Skip to main content

How do you secure dynamic routing protocols?

Securing dynamic routing protocols (like BGP, OSPF, EIGRP, RIP, etc.) is crucial to maintaining the integrity and stability of a network. These protocols were not originally designed with strong security in mind, so network engineers must apply a combination of authentication, filtering, and policy controls to mitigate threats like route hijacking, spoofing, and DoS.

Here's a breakdown of how to secure the most common dynamic routing protocols:

How do you secure dynamic routing protocols?

πŸ” 1. Authentication

βœ… OSPF, RIP, EIGRP (Interior Protocols)

  • Use MD5 or SHA authentication on routing updates to ensure only trusted routers participate.

  • Example (OSPF):

    interface GigabitEthernet0/1
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 SECRET_KEY

βœ… BGP

  • Use TCP MD5 authentication (neighbor x.x.x.x password) or TCP-AO (Authentication Option) for session protection.

  • Example (Cisco):

    router bgp 65000
 neighbor 192.0.2.1 password YOUR_SECRET

πŸ”’ Purpose: Prevents unauthorized peers from forming sessions and injecting routes.

🧱 2. Access Control / Filtering

  • Passive Interfaces: Disable routing protocol advertisements on interfaces that don't need them.

  • Route Filtering: Use prefix-lists, distribute-lists, and route-maps to control what routes are sent or received.

  • Interface ACLs: Apply access control lists to limit routing protocol traffic to trusted IPs only.

🌐 3. Control Plane Protection

  • Use Control Plane Policing (CoPP) or Control Plane Protection (CPPr) to throttle or restrict routing protocol traffic (especially for BGP on edge routers).

  • This prevents CPU exhaustion from routing protocol floods or malformed packets.

πŸ”„ 4. TTL Security / BFD

  • TTL Security Hack (GTSM) for BGP:

    • Ensures that only neighbors within one hop can establish a session.

    • Mitigates TCP spoofing and off-path attacks.

  • BFD (Bidirectional Forwarding Detection):

    • Provides fast failure detection for dynamic routing sessions.

πŸ“Š 5. Monitoring and Logging

  • Enable logging for neighbor state changes and route updates.

  • Use SNMP or NetFlow to monitor for anomalous routing activity.

  • Use tools like BGPmon, RIPE RIS, or RPKI validators for BGP monitoring and route validation.

🧩 6. Use RPKI and BGP Prefix Validation (for BGP)

  • Deploy RPKI (Resource Public Key Infrastructure) to cryptographically validate BGP route origin.

  • Prevents route hijacking by dropping invalid prefixes.

🏰 7. Segment and Harden the Routing Infrastructure

  • Use out-of-band management.

  • Limit physical and logical access to routers.

  • Apply least privilege principles and secure router credentials (no default passwords).

βœ… Summary Table

Security MeasureProtocolsPurpose
MD5/SHA AuthenticationBGP, OSPF, RIPPeer validation
Route FilteringAllPrevent route leaks/attacks
CoPP/CPPrAllCPU protection
RPKIBGPOrigin validation
TTL Security (GTSM)BGPOne-hop neighbor validation
BFDAllFast failure detection
Logging & MonitoringAllAudit and alert
Passive InterfacesOSPF, RIP, EIGRPReduce exposure

Popular posts from this blog

Explain the Angular compilation process: View Engine vs. Ivy.

 The Angular compilation process transforms your Angular templates and components into efficient JavaScript code that the browser can execute. Over time, Angular has evolved from the View Engine compiler to a newer, more efficient system called Ivy . Here's a breakdown of the differences between View Engine and Ivy , and how each affects the compilation process: πŸ”§ 1. What Is Angular Compilation? Angular templates ( HTML inside components) are not regular HTMLβ€”they include Angular-specific syntax like *ngIf , {{ }} interpolation, and custom directives. The compiler translates these templates into JavaScript instructions that render and update the DOM. Angular uses Ahead-of-Time (AOT) or Just-in-Time (JIT) compilation modes: JIT : Compiles in the browser at runtime (used in development). AOT : Compiles at build time into efficient JS (used in production). 🧱 2. View Engine (Legacy Compiler) ➀ Used in Angular versions < 9 πŸ” How It Works: Compiles templat...
Read more

Can you explain the concept of "geo-targeting" in SEM and when would you use it?

 πŸŒ What Is Geo-Targeting in SEM? Geo-targeting (or location targeting ) in Search Engine Marketing (SEM) is the practice of showing ads only to users in specific geographic locations β€” like countries, cities, regions, or even a radius around a point. πŸ“Œ Why Use Geo-Targeting? It helps you: Reach your actual customers where they are. Save ad spend by avoiding irrelevant regions. Customize ads to local languages, currencies, or promotions. Improve click-through rate (CTR) and conversion rates by serving more relevant ads. 🧠 When Should You Use It? Scenario Geo-Targeting Use Case πŸͺ Local Business Show ads only in your city or surrounding area. Example: A Chennai bakery targets a 10km radius. 🌐 Different Campaigns for Different Countries E.g., one ad in the U.S., another localized version for the U.K. 🚚 Service Area Restrictions You offer delivery only in certain postal codes. πŸ—£οΈ Language/Cultural Targeting Tailor messages by region β€” like "Diwali offer...
Read more

What are the different types of directives in Angular? Give real-world examples.

In Angular, directives are classes that allow you to manipulate the DOM or component behavior . There are three main types of directives: 🧱 1. Component Directives Technically, components are directives with a template. They control a section of the screen (UI) and encapsulate logi c. βœ… Example: @Component ({ selector : 'app-user-card' , template : `<h2>{{ name }}</h2>` }) export class UserCardComponent { name = 'Alice' ; } πŸ“Œ Real-World Use: A ProductCardComponent showing product details on an e-commerce site. A ChatMessageComponent displaying individual messages in a chat app. βš™οΈ 2. Structural Directives These change the DOM layout by adding or removing elements. βœ… Built-in Examples: *ngIf : Conditionally includes a template. *ngFor : Iterates over a list and renders template for each item. *ngSwitch : Switches views based on a condition. πŸ“Œ Real-World Use: < div * ngIf = "user.isLoggedIn...
Read more