{"id":7135,"date":"2024-10-01T14:58:57","date_gmt":"2024-10-01T18:58:57","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=7135"},"modified":"2024-10-11T14:59:36","modified_gmt":"2024-10-11T18:59:36","slug":"border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/","title":{"rendered":"Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing"},"content":{"rendered":"<div class=\"detail-layout-description mighty-wysiwyg-content mighty-max-content-width fr-view\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium_large wp-image-7136\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol-768x384.jpg\" alt=\"Border Gateway Protocol\" width=\"768\" height=\"384\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg 800w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/p>\n<p style=\"text-align: justify;\"><em><strong><span class=\"ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak\" dir=\"ltr\">Erich Kron, a Security Awareness Advocate at <a href=\"https:\/\/www.knowbe4.com\/\" target=\"_blank\" rel=\"noopener\">KnowBe4<\/a>, shares his commentary on border gateway protocol (BGP) and its ties to a decades-old vulnerability in Internet traffic routing. <\/span><\/strong><\/em><em><strong><span class=\"ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak\" dir=\"ltr\">This article originally appeared in <a class=\"external\" href=\"https:\/\/insightjam.com\/share\/W9PNIZN-ugApeSN3?utm_source=manual\" target=\"_blank\" rel=\"noopener nofollow\">Insight Jam<\/a>, an enterprise IT community that enables human conversation on AI.<\/span><\/strong><\/em><\/p>\n<p id=\"isPasted\" style=\"text-align: justify;\"><a href=\"https:\/\/insightjam.com\/share\/W9PNIZN-ugApeSN3?utm_source=manual\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-6886 alignleft\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/10\/insightjam_logo.jpg\" alt=\"Insight Jam\" width=\"100\" height=\"100\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2023\/10\/insightjam_logo.jpg 100w, https:\/\/solutionsreview.com\/identity-management\/files\/2023\/10\/insightjam_logo-60x60.jpg 60w\" sizes=\"(max-width: 100px) 100vw, 100px\" \/><\/a>When the Internet was first created, the original designers had no way of knowing what it would\u00a0<span style=\"box-sizing: border-box; margin: 0; padding: 0; text-align: left;\">become or\u00a0<em>how\u00a0<\/em>it would evolve into what we know today. Because of this massive worldwide adoption, the Internet has grown rapidly and undergone incredible transformations in a relatively short <\/span>time. However, since the Internet has changed so much in so little time, it is only natural that its evolution has left some significant gaps.<\/p>\n<p style=\"text-align: justify;\">The lack of built-in security for the Internet has become a significant issue. In a time of ever-increasing cyber-attacks and an expanding threat landscape, few things are more concerning than the lack of a centralized, resilient identity and access control framework. When we log onto websites, emails, or other services, we&#8217;re not actually logging on to the Internet in any meaningful way. Instead, we&#8217;re logging into dozens or hundreds of fragmented networks. That&#8217;s because there is no centralized solution to manage identity and access. Instead, we must rely on services and websites to provide this management independently. This is why we end up with so many passwords and credentials.<\/p>\n<p style=\"text-align: justify;\">While this is very inconvenient for individuals, it also results in significant vulnerabilities to the Internet. It is far too late to engineer and deploy the type of access security controls that could secure the Internet. The Internet&#8217;s core network routing technology, Border Gateway Protocol (BGP), is one such service with a huge vulnerability capable of bringing the Internet to its knees.<\/p>\n<p style=\"text-align: justify;\">The BGP works quietly in the background and controls Internet traffic flow between over 74,000 Autonomous Systems (ASes). Most, but not all, ASes are Internet Service Providers (ISPs) that<strong>\u00a0<\/strong>work together to ensure the most efficient flow of data across the Internet while remaining independent.<em>\u00a0<\/em>The major vulnerability in this case is that ASes can publish Internet routing changes that could:<\/p>\n<ol style=\"text-align: justify;\" start=\"1\" type=\"1\">\n<li>Stop data from reaching certain websites,<\/li>\n<li>Redirect legitimate traffic to other websites,<\/li>\n<li>Affect large amounts of the Internet, all without requiring authentication of the Autonomous System or the fact that they control the network spaces they claim to.<\/li>\n<\/ol>\n<p style=\"text-align: justify;\">This lack of authentication or authorization related to changing BGP records is a significant threat to the Internet as a whole. Whether BGP changes result from an accidental typo that reroutes the internet traffic or a malicious act by a hacker, the result is the same. It is mind-boggling to think that the Internet has functioned as long as it has with this vulnerability in place and without many significant issues occurring. When a core component of the Internet is managed by trusting that changes are correct and non-malicious, concern for the future is warranted.<\/p>\n<p style=\"text-align: justify;\">Fortunately, technologies are being developed that can help with this problem. The most well-accepted yet greatly unused technology is Resource Public Key Infrastructure (RPKI). This technology uses certificates and encryption to validate the identity of a BGP route change. It can confirm that the requester controls the IP space related to the changes they are making. This works on the same type of technology that we use to secure website traffic and sensitive data. Unfortunately, its deployment can be complex, costly, and time-consuming and is not required or used by most ASes. The decentralized nature of the Internet, in that it is not being controlled by any single entity, nation, or organization, makes it impossible to enforce the adoption of this protocol.