11/9/2004SPARTA: IETF 611 RPSEC THREATS STATUS Sandra Murphy.

Slides:

Advertisements

Similar presentations

A Threat Model for BGPSEC

Advertisements

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 2 – Single Area OSPF Single Area OSPF Link State Routing.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

Problem Statement and Architecture for Information Exchange Between Interconnected Traffic Engineered Networks draft-farrel-interconnected-te-info-exchange-03.txt.

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

BGP Security APNIC Open Policy Meeting Routing SIG 23 February 2005 Kyoto, Japan Russ Housley

Update to: The OSPF Opaque LSA Option draft-berger-ospf-rfc2370bis Lou Berger Igor Bryskin Alex Zinin

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

Lecture 1: Overview modified from slides of Lawrie Brown.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

Challenge: Securing Routing Protocols Adrian Perrig

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Introduction (Pendahuluan)  Information Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

82 nd IETF – Taipei, Taiwan, November 2011 GMPLS OSPF Enhancement for Signal and Network Element Compatibility for Wavelength Switched Optical Networks.

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

Benchmarking Terminology for Routers Supporting Resource Reservation Gábor Fehér, Krisztián Németh, András Korn Budapest University of Technology and Economics.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

Routing and Routing Protocols Dynamic Routing Overview.

Cryptography and Network Security

December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.

Dennis Beard Sandra Murphy Yi Yang March 2003 Threats to Routing Protocols.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

1 BENCHMARKING IGP DATA PLANE ROUTE CONVERGENCE draft-ietf-bmwg-igp-dataplane-conv-app-08.txt draft-ietf-bmwg-igp-dataplane-conv-term-08.txt draft-ietf-bmwg-igp-dataplane-conv-meth-08.txt.

Introduction to OSPF Nishal Goburdhan. Routing and Forwarding Routing is not the same as Forwarding Routing is the building of maps Each routing protocol.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

OSPF Extensions for ASON Routing draft-ietf-ccamp-gmpls-ason-routing-ospf-02.txt IETF67 - San Diego - Nov’06 Dimitri Papadimitriou (Alcatel)

WSON Summary Young Lee Document Relationships Information Gen-constraints Encode WSON Encode Signal Compatibility OSPF Gen-constraints.

CAPWAP Arch-Draft Issues IETF 59, Seoul 4 March 2004.

#3: Protocol Document (draft-ietf-drinks-spprov) Presenter: Syed Ali (On behalf of the authors: Ken Cartwright, Syed Ali, Alex Mayrhofer and Jean-Francois.

PSAMP MIB Status Managed Objects for Packet Sampling A Status Report Thomas Dietz Benoit Claise

Static Routes Static routing occurs when you manually add routes in each router's routing table.

1 ForCES Applicability Statement Alan Crouch Mark Handley Hormuzd Khosravi 65 th IETF Meeting, Dallas.

RPsec Minneapolis in March (it’s a tradition!) IETF 62.

Routing Information Protocol

Computer threats, Attacks and Assets upasana pandit T.E comp.

C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP

NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.

1 IGP Data Plane Convergence Benchmarking draft-ietf-bmwg-igp-dataplane-conv-app-00.txt draft-ietf-bmwg-igp-dataplane-conv-term-00.txt draft -ietf-bmwg-igp-dataplane-conv-meth-00.txt.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy

Routing Threats and Key Management Sandra Murphy

Cryptography and Network Security

Managed Objects for Packet Sampling

Information System and Network Security

Synchronisation of Network Parameters draft-bryant-rtgwg-param-sync-00

A. Báder, L. Westberg, G. Karagiannis,

CNET334 - Network Security

Cryptography and Network Security

OSPF WG Status IETF 98, Chicago

Privacy Recommendations for 802 LMSC Section 8: Recommendations

Security network management

draft-ietf-ospf-te-link-attr-reuse-04

Presentation transcript:

11/9/2004SPARTA: IETF 611 RPSEC THREATS STATUS Sandra Murphy

11/9/2004SPARTA: IETF 612 TYPES OF CHANGES Substantive – topics added or removed Editorial – attempts to remove inconsistencies, self-contradictions, incompleteness, etc. Usage nits and typos

11/9/2004SPARTA: IETF 613 SUBSTANTIVE The abstract and section 3 said text would talk about “capabilities” and “motivations” of the attacker. –No such text existed –But important issues – didn’t want to just delete the reference –Used text from message on mailing list – to create new Section – Threat Sources

11/9/2004SPARTA: IETF 614 SUBSTANTIVE Section 4.8 “Byzantine Failures” as attack was redundant with attacks listed in –Removed section –Used some of the text in Section Interference: Changed “The threat consequence will cease when the attacker stops overclaiming, and will totally disappear when the routing tables are converged” to “will not cease when the attacker stops overclaiming, and will totally disappear only when the routing tables are converged.” (think this was really a typo)

11/9/2004SPARTA: IETF 615 SUBSTANTIVE Misclaiming A misclaiming threat is defined as an action where an attacker is advertising its authorized control of some network resources in a way that is not intended by the authoritative network administrator. Changed to… advertising some network resources that it is authorized to control, but in a way that is not intended by the authoritative network administrator. For example, it may be advertising inappropriate link costs in an OSPF LSA. {difficult to consider attack if advertisement is based solely on router internal state – if the router says its link is down, who are we to argue?}

11/9/2004SPARTA: IETF 616 EDITORIAL OutsidersInsidersCompromised routers Subverted devicesSubverted linksUnauthorized routers Unauthorized entities: - entities outside RS - subverted entities within RS Unauthorized entities: such as attackers Masquerading routers Compromised linksSubverted routers The text talks about: Not always consistent: “Overclaiming occurs when a subverted router … Compromised routers, unauthorized routers, and masquerading routers can overclaim …. Not complete: what about faulty routers? misconfigured?

11/9/2004SPARTA: IETF 617 EDITORIAL Reduced to –“outsiders” –“Byzantine routers” faulty misconfigured subverted Changed text everywhere to conform –In some places, “subverted routers” got expanded to “outsiders or Byzantine routers”

11/9/2004SPARTA: IETF 618 EDITORIAL Section 3.1 defined threat two different ways in the same paragraph. –“a threat is defined as a motivated, capable adversary” –“In [1], a threat is defined as a potential for violation of security” {[1] is Security Glossary RFC} Stuck with definition of [1] for consistency with other terminology in the draft Moved “capable, motivated adversary” text to capabilities section

11/9/2004SPARTA: IETF 619 EDITORIAL “Overload” was overloaded term –threat consequence “the routing protocol messages themselves become a significant portion of the traffic the network carries” –threat action “a threat action whereby attackers place excess burden on legitimate routers” Renamed “overload” threat consequence to “overcontrol”