hard to see without
inspecting BGP prefixes at the receiving router at the IXP. Therefore, an inbound
route policy SHOULD be applied on IXP peerings in order to set the next-hop for
accepted prefixes to the BGP peer IP address (belonging to the IXP LAN) that
sent the prefix (which is what "next-hop-self" would enforce on the sending side).
5. The Internet Society
BGP TTL security (GTSM)
= BGP sessions can be made harder to spoof with the Generalized TTL Security
Mechanisms (GTSM, aka TTL security), defined in . Instead of sending TCP
packets with TTL value of 1, the BGP speakers send the TCP packets with TTL
value of 255 and the receiver checks that the TTL value equals 255.
= Since it's impossible to send an IP packet with TTL of 255 to a non-directly-
connected IP host, BGP TTL security effectively prevents all spoofing attacks
coming from third parties not directly connected to the same subnet as the BGP
speaking routers.
= Network administrators SHOULD implement TTL security on directly connected
BGP peerings.
= GTSM could also be applied to multi-hop BGP peering as well.
6. The Internet Society
AS-path filtering
= Network administrators SHOULD NOT advertise prefixes with non- empty AS-
path unless they intend to be transit for these prefixes.
= Network administrators SHOULD NOT accept prefixes with private AS numbers
in the AS-path except from customers. Exception: an upstream offering some
particular service like black-hole origination based on a private AS number.
= Customers should be informed by their upstream in order to put in place ad-hoc
policy to use such services.
= Network administrators SHOULD NOT accept prefixes when the first AS number
in the AS-path is not the one of the peer unless the peering is done toward a
BGP route-server (for example on an IXP) with transparent AS path handling.
In that case this verification needs to be de-activated as the first AS number will be
the one of an IXP member whereas the peer AS number will
be the one of the BGP route-server.
7. The Internet Society
BGP community scrubbing
= Network administrators SHOULD scrub inbound communities with their number in
the high-order bits, and allow only those communities that customers/peers can
use as a signaling mechanism.
= Networks administrators SHOULD NOT remove other communities applied on
received routes (communities not removed after application of previous
statement). In particular they SHOULD keep original communities when they apply
a community.
Customers might need them to communicate with upstream providers. In particular
network administrators SHOULD NOT (generally) remove the no-export
community as it is usually announced by their peer for a certain purpose.
8. The Internet Society
BGP route flap dampening
= The BGP route flap dampening mechanism makes it possible to give penalties to
routes each time they change in the BGP routing table.
Initially this mechanism was created to protect the entire Internet from multiple events
impacting a single network.
Studies have shown that implementations of BGP route flap dampening could
cause more harm than they solve problems and therefore RIPE community has in
the past recommended not using BGP route flap dampening .
Studies have then been conducted to propose new route flap dampening
thresholds in order to make the solution "usable", see RFC 7196
10. The Internet Society
Remote Triggered Black Hole (RTBH)
Remotely-Triggered Black Hole (RTBH) routing is an
interesting application of BGP as a security tool
within service provider networks.
One common use is mitigation of distributed denial
of service (DDoS) attacks.
http://tools.ietf.org/html/rfc5635
11. The Internet Society
SIDR - Secure Inter-Domain Routing
An infrastructure called SIDR (Secure Inter-Domain Routing),has been
designed to secure Internet advertisements.
= Origin validation, described in seeks to make sure that attributes
associated with routes are correct.
= Path validation provided by BGPsec seeks to make sure that no one
announces fake/wrong BGP paths that would attract traffic for a given
destination.
Implementing SIDR mechanisms is expected to solve many of the BGP routing
security problems in the long term, but it may take time for deployments to be made
and objects to become signed. Also, note that the SIDR infrastructure is
complementing (not replacing) the security best practices .
12. The Internet Society
Go with ROA !
A ROA or Route Origin Authorization is an attestation of a
BGP route announcement. It attests that the origin AS number
is authorized to announce the prefix(es). The attestation can
be verified cryptographically using RPKI.
• Verify whether an AS is authorized to announce a
specific IP prefix
• Minimize common routing errors
• Prevent most accidental hijacks
http://www.apnic.net/roa
15. The Internet Society
Special Thanks to
BCP: 194
J. Durand ,Cisco Systems, Inc.
G. Doering ,SpaceNet
https://tools.ietf.org/html/bcp194
Jac Kloots
SURFnetJac Kloots ,SURFnet
http://rpki.surfnet.nl/index.html
Internet Society Deploy360 Programme Team
http://www.internetsociety.org/deploy360/securing-bgp/
Fakrul Alam
APNIC
https://www.apnic.net/