Showing posts with label DDoS. Show all posts
Showing posts with label DDoS. Show all posts

Monday, December 17, 2018

NIST Draft Document to Mitigate BGP and DDoS Attacks

NIST released a draft document (Draft NIST SP 800-189) with regards to securing interdomain traffic exchange. It is designed to help fix problems associated with BGP-hijacking and DDoS attacks among others. The guidance is geared for those who protect federal networks and relies on several identified technologies, including RPKI, BGP-OV, and prefix-filtering. Other technologies that further stymie DDoS attacks include source address validation with ACLs and uRPF. A comment period is scheduled until February 15, 2019.

Here are some highlighted excerpts from the draft document's table of contents:
1. Introduction
2. Control Plan / BGP Vulnerabilities
3. IP Address Spoofing and Reflection-Amplification Attacks
4. Control Plane / BGP Security — Solutions and Recommendations
5. Securing Against DDoS & Reflection-Amplification — Solutions and Recommendations

Appendix A — Consolidated List of the Security Recommendations
Appendix B — Acronyms
Appendix C — References

More from NIST regarding Draft NIST Special Publication 800-189: Secure Interdomain Traffic Exchange: BGP Robustness and DDoS Mitigation:

CSRC Update:
https://csrc.nist.gov/news/2018/nist-releases-draft-sp-800-189-for-comment

Publication Details:
https://csrc.nist.gov/publications/detail/sp/800-189/draft
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)