共查询到20条相似文献,搜索用时 125 毫秒
1.
朱绪全 《信息技术与信息化》2022,(2):169-172
路由协议安全是网络安全的重要组成部分,BGP协议是网络中最重要的外部网关协议。针对边界网关协议的脆弱性以及安全隐患,深入分析其攻击原理,提出几种可行的安全防范措施。使用S-BGP使用证书和路径属性签名验证BGP协议信息的有效性,通过增加公钥基础设施、确认属性、IPSec三个安全机制共同保证BGP协议的安全;提供一种动态密钥管理机制,与BGP原有的密钥管理机制相结合,防止设备层面的密钥攻击,保证交互信息的安全性;通过SDP授权安全防护,对端点进行身份验证和授权,建立安全可信连接;BGP协议层面增加确认机制,增强BGP协议的可靠性。文章的研究能够为以后BGP系统的安全防护提供帮助,可有效提供网络的安全性和稳定性。 相似文献
2.
3.
文中研究栅格化网络广泛应用OSPF和BGP路由协议的安全性,分析路由协议的脆弱性与常规攻击手段,重点论证基于数字签名的OSPF、可信OSPF协议设计、BGP安全扩展、BGP报文保护等方案,以实现OSPF路由器发布公告与OSPF路由器间建立邻居关系的可靠性,有效解决BGP协议点到点通信链路的安全、地址起源认证、路由信息的完整性和真实性认证,为栅格化网络建设提供自主可控、安全可靠的路由协议。 相似文献
4.
边界网关协议是因特网上最重要的路由协议之一。它是主要用于自治系统之间交换路由信息的动态分布式路由协议。本介绍了边界网关协议的基本原理,包括BGP的操作、BGP的路由、消息类型以及分组格式。 相似文献
5.
MPLS/BGP4 VPN原理与实现 总被引:1,自引:0,他引:1
目前,基于IP的企业内部网正在改变企业的商务模式。企业不仅需要内部数据交流,还要求企业之间数据能共享。为了既满足这些需求又能保证数据安全,网络提供商们把目光投向了基于IP的虚拟专用网(VPN)技术。在众多IPVPN技术中,多协议标签交换/边界网关协议4(MPLS/BGP4)VPN独具特色,它能向用户提供安全、灵活、可扩展的VPN方案。BGP4协议负责传送各种VPN控制信息和路由信息,其可扩展性是MPLS/BGP4VPN的一大优点。文章主要介绍了MPLS/BGP4VPN工作原理,并给出实现时相关问题的处理对策。 相似文献
6.
7.
王凯 《信息技术与信息化》2023,(1):158-162
互联网在进行域间路由信息交互时域间路由器需要使用BGP协议完成路由交换,但是由于BGP设计上存在一些缺陷,导致出现前缀劫持、路由泄露以及TCP拒绝式服务连接等安全问题。为了解决BGP协议设计上的安全漏洞,利用区块链技术,设计了一种防御成本低、安全较高、无需变动BGP协议、安全机制容易部署、容易维护的、轻量级的BGP劫持防御机制。首先对原有的区块链数据结构进行改进,根据BGP协议特点设计出了交易索引表结构;其次利用区块链索引表进行IP前缀所有权的查询、更新,并有效防止了后续攻击;最后利用信用积分机制来赋予处理交易的队列优先级。 相似文献
8.
9.
BGP路由协议是一种外部网关协议,以动态交换路由信息协议的模式发挥着重大的作用,积极运用该协议能够有效完善和提高网络技术服务。铁通公司作为我国一大互联网技术服务商,其在本技术的基础上积极运用BGP路由协议,进而为丰富与提高铁通互联网技术服务提供了可能。在此,本文首先从分析BGP协议概念、基本原理着手,进而重点研究BGP路由协议在铁通互联网中的应用。 相似文献
10.
Zebra与BGP路由监测的实现 总被引:1,自引:0,他引:1
主要研究边界网关协议(BGP)网络拓扑动态重构及网络稳定性.通过路由软件Zebra实现一个具有部分路由器功能的监测代理,并将其连接到网络中一台BGP边界路由器,通过它们之间的BGP协议交互,监测代理可捕获到整个网络的路由信息,并籍此进行BGP路由监测. 相似文献
11.
A Survey of BGP Security Issues and Solutions 总被引:2,自引:0,他引:2
Butler K. Farley T.R. McDaniel P. Rexford J. 《Proceedings of the IEEE. Institute of Electrical and Electronics Engineers》2010,98(1):100-122
As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing interdomain routing. This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security. We explore the limitations and advantages of proposed security extensions to BGP, and explain why no solution has yet struck an adequate balance between comprehensive security and deployment cost. 相似文献
12.
