chapter 4 secure routing n.
Skip this Video
Loading SlideShow in 5 Seconds..
– Chapter 4 – Secure Routing PowerPoint Presentation
Download Presentation
– Chapter 4 – Secure Routing

– Chapter 4 – Secure Routing

217 Views Download Presentation
Download Presentation

– Chapter 4 – Secure Routing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. – Chapter 4 – Secure Routing • Build security into the design of routing • router authentication • route authentication • control directed broadcast • black hole filtering • URPF • Path integrity • 2 Case studies Network Security

  2. Design issues of secure routing • Route filtering • When designing a private network, it is important to ensure that ‘route filtering’ is used to filter out any bogus or undesired routes coming into the private net. • Examples: special addresses (p.82) • It is equally important to ensure that the only networks advertised by the private network are those desired. • To ensure that IP address blocks belonging to a private network are not allowed to be advertised back into the network from outside. • ‘net police filtering’ (aka. ‘prefix filtering’) – next Network Security

  3. Design issues of secure routing • Prefix Filtering • No routes with prefixes more specific than /20 (or up to /24) are allowed to come in. • To ensure that an attack cannot be staged on a large ISP’s router by increasing the size of its routing tables • Routes more specific than /20 are often not needed by large ISPs, so those routes can be filtered out to keep its routing table from getting out of control. • Example: p.93 (incoming route filtering in a BGP router) • Another example: next Network Security

  4. Prefix Filtering Example Network Security

  5. Prefix Filtering Example ! only is announced to neighbor ! all, with the exception of, is accepted from router bgp 1 network network neighbor remote-as 2 neighbor description Router 2 of AS2 neighbor prefix-list partialOut out neighbor prefix-list partialIn in ! ip prefix-list partialOut permit ! ip prefix-list partialIn deny ip prefix-list partialIn permit any Network Security

  6. Design issues of secure routing • network convergence • depends on many factors • complexity of the net architecture • redundancy in the network • route calculation algorithms and configuration • loops in the network • Fast convergence is desirable. • Problems with a a slow-converging network • can mean a considerable loss of revenue and/or productivity • may be subject to DoS attacks, because it takes longer to recover from network-disrupting attacks and thus aggravates problems Network Security

  7. Design issues of secure routing • static routes • discussed earlier (example 3-1) • can be used to hard code information in the routing tables such that this info is unaffected by a network attack or propagated impact from other parts of the network • Disadvantage? scalability Network Security

  8. Authentication of Router and Routes • Rationale of authenticating routers and routes: • As part of an attack, the attacker may configure his machine or router to share incorrect routing information with the attacked router (AR). Impacts? Incorrect routing, disabled router, traffic redirection • Flood of routing talbe e.g., A rogue router may act as a BGP speaker and neighbor, and advertises lots of specific routes into a core router’s routing table. Impacts? slow or disabled router Network Security

  9. Authentication of Router and Routes • Solutions? • Router authentication: Routers must authenticate each other before sharing information. • Password-based authentication - Drawback? • MD5-HMAC - Implications? • Route authentication: Integrity of the exchanged routing information must be verified. • Hashing-based methods, such as MD5-HMAC, can be used to authenticate routes. • Figure 4-1 • Examples 4-1, 4-2, 4-3 Network Security

  10. Control/disable directed broadcast • ‘Directed broadcast’ allows packets to be broadcast to all the machines on the subnet directly attached to a router. • May be used by attackers to start attacks • e.g., smurf attack • A type of DoS attack • Figure 21-3 • An attacker sends a ping echo request to the broadcast address on a network, causing all the machines in that segment to send echo replies to the attacked router.  impact: packet flood Network Security

  11. Black Hole Filtering • Purpose: to filter out undesired traffic, by directing specific routes to a null interface • An alternative to ACL • Advantage: no access list processing  save processing time • Disadvantage: Null routing is based on the packets’ destination IP addresses only, while ACL can work on source address, destination address, and layer 4 info as well. • A weaker form of route filtering • Example 4-5: interface null0 Network Security

  12. URPF • Unicast Reverse Path Forwarding • Purpose: to thwart attempts to send packets with spoofed source IP addresses • A mechanism configured on a router to disable outgoing packets with source IP addresses not in the range belonging to its site • Advantage: A more efficient and effective outgoing packets filtering mechanism than ACL • Requirement: CEF (Cisco Express Forwarding) must be enabled on that router, because URPF looks at the FIB (forwarding information base) rather than the the routing table. • Example: Figure 4-2 Network Security

  13. URPF (cont.) • Constraint: can not be deployed on a router that has asymmetric routes set up. • In asymmetric routing, more than one interface is used (by a router or firewall) to route packets of a private network.  The interface through which the router sends return traffic for a packet may not be the same interface on which the original packet was received. • In general, URPF is deployed on the edge of a network.  allowing the antispoofing capabilities to be effective to the entire network • Example 4-6: ip verify unicast reverse-path Network Security

  14. Path Integrity • Rule of thumb: Routing should be performed based on the optimum paths calculated by the underlying routing protocols.  However, the routing protocols may be affected by ICMP redirects and IP source routing when making such calculations. • ICMP redirects allows a router to inform another router on its local segment not to use certain hop in its path to certain host.  because including the hop will result in paths that’s not optimal • ICMP redirects is the default setting on Cisco routers. • Should be disabled unless absolutely necessary • IP source routing: next Network Security

  15. Path Integrity (cont.) • IP source routing: an IP feature allowing a user to set a field in the IP packet to specify the desired path • May be used by attackers to subvert the workings of normal routing protocols • Example: An attacker can specify a router (A) that is attached to both a private and the public network as an intermediate point in the source path to reach a private address (e.g., • All intermediate routers, with IP source routing enabled, will forward the packet to router A.  causing DoS attack • Advice: disable IP source routing on the router Network Security

  16. Case study 1Securing the BGP Routing Protocol • an exterior gateway protocol • Example techniques: • Enable BGP peer authentication • Filter incoming routes • Filter outgoing routes • Use the network statement to advertise the network block • Disable BGP multihop feature (that is, do not allow peering between routers not directly connected to each other) • Control TCP port 179  using the firewall or ACLs to do the filtering • Disable BGP version negotiation (instead, hard-code the version info) • Use police filters and null routes • Set up route dampening values  to prevent flapping routes • Use the maximum-prefix command • Logging changes in neighbor status Network Security

  17. Case Study 2 Securing the OSPF routing protocols • an interior gateway protocol • Example techniques: • Router authentication • Nonbroadcast neighbor configuration • Using stub areas • Using loopback interfaces as the router Ids • Tweaking SPF timers • Route filtering • … Network Security

  18. Summary • Security of routers and routes is critical for the security of the whole network. • The net administrator should configure his routers and routes, not only to protect the private network, but also to help to protect the whole Internet. • Next: security of LAN switching Network Security