BGP and DNS are the two critical protocols that glue the entire global network (the Internet). Without them, the Internet falls apart. The security, resiliency, and integrity Border Gateway Protocol (BGP) holds up the routing of packets end-to-end across the Internet. Threats to BGP systems are life-threatening, disrupting critical infrastructure people depend on for their health and well-being.
The BGP Resiliency & Security workshop has evolved over +20 years teaching thousands of operations teams the core principles around BGP peering, resiliency, and security. Today’s topics include:
- Essentials of BGP Network Deployments
- BGP Peering Principles, Best Practices, and Operational Risk.
- Core Essentials to BGP Security – How BGP is attacked and how the Global Internet Routing System can be Abused/Attacks.
- BGP Network Resiliency (Responding to Attacks) – Core guidelines and BCPs for build resiliency into the BGP architectures
- Monitor BGP for potential abuse/attacks – How do you know you are being targeted?
- Plugging into the BGP “People Network” – All BGP sessions have a human who works with other humans who collaborate to keep the “Internet peering mesh” functions. Plugging into these communities is essential to BGP resiliency and security.
- The BGP Security “Community” – There are core efforts in the IETF, MANRS, Operations Forums (NANOG, SG-NOG, etc), and Security “Trust-Groups.” These communities monitor the Internet and take action when there is a bust, threat, or risk. These groups are an international collective and not run by any Government agency.
- Build Confort with the Core Tools We use to Troubleshoot issues – Public Route Servers, BGP Looking Glass servers, The University of Oregon Route Views Project, RIPE’s Routing Information Service (RIS), and others are used by the community to explore potential routing issues. A comfort level with these tools builds confidence and dispels some of the mystery of how the Internet is glued together.
- MANRS’s Impact on BCP Compliance – MANRS – Mutually Agreed Norms for Routing Security is a tool for all organizations to put in their Internet, peering, and interconnection requirements. MANRS is a consensus guide that would push the industry to comply with core network security essentials.
- Understanding the role of PeeringDB, RADB, and IRR – How these tools are used to manage Internet interconnection and peering.
- Internet Exchange Points (IXP) – what are they, their history, their evolution, and the direction of micro-IXPs in how the Internet, Mobile, and telecommunications evolve.
- Meaningful BGP Security and Routing Conversations – step by step conversation guide to help organizations converse with their ISPs, CSPs, Peers, Cloud Operators, Edge Operators, and others whom BGP issues could affect their operations.
- Operator Specific Examples of BGP Resiliency and Security Tools – the workshop speaker(s) will review examples of BGP Security and Resiliency from their personal operational experiences. These examples help illustrate that BGP can be resilient and the community that supports the Internet’s interconnected mesh will respond as needed.
- Studies on BGP Security, Resiliency, and Operational Risk – BGP has been well studied and researched. This mobile will review some of the key papers and materials that help understand our global Internet routing system.
Modes of the BGP Security Workshop
- BGP Security Executive Overview – This one-hour session is targeted at decision-makers to help them know what questions to ask their team and their vendors.
- Full-Day BGP Security Workshop – The full-day workshop covers all the materials and focuses on “take-home” practices and homework.
Practical Security Conversations
If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. These sessions are conducted in conferences, internal workshops, and security group memberships. If you are interested, reach Barry Greene at bgreene@senki.org. These sessions are designed to provide practical, cost-effective, and actionable security assistance. The materials help organizations leverage the talent around them to get started with their security activities. Start with the DDoS Attack Preparation Workbook and Operator’s Security Toolkit. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights. You can sign up to the mailing list for updates here: Stay Connected with Senki’s Updates.