Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

BGP Security Training Course

Description

There are thousands of routing incidents every year… Some of them are the result of typos but some are intentional. Attackers can redirect traffic to their own network causing all traffic to be blackholed or rerouted as per their own intentions. This gives attackers the opportunity to intercept, inspect and modify traffic. These routing incidents can disrupt services, and cause security leaks and financial losses. Regardless of whether the incident is intentional (or not), the end result is always the same - global internet routing infrastructure is affected!

Several protection mechanisms have been introduced to maintain stability and strengthen the security of the global routing system by reducing BGP hijacks and route leaks. This one-day BGP Security course explains the vulnerabilities of the BGP protocol and discusses the counter-measures that should be deployed to prevent accidental and intentional BGP incidents. Several security measures such as Internet Routing Registries (IRRs), filtering and RPKI will be covered in detail and several activities will support the explanations to reinforce theory through practice.

You should attend this training course if you are part of the technical staff at a Local Internet Registry (LIR) in the RIPE NCC service region. This is particularly relevant to those who work with multi-provider connectivity and would like to learn how to secure BGP routing and contribute to global routing security. This course is not intended for administrative or management staff (such as hostmasters). The BGP security course focuses only on the security aspects of the BGP routing protocol. We expect you to be already familiar with the fundamentals of BGP if you register for this course.

IMPORTANT: This is an advanced course, which requires a good understanding of TCP/IP, routing protocols and BGP knowledge.

Pre-requisites

  • Familiarity with TCP/IP and IP routing 
  • Familiarity with BGP routing
  • Experience with creating and updating objects in the RIPE Database

Course content

  • BGP & Routing Security 
  • Internet Routing Registry (IRR) 

- Activity: Create route(6) objects 

  • Filtering 

- Activity: Defining Filters 

  • Routing Security with RPKI 

- Registering in the RPKI System 

- Activity: Creating ROAs 

- RPKI Validation: Deploying RPKI Validators 

- Activity: Running Validators 

- RPKI Validation: Validating BGP Announcements 

- Activity: BGP Origin Validation with RPKI

  • What Else? 
  • BGP Tips & Tricks

Goals

  • Explain the vulnerabilities of the BGP protocol 
  • Discuss the causes of BGP incidents 
  • Describe BGP security measures 
  • Register routing information in the IRR database (RIPE Database) 
  • Implement filtering on eBGP sessions 
  • Create ROAs in the RPKI system 
  • Describe different RPKI implementation models 
  • Validate BGP routes with RPKI 
  • Implement Best Current Operational Practices (BCOP) for BGP routing security

Press enter to see more results