<\/p>\n<p style=\"text-align: justify;\">It&#8217;s important to note that since the Internet continues to be a key aspect of government and military operations, the risk of BGP-based attacks continues to grow. This problem can no longer be ignored. ASes that have not adopted RPKI should consider adopting it now rather than waiting for an accidental or maliciously published BGP route to wreak havoc on people around the globe.<\/p>\n<p style=\"text-align: justify;\">The good news is that, although not required, the adoption of RPKI has been increasing and will hopefully accelerate as more ASes adopt the technology in the future. This problem of securing internet routing traffic is gaining high-level attention. Recently, the White House released <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2024\/09\/Roadmap-to-Enhancing-Internet-Routing-Security.pdf\" target=\"_blank\" rel=\"noopener\">guidance<\/a> on how to secure the BGP. Although it may be too late to secure the BGP properly, considering how long it has had this vulnerability, any incremental steps forward by the government are commendable.<\/p>\n<p style=\"text-align: justify;\">The next step is for organizations and vendors to implement these guidelines or for the government to enforce best practices, at least on a national level. Hopefully, if the following steps are handled correctly, in a year or two, internet traffic routing will finally be more difficult to compromise.<\/p>\n<hr \/>\n<p style=\"text-align: justify;\">\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Erich Kron, a Security Awareness Advocate at KnowBe4, shares his commentary on border gateway protocol (BGP) and its ties to a decades-old vulnerability in Internet traffic routing. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI. When the Internet was first created, the original designers had no [&hellip;]<\/p>\n","protected":false},"author":1166,"featured_media":7136,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[2308,107,2309,1930],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing<\/title>\n<meta name=\"description\" content=\"Erich Kron at KnowBe4 shares commentary on border gateway protocol (BGP) and its ties to Internet traffic routing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Erich Kron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/\",\"name\":\"Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg\",\"datePublished\":\"2024-10-01T18:58:57+00:00\",\"dateModified\":\"2024-10-11T18:59:36+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/0547555625ca1a3dcaea324b8285affd\"},\"description\":\"Erich Kron at KnowBe4 shares commentary on border gateway protocol (BGP) and its ties to Internet traffic routing.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg\",\"width\":800,\"height\":400,\"caption\":\"Border Gateway Protocol\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/0547555625ca1a3dcaea324b8285affd\",\"name\":\"Erich Kron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Erich-Kron.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Erich-Kron.jpg\",\"caption\":\"Erich Kron\"},\"description\":\"Erich Kron is a Security Awareness Advocate at KnowBe4. He is a veteran information security professional with over 25 years\u2019 experience in the medical, aerospace manufacturing and defense fields, author, and regular contributor to cybersecurity industry publications. He is the former security manager for the US Army's 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP and many other certifications.\",\"sameAs\":[\"https:\/\/www.knowbe4.com\/\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/ekron\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing","description":"Erich Kron at KnowBe4 shares commentary on border gateway protocol (BGP) and its ties to Internet traffic routing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/","twitter_misc":{"Written by":"Erich Kron","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/","url":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/","name":"Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg","datePublished":"2024-10-01T18:58:57+00:00","dateModified":"2024-10-11T18:59:36+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/0547555625ca1a3dcaea324b8285affd"},"description":"Erich Kron at KnowBe4 shares commentary on border gateway protocol (BGP) and its ties to Internet traffic routing.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Border-Gateway-Protocol.jpg","width":800,"height":400,"caption":"Border Gateway Protocol"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/border-gateway-protocol-a-decades-old-vulnerability-in-internet-traffic-routing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Border Gateway Protocol: A Decades-Old Vulnerability in Internet Traffic Routing"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/0547555625ca1a3dcaea324b8285affd","name":"Erich Kron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Erich-Kron.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2024\/10\/Erich-Kron.jpg","caption":"Erich Kron"},"description":"Erich Kron is a Security Awareness Advocate at KnowBe4. He is a veteran information security professional with over 25 years\u2019 experience in the medical, aerospace manufacturing and defense fields, author, and regular contributor to cybersecurity industry publications. He is the former security manager for the US Army's 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP and many other certifications.","sameAs":["https:\/\/www.knowbe4.com\/"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/ekron\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/7135"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/1166"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=7135"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/7135\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/7136"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=7135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=7135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=7135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}