Border Gateway Protocol (BGP) Security
Published by Pearson
Master the art of safeguarding global Internet routing with cutting-edge BGP security techniques
- Real-World Scenarios: Practical labs and case studies based on real-world attacks and mitigation strategies.
- Advanced Threat Mitigation: Covers cutting-edge techniques to protect against route hijacking, spoofing, and DDoS attacks.
- Comprehensive Coverage: Goes beyond the basics, including advanced topics like RPKI, BGP filtering, and MANRS compliance.
- Tailored Learning: Designed for both network engineers and security professionals, bridging the gap between theory and practical implementation.
The BGP Security course provides a comprehensive, hands-on approach to securing Border Gateway Protocol (BGP) networks, which are vital to global Internet routing. Given BGP’s inherent vulnerabilities, including route hijacking, spoofing, and DDoS attacks, this course equips network engineers and security professionals with the skills to safeguard critical infrastructure. Through real-world case studies and practical labs, participants will learn advanced threat mitigation techniques, including RPKI, BGP filtering, and MANRS compliance. By bridging the gap between theory and practical implementation, this course ensures that learners are prepared to protect and enhance the security of Internet routing in today’s evolving threat landscape.
What you’ll learn and how you can apply it
BGP Basics and Vulnerabilities:
- Overview of BGP protocol and its role in internet routing.
- Common BGP vulnerabilities, including route hijacking, route leaks, and spoofing.
BGP Threat Landscape:
- Real-world examples of BGP-related attacks.
- Analysis of attack vectors and their impact on network security.
RPKI and Cryptographic Security:
- Introduction to Resource Public Key Infrastructure (RPKI).
- Configuring and deploying RPKI for origin validation.
MANRS (Mutually Agreed Norms for Routing Security):
- Understanding MANRS principles and how to comply with them.
- Practical steps to implement MANRS actions in your network.
Securing BGP Sessions:
- Implementing MD5 and TCP-AO for session protection.
- Securing eBGP and iBGP peering relationships.
Hands-On Labs and Real-World Scenarios:
- Practical exercises to apply learned concepts.
- Simulating and mitigating BGP-related attacks in a lab environment.
This live event is for you because...
- You are a Network engineer, architect, and/or security professional.
Prerequisites
Networking Fundamentals
- Basic understanding of the TCP/IP model and IP addressing (IPv4/IPv6).
- Familiarity with routing concepts, including static and dynamic routing.
BGP Basics
- Knowledge of how Border Gateway Protocol (BGP) operates, including route advertisements, AS numbers, and path selection.
- Awareness of BGP configuration syntax on networking devices (Cisco IOS, Juniper, etc.).
Security Concepts
- Familiarity with general security principles, including encryption, authentication, and attack types (e.g., Man-in-the-Middle, DDoS).
Course Set-up
Recommended Preparation
- Watch: Border Gateway Protocol (BGP) LiveLessons (Video Training) by Jeff Doyle
Recommended Follow-up
- Read: Troubleshooting BGP: A Practical Guide to Understanding and Troubleshooting BGP by Vinit Jain and Brad Edgeworth
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Segment 1: Overview of BGP Security (20 minutes)
- Why Secure BGP?
- BGP Threats & Attacks: DDoS, MITM, DNS Manipulation, and Route Hijacking
Q&A (10 minutes)
Segment 2: Securing Intra-domain BGP (50 minutes)
- Authentication & Integrity
- Infrastructure Access Control Lists (ACLs)
- Time-to-Live (TTL) Check
- AS-PATH Length Limiting
- Control Plane Policing (CoPP)
- BGP Remote Triggered Black Hole (RTBH)
- Next-hop Filtering
- Prefix and AS-PATH validation
- Exercise: There will be a lab ready for demonstrating all the subtopics mentioned in Segment 2.
Q&A (10 minutes)
Breaks (10 minutes)
Segment 3: Securing Inter-domain BGP (50 minutes)
- BGP Communities
- Inbound & Outbound community scrubbing
- Internet Routing Registry Databases (IRRDB)
- Mutually Agreed Norms for Routing Security (MANRS)
- Resource Public Key Infrastructure (RPKI/ROA)
- Exercise: There will be a lab ready for demonstrating RPKI/ROA, BGP communities.
Q&A (10 minutes)
Breaks (10 minutes)
Segment 4: BGP Security Innovations (45 minutes)
- BGP Flowspec
- BGPSec
- BGP Flowspec
- BGP over TLS/TCP
- FC-BGP
- BGP over QUIC
Q&A (5 minutes)
Course wrap-up and next steps (20 minutes): There will be a ready PDF file to share with attendees covering all the topics discussed with comprehensive labs for practice.
Your Instructor
Mohammad Khalil
Mohammad Khalil is an experienced service provider and enterprise expert, having worked in several service provider networks within the MENA region. Currently, he is a leader with the Cisco Competitive Win Center team covering enterprise architecture and working closely with Cisco sales/technical teams on designing their solutions. He was honored to be one of the SMEs for the CCIE Service Provider blueprint, SME for updated content of the CCIE Enterprise, and president of the Jordan IPv6 Council (part of the IPv6FORUM).