Skip to main content

How do you secure dynamic routing protocols?

Securing dynamic routing protocols (like BGP, OSPF, EIGRP, RIP, etc.) is crucial to maintaining the integrity and stability of a network. These protocols were not originally designed with strong security in mind, so network engineers must apply a combination of authentication, filtering, and policy controls to mitigate threats like route hijacking, spoofing, and DoS.

Here's a breakdown of how to secure the most common dynamic routing protocols:

How do you secure dynamic routing protocols?

🔐 1. Authentication

OSPF, RIP, EIGRP (Interior Protocols)

  • Use MD5 or SHA authentication on routing updates to ensure only trusted routers participate.

  • Example (OSPF):

    interface GigabitEthernet0/1
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 SECRET_KEY

BGP

  • Use TCP MD5 authentication (neighbor x.x.x.x password) or TCP-AO (Authentication Option) for session protection.

  • Example (Cisco):

    router bgp 65000
 neighbor 192.0.2.1 password YOUR_SECRET

🔒 Purpose: Prevents unauthorized peers from forming sessions and injecting routes.

🧱 2. Access Control / Filtering

  • Passive Interfaces: Disable routing protocol advertisements on interfaces that don't need them.

  • Route Filtering: Use prefix-lists, distribute-lists, and route-maps to control what routes are sent or received.

  • Interface ACLs: Apply access control lists to limit routing protocol traffic to trusted IPs only.

🌐 3. Control Plane Protection

  • Use Control Plane Policing (CoPP) or Control Plane Protection (CPPr) to throttle or restrict routing protocol traffic (especially for BGP on edge routers).

  • This prevents CPU exhaustion from routing protocol floods or malformed packets.

🔄 4. TTL Security / BFD

  • TTL Security Hack (GTSM) for BGP:

    • Ensures that only neighbors within one hop can establish a session.

    • Mitigates TCP spoofing and off-path attacks.

  • BFD (Bidirectional Forwarding Detection):

    • Provides fast failure detection for dynamic routing sessions.

📊 5. Monitoring and Logging

  • Enable logging for neighbor state changes and route updates.

  • Use SNMP or NetFlow to monitor for anomalous routing activity.

  • Use tools like BGPmon, RIPE RIS, or RPKI validators for BGP monitoring and route validation.

🧩 6. Use RPKI and BGP Prefix Validation (for BGP)

  • Deploy RPKI (Resource Public Key Infrastructure) to cryptographically validate BGP route origin.

  • Prevents route hijacking by dropping invalid prefixes.

🏰 7. Segment and Harden the Routing Infrastructure

  • Use out-of-band management.

  • Limit physical and logical access to routers.

  • Apply least privilege principles and secure router credentials (no default passwords).

✅ Summary Table

Security MeasureProtocolsPurpose
MD5/SHA AuthenticationBGP, OSPF, RIPPeer validation
Route FilteringAllPrevent route leaks/attacks
CoPP/CPPrAllCPU protection
RPKIBGPOrigin validation
TTL Security (GTSM)BGPOne-hop neighbor validation
BFDAllFast failure detection
Logging & MonitoringAllAudit and alert
Passive InterfacesOSPF, RIP, EIGRPReduce exposure

Popular posts from this blog

Explain the Angular compilation process: View Engine vs. Ivy.

 The Angular compilation process transforms your Angular templates and components into efficient JavaScript code that the browser can execute. Over time, Angular has evolved from the View Engine compiler to a newer, more efficient system called Ivy . Here's a breakdown of the differences between View Engine and Ivy , and how each affects the compilation process: 🔧 1. What Is Angular Compilation? Angular templates ( HTML inside components) are not regular HTML—they include Angular-specific syntax like *ngIf , {{ }} interpolation, and custom directives. The compiler translates these templates into JavaScript instructions that render and update the DOM. Angular uses Ahead-of-Time (AOT) or Just-in-Time (JIT) compilation modes: JIT : Compiles in the browser at runtime (used in development). AOT : Compiles at build time into efficient JS (used in production). 🧱 2. View Engine (Legacy Compiler) ➤ Used in Angular versions < 9 🔍 How It Works: Compiles templat...
Read more

What are the different types of directives in Angular? Give real-world examples.

In Angular, directives are classes that allow you to manipulate the DOM or component behavior . There are three main types of directives: 🧱 1. Component Directives Technically, components are directives with a template. They control a section of the screen (UI) and encapsulate logi c. ✅ Example: @Component ({ selector : 'app-user-card' , template : `<h2>{{ name }}</h2>` }) export class UserCardComponent { name = 'Alice' ; } 📌 Real-World Use: A ProductCardComponent showing product details on an e-commerce site. A ChatMessageComponent displaying individual messages in a chat app. ⚙️ 2. Structural Directives These change the DOM layout by adding or removing elements. ✅ Built-in Examples: *ngIf : Conditionally includes a template. *ngFor : Iterates over a list and renders template for each item. *ngSwitch : Switches views based on a condition. 📌 Real-World Use: < div * ngIf = "user.isLoggedIn...
Read more

Explain the concept of ControlValueAccessor in custom form components.

 In Angular, the ControlValueAccessor interface is what allows custom form components to work seamlessly with Angular forms (both reactive and template-driven). 🧠 What is ControlValueAccessor ? It’s an Angular bridge between your custom component and the Angular Forms API . When you use a custom form component (like a date picker, dropdown, slider, etc.), Angular doesn't automatically know how to read or write its value. That’s where ControlValueAccessor comes in. It tells Angular: How to write a value to the component How to notify Angular when the component’s value changes How to handle disabled state 📦 Common Built-in Examples: <input> and <select> already implement ControlValueAccessor You implement it when creating custom form controls 🔧 Key Methods in the Interface Method Purpose writeValue(obj: any) Called by Angular to set the value in the component registerOnChange(fn: any) Passes a function to call when the component value ch...
Read more