Security issues at the network level.

When using the authentication mechanism required for the implementation of this protocol, the threat level is reduced as a result of inserting, modifying or deleting messages, as well as man-in-the-middle attacks from the side of the external nodes. If it is desirable to ensure the confidentiality of route data, this task can be solved using IPsec ESP. However, it is worth noting that the confidentiality of route
data is a controversial issue, as this may not suit many providers.
Both cryptographic mechanisms and IPsec assume that the cryptographic algorithm is secure, the secrets used are protected from disclosure and cannot be guessed, and the platform is securely managed, the possibility of hacking is prevented, etc.
However, it is worth noting that these mechanisms do not prevent attacks from legitimate BGP partners of the router. There are several possible solutions to prevent the BGP node from inserting false information into announcements sent to partners (for example, to organize attacks on networks from which the route or AS-PATH begins):
source protection – signature of the original AS;
source and neighbor protection - signature of the original AS or prior information;
source and route protection – source AS signature and AS_PATH signature for the routers from which you want to prevent the possibility of an attack;
filtering is based on checking the AS_PATH and NLRI of the original AS;
Filtering is used in some user connection points, but is ineffective in the "central nodes" of the Internet.
Concluding the topic of network-level security, in the following posts we will look at the IPsec encryption protocol, which makes it possible to secure packets at the network level.
Oleg Petukhov, lawyer in the field of international law and personal data protection, information security specialist security, protection of information and personal data.
Telegram channel: https://t.me/protectioninformation Telegram Group: https://t.me/informationprotection1 Website: https://legascom.ru Email: online@legascom.ru #informationprotection #informationsecurity