what are the threats at ixps and how to protect your
play

What are the threats at IXPs and how to protect your Internet - PowerPoint PPT Presentation

Apr 26, 2023 •336 likes •552 views

What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier raphael@acorus.net @rmaunier What are the threats at IXPs and how to protect your Internet architecture? Why using IXPs to protect your Internet

  1. What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier raphael@acorus.net @rmaunier

  2. What are the threats at IXPs and how to protect your Internet architecture? Why using IXPs to protect your Internet architecture against events or threats is a good idea? Raphael Maunier raphael@acorus.net @rmaunier

  3. Unexpected event : IXPs instability This will happen again don’t worry !! IXPs may have software issues, this can result in bgp instability and affect your traffic !

  4. Route leak ! Typo : We’ve all been there

  5. How to minimise the impact ? • BGP Timers / filtering / Max pref : Adapt your router configuration : cartman@core99.th2.par# show routing-instances nainternet protocols bgp group ipv4-public-peering-as51706-franceix type external; description "Group ipv4 Public Peering FranceIX AS51706"; hold-time 15; /* Accept prefixes with route tagged for this IXP AS51706 */ import ipv4-public-peering-as51706-in; family inet { unicast { prefix-limit { maximum 50; teardown 90 idle-timeout 300; } } } • Ask All members to change their bgp config in order to reduce the default value of the timer ( RFC suggested value is 90 sec). We now have faster, better, stronger equipment, we can definitively change this ! • https://tools.ietf.org/html/bcp214

  6. Traffic Flows

  7. DDOS Attack https://techcrunch.com/2018/03/02/the-worlds-largest-ddos-attack-took-github-offline-for-less-than-tens-minutes/

  8. How to address DDoS ?

  9. IXPs will have a solution for you ! Upgrade or buy more ports https://www.franceix.net/en/solutions/pricing/ Non Full 10G/100G ports are a good alternative and provide more flexibility !

  10. Blackholing https://www.franceix.net/en/technical/blackholing/

  11. Buy a DDoS Mitigation service J

  12. Another Threat : BGP Hijacking

  13. https://dyn.com/blog/bgp-hijack-of-amazon-dns-to-steal-crypto-currency/

  14. The role of an IXP

  15. Route Servers

  16. Route servers http://peering.exposed/ "A route server is considered Secure if it performs IRR and/or RPKI based filtering on all participants, and BY DEFAULT does not propagate unfiltered routing information to anyone. [RFC 7948 section 4.3 / RFC 7454 section 6] »

  18. Extract from Job Snijders’s presentation during EPF2018 (@ jobsnijders ) • IXPs – start doing RPKI Origin Validation on your route servers now • ISPs / CDNs • if you are pointing default somewhere, do it now • If your market is mostly West-Europe, do it now • If you are transit-free, wait a bit

  19. • It’s possible to fight against threat on an IXP, an it’s easy ! • IXP have to be restrictive and have to implement more and more security by default, if not, don’t go there • All ASN should monitor their space (with Bgpmon for example) • As an industry, we have to/MUST start to secure our routing ! There is no room anymore for approximation : we have to start to deploy RPKI

  20. Useful links • https://en.wikipedia.org/wiki/BGP_hijacking • https://blog.cloudflare.com/rpki-details/ • http://instituut.net/~job/routing_security_roadmap_EPF_2018_Snijd ers.pdf • Tools : • https://bgpmon.net/ • https://github.com/snar/bgpq3

  21. T.HANKS T.Hanks a lot !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Threats to and efforts to protect Acacia koa (koa) in Hawaii Dulal Borthakur University of Hawaii

Threats to and efforts to protect Acacia koa (koa) in Hawaii Dulal Borthakur University of Hawaii

Threats to and efforts to protect Acacia koa (koa) in Hawaii Dulal Borthakur University of Hawaii at Manoa Presentation at NASEM on December 1, 2017 1 The koa industry in Hawaii ~ $31 million annually 2 3 Koa is a dominant canopy

975 views • 63 slides
Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs 78 affjliated members 54 IXPs in the Euro-IX region, 49 countries, operating over 100 peering LANs 24 IXPs from the rest of the world

326 views • 21 slides
How do you protect your data in the face of Increasing costs, Rising threats Snowballing

How do you protect your data in the face of Increasing costs, Rising threats Snowballing

Veritas Backup Exec TM | April 2020 How do you protect your data in the face of Increasing costs, Rising threats Snowballing Evolving technology shrinking budgets and regulations complexity landscape Increasing costs, shrinking

393 views • 28 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
Puerto Rico T estsite for Exploring Contamination Threats (PROTECT) NIEHS SRP P42 Research

Puerto Rico T estsite for Exploring Contamination Threats (PROTECT) NIEHS SRP P42 Research

Puerto Rico T estsite for Exploring Contamination Threats (PROTECT) NIEHS SRP P42 Research Program Northeastern University; University of Puerto Rico; University of Michigan West Virginia University, Silent Spring Institute, EarthSoft

817 views • 44 slides
TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats

TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats

TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats Explosive ad incendiary Threats Bio Hazardous Powder Threats 3 Improvised mechanical Devices TR15 Smart Scan Can easily detect the component

192 views • 16 slides
Secure Your Home Network Vancouver ISSA - Community Outreach Program Security Awareness Training

Secure Your Home Network Vancouver ISSA - Community Outreach Program Security Awareness Training

Secure Your Home Network Vancouver ISSA - Community Outreach Program Security Awareness Training Overview of Securing your Home Network What do you need to protect? What are the threats? How do you protect against the threats? What

348 views • 31 slides
Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs. Route Server challenges Chris Malayter cmalayter@equinix.com What drives a RS integra6on? Two IXs merging into

433 views • 17 slides
Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect

Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect

Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect Your Revenue - Brussels, Geneva Luxury Law New York Summit David Hull 14 November 2018

461 views • 19 slides
The need for IXPs Shamika Sirimanne Director Information and Communications Technology and

The need for IXPs Shamika Sirimanne Director Information and Communications Technology and

Connecting economies and empowering people The Asia Pacific information superhighway and regional cooperation for better ICT connectivity: The need for IXPs Shamika Sirimanne Director Information and Communications Technology and Disaster

682 views • 10 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C. Schmidt, Matthias Whlisch Christmas is near!