The stable paths problem and interdomain routing 总被引:1,自引:0,他引:1
Dynamic routing protocols such as RIP and OSPF essentially implement distributed algorithms for solving the shortest paths problem. The border gateway protocol (BGP) is currently the only interdomain routing protocol deployed in the Internet. BGP does not solve a shortest paths problem since any interdomain protocol is required to allow policy-based metrics to override distance-based metrics and enable autonomous systems to independently define their routing policies with little or no global coordination. It is then natural to ask if BGP can be viewed as a distributed algorithm for solving some fundamental problem. We introduce the stable paths problem and show that BGP can be viewed as a distributed algorithm for solving this problem. Unlike a shortest path tree, such a solution does not represent a global optimum, but rather an equilibrium point in which each node is assigned its local optimum. We study the stable paths problem using a derived structure called a dispute wheel, representing conflicting routing policies at various nodes. We show that if no dispute wheel can be constructed, then there exists a unique solution for the stable paths problem. We define the simple path vector protocol (SPVP), a distributed algorithm for solving the stable paths problem. SPVP is intended to capture the dynamic behavior of BGP at an abstract level. If SPVP converges, then the resulting state corresponds to a stable paths solution. If there is no solution, then SPVP always diverges. In fact, SPVP can even diverge when a solution exists. We show that SPVP will converge to the unique solution of an instance of the stable paths problem if no dispute wheel exists 相似文献
13.
14.
Yi Guo Zhenxing Wang Shaopeng Luo Yu Wang 《International Journal of Communication Systems》2012,25(8):1068-1076
There have been many researches on border gateway protocol (BGP) security, most of which mainly focused on how to enhance the security of the BGP protocol or the interdomain routing system. However, few works studied the vulnerabilities especially the production mechanism of security events in the interdomain routing system. It takes many obstacles to understand and improve the security of the interdomain routing system. This paper explores the cascading failure phenomenon of the interdomain routing system. First, we devise a state machine to describe the state transition of BGP nodes and then give a detailed analysis of the BGP failure. Second, on the basis of the preferential attachment characteristic, we propose a cascading failure model for the interdomain routing system, which depicts the production mechanism of cascading failure, and introduce two evaluating indicators, the proportion of failed nodes and the proportion of failed links, to assess the scale of cascading failure. Furthermore, we apply the cascading failure model to display two different cascading failure scenes. The experimental results show that random failure has less influence on the interdomain routing system, while its robustness against hostile attack is weak. Copyright ©2011 John Wiley & Sons, Ltd. 相似文献
15.
基于IEEE802.11无线局域网的安全性研究 总被引:1,自引:0,他引:1
随着无线局域网的不断发展,网络安全问题日益突出。这里根据无线局域网信道的特点,首先介绍了无线局域网的安全需求,其次,描述了基于IEEE802.11无线局域网标准的有线等效保密(WEP)协议原理,并对WEP协议存在的安全漏洞及其相应的攻击进行了分析,最后,针对这些安全漏洞和攻击提出了增强无线局域网安全性的改进方案。 相似文献
16.
边界网关协议(border gateway protocol,BGP)是支撑互联网50年来快速发展的核心协议,因早期设计考虑不足一直存在路由劫持、路由泄露等路由安全威胁漏洞。随着互联网应用日益深入,BGP 路由安全问题逐渐引起业界重视,边界网络安全防护意义重大。提出了一种BGP路由安全检测架构,通过推理构建全球BGP路由知识库实现互联网全局路由可视性,并基于此实现路由劫持、路由泄露等路由安全事件的准实时检测。通过在杭州交换中心部署实践,证明本系统可构造较完整的互联网全局路由知识库、实现较准确和实时的BGP路由安全事件检测。 相似文献
17.
18.
The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol used to exchange network reachability information between ASes in the global Internet. However, Varadhan et al. [19] has shown that the conflict of BGP routing policies can cause BGP to diverge. This paper presents an approach to seek the set of conflict routing policies based on dispute cycle avoidance. The stable paths problem, a static formalism that captures the semantics of interdomain routing protocol, provides the theoretical foundation for this approach. And this approach draws on the simple path vector protocol to identify the dispute cycles that cause routing oscillation first, and then queries which routing policies lead to these cycles in a distributed manner. Finally, it determines conflict routing policies based on dispute cycle avoidance. Moreover, we present a method to determine the severity level of dispute routing policies based on AS relationships and configuration guidelines of routing policy presented by Gao and Rexford [4]. And this method can help Network administrators determine the top-priority routing policies to be fixed and improve the efficiency of debugging routing policies. In addition, a simulation instance is given in order to explain results of this method. 相似文献
19.
BGP(border gateway protocol,边界网关协议)在设计之初并没有充分考虑安全问题,随着互联网规模的日益壮大,其安全风险也暴露得愈加明显。学术界和工业界提出了诸多方案解决域间路由面临的安全问题,目前真正得以部署的是IETF(the Internet Engineering Task Force,互联网工程任务组)推动的资源公钥基础设施(resource public key infrastructure,RPKI)。综述了RPKI的技术现状和研究进展,重点分析了RPKI存在的问题、现有的解决方案以及不足之处,介绍了RPKI功能扩展的相关研究,最后指出了未来有潜力的研究方向。 相似文献
20.
主要研究边界网关协议(BGP)网络拓扑动态重构及网络稳定性。通过路由软件Zebra实现一个具有部分路由器功能的监测代理,并将其连接到网络中一台BGP边界路由器,通过它们之间的BGP协议交互,监测代理可捕获到整个网络的路由信息,并籍此进行BGP路由监测。 相似文献