|
RPKI
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework to support improved security for the Internet's BGP routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP addresses) to a trust anchor. The certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the regional Internet registries (RIRs), who in turn distribute them to local Internet registries (LIRs), who then distribute the resources to their customers. RPKI can be used by the legitimate holders of the resources to control the operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is used to secure the Border Gateway Protocol (BGP) through BGP Route Origin Validation (ROV), as well as Neighbor Discovery Protocol (ND) for ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Route Hijacking
BGP hijacking (sometimes referred to as prefix hijacking, route hijacking or IP hijacking) is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol (BGP). Background The Internet is a global network that enables any connected host, identified by its unique IP address, to talk to any other, anywhere in the world. This is achieved by passing data from one router to another, repeatedly moving each packet closer to its destination, until it is delivered. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into prefixes. These prefixes will be originated, or owned, by an autonomous system (AS), and the routing tables between ASes are maintained using the Border Gateway Protocol (BGP). A group of networks that operates under a single external routing policy is known as an autonomous system. For example, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Secure Neighbor Discovery
The Secure Neighbor Discovery (SEND) protocol is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6 defined in RFC 3971 and updated by RFC 6494. The Neighbor Discovery Protocol (NDP) is responsible in IPv6 for discovery of other network nodes on the local link, to determine the link layer addresses of other nodes, and to find available routers, and maintain reachability information about the paths to other active neighbor nodes (RFC 4861). NDP is insecure community.infoblox.com, 2.10.2015 and susceptible to malicious interference. It is the intent of SEND to provide an alternate mechanism for securing NDP with a cryptographic method that is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Public Key Infrastructure
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. In cryptography, a PKI is an arrangement that ''binds'' public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Autonomous System (Internet)
An autonomous system (AS) is a collection of connected Internet protocol address, Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Regional_Internet_registry#Local_Internet_registry, local Internet registries (LIRs) and end-user organizations by their respective Regional Internet registry, regional Internet registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use (and should therefore not be announced to the global Internet). Originally, the definition required control by a single entity, typically an Internet service provid ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Neighbor Discovery Protocol
The Neighbor Discovery Protocol (NDP), or simply Neighbor Discovery (ND), is a protocol of the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the internet layer of the Internet model, and is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways. The protocol defines five ICMPv6 packet types to perform functions for IPv6 similar to the Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP) ICMP Router Discovery Protocol, Router Discovery and ICMP Redirect Message, Router Redirect protocols for IPv4. It provides many improvements over its IPv4 counterparts. For example, it includes Neighbor Unreachability Detection (NUD), thus improving robustness of packet delivery in the presence of failing routers or links, or mobile nodes. The Inverse Neighbor Discovery (IND) protocol extension allows nodes to deter ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Autonomous System (Internet)
An autonomous system (AS) is a collection of connected Internet protocol address, Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Regional_Internet_registry#Local_Internet_registry, local Internet registries (LIRs) and end-user organizations by their respective Regional Internet registry, regional Internet registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use (and should therefore not be announced to the global Internet). Originally, the definition required control by a single entity, typically an Internet service provid ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trust Anchor
In cryptographic systems with hierarchical structure, a trust anchor is an authoritative entity for which trust is assumed and not derived. In the X.509 architecture, a root certificate would be the trust anchor from which the whole chain of trust is derived. The trust anchor must be in the possession of the trusting party beforehand to make any further certificate path validation possible. Most operating systems provide a built-in list of self-signed root certificates to act as trust anchors for applications. The Firefox web browser also provides its own list of trust anchors. The end-user of an operating system or web browser is implicitly trusting in the correct operation of that software, and the software manufacturer in turn is delegating trust for certain cryptographic operations to the certificate authorities responsible for the root certificates. See also * Web of trust In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BGPsec
Border Gateway Protocol Security (BGPsec) is a security extension of the Border Gateway Protocol defined in RFC 8205, published in September 2017. BGPsec provides to receivers of valid BGPsec UPDATE messages cryptographic verification of the routes they advertise. BGPsec replaces the BGP AS_PATH attribute with a new BGPsec_Path attribute. BGPsec RFCs * - BGPsec Protocol Specification * - BGPsec Considerations for Autonomous System (AS) Migration * - BGPsec Operational Considerations * - BGPsec Algorithms, Key Formats, and Signature Formats * - A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests See also * Autonomous system (Internet) * Border Gateway Protocol Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it ... References ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Public-key Cryptography
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security. There are many kinds of public-key cryptosystems, with different security goals, including digital signature, Diffie–Hellman key exchange, Key encapsulation mechanism, public-key key encapsulation, and public-key encryption. Public key algorithms are fundamental security primitives in modern cryptosystems, including applications and protocols that offer assurance of the confidentiality and authenticity of electronic communications and data storage. They underpin numerous Internet standards, such as Transport Layer Security, T ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Quagga (software)
Quagga is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP) and IS-IS for Unix-like platforms, particularly Linux, Solaris, FreeBSD and NetBSD. Quagga is distributed under the terms of the GNU General Public License v2 (GPL2). In April 2017, FRRouting forked from Quagga aiming for a more open and faster development. Name The project takes its name from the quagga, an extinct sub-species of the African zebra. Quagga is a fork of the GNU Zebra project which was developed by Kunihiro Ishiguro and which was discontinued in 2005. The Quagga tree aims to build a more involved community for Quagga than the centralized development-model which GNU Zebra followed. Components The Quagga architecture consists of a core daemon (zebra) which is an abstraction layer to the underlying Unix kernel and presents the Zserv API over a Unix-domain socket or TCP socket to Quagga clients. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
RIPE
Réseaux IP Européens (RIPE, French for "European IP Networks") is a forum open to all parties with an interest in the technical development of the Internet. The RIPE community's objective is to ensure that the administrative and technical coordination necessary to maintain and develop the Internet continues. It is not a standards body like the Internet Engineering Task Force (IETF) and does not deal with domain names like ICANN. RIPE is not a legal entity and has no formal membership. This means that anybody who is interested in the work of RIPE can participate through mailing lists and by attending meetings. RIPE has a chair to keep an eye on work between RIPE meetings and to act as its external liaison. Rob Blokzijl, who was instrumental in the formation of RIPE, was the initial chair and remained in that position until 2014, when he appointed Hans Petter Holen as his successor. The RIPE community interacts via RIPE Mailing Lists, RIPE Working Groups, and RIPE Meetings. A ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cisco Systems
Cisco Systems, Inc. (using the trademark Cisco) is an American multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, software, telecommunications equipment and other high-technology services and products. Cisco specializes in specific tech markets, such as the Internet of things (IoT), internet domain, domain security, videoconferencing, and energy management with List of Cisco products, products including Webex, OpenDNS, XMPP, Jabber, Duo Security, Silicon One, and Cisco Jasper, Jasper. Cisco Systems was founded in December 1984 by Leonard Bosack and Sandy Lerner, two Stanford University computer scientists who had been instrumental in connecting computers at Stanford. They pioneered the concept of a local area network (LAN) being used to connect distant computers over a multiprotocol router (computing), route ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