1.15k views • 80 slides
parents fighting air pollution to protect the health of our children WHY MOMS CARE ABOUT TOXIC

parents fighting air pollution to protect the health of our children WHY MOMS CARE ABOUT TOXIC

We are a community of parents fighting air pollution to protect the health of our children WHY MOMS CARE ABOUT TOXIC AIR The Clean Air Act has never been fully implemented. Americas kids face grave threats from toxic chemicals in the air.

345 views • 11 slides
Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial

Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial

Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial Carriers and Carrier Neutral data center opportunities Different Folks have different Interconnection Strategies! National incumbent Telco or

321 views • 16 slides
#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason Blackett #MicroFocusCyberSummit Agenda Security threats in todays world How do you protect your endpoints? Key takeaways 3 Security Threats in

797 views • 23 slides
New Computing In 2019 and Beyond - Opportunities, Challenges, and Threats Fromm Institute Fall

New Computing In 2019 and Beyond - Opportunities, Challenges, and Threats Fromm Institute Fall

New Computing In 2019 and Beyond - Opportunities, Challenges, and Threats Fromm Institute Fall 2019 - Lecture 4 Bebo White - bebo.white@gmail.com 1 calendar 2 questions (1/3) How does one protect a patent in blockchain?

823 views • 56 slides
Review Open Call F4Fp-SME-1 Soumya Kanti Datta Digiotouch OU, Estonia soumya@digiotouch.com

Review Open Call F4Fp-SME-1 Soumya Kanti Datta Digiotouch OU, Estonia soumya@digiotouch.com

Review Open Call F4Fp-SME-1 Soumya Kanti Datta Digiotouch OU, Estonia soumya@digiotouch.com Cyberattack Readiness Assessment of IoT Platforms (CReAT) FEC5 Copenhagen, 24-25 April 2019 WWW.FED4FIRE.EU Outline Digiotouch description

669 views • 28 slides
A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon guillaume.valadon@ssi.gouv.fr RIPE 70 - May, 11 2015 ANSSI - http://www.ssi.gouv.fr/guide-ddos & https://goo.gl/UL8M1 1/12 ANSSI Created on July 7th 2009,

142 views • 12 slides
Data Use Professional Development Webinar for District Data Liaisons Rhode Island Department of

Data Use Professional Development Webinar for District Data Liaisons Rhode Island Department of

Data Use Professional Development Webinar for District Data Liaisons Rhode Island Department of Education July 10, 2012 Agenda Introductions Overview of Professional Development Series Expectations for 3-day training Roles

316 views • 8 slides
INDIAN ELECTRICITY GRID CODE-2010 Comments CERC (Central Electricity Regulatory Commission)

INDIAN ELECTRICITY GRID CODE-2010 Comments CERC (Central Electricity Regulatory Commission)

INDIAN ELECTRICITY GRID CODE-2010 Comments CERC (Central Electricity Regulatory Commission) has constituted an expert group to review IEGC-2010. CERC requested Tata Power-DDL to provide comments and suggestion on IEGC. Tata Power-DDL

1.43k views • 19 slides
DDP Induc)on Roderich Gross Welcome to Centre of Doctoral

DDP Induc)on Roderich Gross Welcome to Centre of Doctoral

DDP Induc)on Roderich Gross Welcome to Centre of Doctoral Training (CDT) CDT schedule Month 1: Induc)on, training needs analysis Month 10:

570 views • 24 slides
Driving Permits (DPs) Rebecca Huang UNECE Sustainable Transport Division 75 th Session, Global

Driving Permits (DPs) Rebecca Huang UNECE Sustainable Transport Division 75 th Session, Global

Driving Permits (DPs) Rebecca Huang UNECE Sustainable Transport Division 75 th Session, Global Forum for Road Traffic Safety, Geneva, September 2017 . Overview Background Key questions Guiding principles Next steps

139 views • 12 slides
Properties for Exchange Griswold Site Approximately 9.6 acres of property located at 16209 E.

Properties for Exchange Griswold Site Approximately 9.6 acres of property located at 16209 E.

Properties for Exchange Griswold Site Approximately 9.6 acres of property located at 16209 E. San Bernardino Rd., Covina Pioneer Site Approximately 8.82 acres of property located at 1651 E. Rowland Ave., West Covina Vincent

235 views • 12 slides
STEM Presentation Director of Technology, Innovation, & Information Services Mary Alexis

STEM Presentation Director of Technology, Innovation, & Information Services Mary Alexis

INTRODUCTIONS Edward Kemnitzer @kemnitzer3 STEM Presentation Director of Technology, Innovation, & Information Services Mary Alexis Pace @MAPaceEWSD Director of Science Curriculum Night Dr. Robert Teseo @EWSDMath Secondary

64 views • 4 slides

More recommend