what are the threats at ixps and how to protect your
play

What are the threats at IXPs and how to protect your Internet - PowerPoint PPT Presentation

Apr 26, 2023 •336 likes •552 views

What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier raphael@acorus.net @rmaunier What are the threats at IXPs and how to protect your Internet architecture? Why using IXPs to protect your Internet

  1. What are the threats at IXPs and how to protect your Internet architecture? Raphael Maunier raphael@acorus.net @rmaunier

  2. What are the threats at IXPs and how to protect your Internet architecture? Why using IXPs to protect your Internet architecture against events or threats is a good idea? Raphael Maunier raphael@acorus.net @rmaunier

  3. Unexpected event : IXPs instability This will happen again don’t worry !! IXPs may have software issues, this can result in bgp instability and affect your traffic !

  4. Route leak ! Typo : We’ve all been there

  5. How to minimise the impact ? • BGP Timers / filtering / Max pref : Adapt your router configuration : cartman@core99.th2.par# show routing-instances nainternet protocols bgp group ipv4-public-peering-as51706-franceix type external; description "Group ipv4 Public Peering FranceIX AS51706"; hold-time 15; /* Accept prefixes with route tagged for this IXP AS51706 */ import ipv4-public-peering-as51706-in; family inet { unicast { prefix-limit { maximum 50; teardown 90 idle-timeout 300; } } } • Ask All members to change their bgp config in order to reduce the default value of the timer ( RFC suggested value is 90 sec). We now have faster, better, stronger equipment, we can definitively change this ! • https://tools.ietf.org/html/bcp214

  6. Traffic Flows

  7. DDOS Attack https://techcrunch.com/2018/03/02/the-worlds-largest-ddos-attack-took-github-offline-for-less-than-tens-minutes/

  8. How to address DDoS ?

  9. IXPs will have a solution for you ! Upgrade or buy more ports https://www.franceix.net/en/solutions/pricing/ Non Full 10G/100G ports are a good alternative and provide more flexibility !

  10. Blackholing https://www.franceix.net/en/technical/blackholing/

  11. Buy a DDoS Mitigation service J

  12. Another Threat : BGP Hijacking

  13. https://dyn.com/blog/bgp-hijack-of-amazon-dns-to-steal-crypto-currency/

  14. The role of an IXP

  15. Route Servers

  16. Route servers http://peering.exposed/ "A route server is considered Secure if it performs IRR and/or RPKI based filtering on all participants, and BY DEFAULT does not propagate unfiltered routing information to anyone. [RFC 7948 section 4.3 / RFC 7454 section 6] »

  18. Extract from Job Snijders’s presentation during EPF2018 (@ jobsnijders ) • IXPs – start doing RPKI Origin Validation on your route servers now • ISPs / CDNs • if you are pointing default somewhere, do it now • If your market is mostly West-Europe, do it now • If you are transit-free, wait a bit

  19. • It’s possible to fight against threat on an IXP, an it’s easy ! • IXP have to be restrictive and have to implement more and more security by default, if not, don’t go there • All ASN should monitor their space (with Bgpmon for example) • As an industry, we have to/MUST start to secure our routing ! There is no room anymore for approximation : we have to start to deploy RPKI

  20. Useful links • https://en.wikipedia.org/wiki/BGP_hijacking • https://blog.cloudflare.com/rpki-details/ • http://instituut.net/~job/routing_security_roadmap_EPF_2018_Snijd ers.pdf • Tools : • https://bgpmon.net/ • https://github.com/snar/bgpq3

  21. T.HANKS T.Hanks a lot !

Recommend

Threats to and efforts to protect Acacia koa (koa) in Hawaii Dulal Borthakur University of Hawaii

Threats to and efforts to protect Acacia koa (koa) in Hawaii Dulal Borthakur University of Hawaii

Threats to and efforts to protect Acacia koa (koa) in Hawaii Dulal Borthakur University of Hawaii at Manoa Presentation at NASEM on December 1, 2017 1 The koa industry in Hawaii ~ $31 million annually 2 3 Koa is a dominant canopy

975 views • 63 slides
Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs

Euro-IX Activities & IXPDB UKNOF 40 - 27 April 2018 Rebecca Class-Peter Association of IXPs 78 affjliated members 54 IXPs in the Euro-IX region, 49 countries, operating over 100 peering LANs 24 IXPs from the rest of the world

326 views • 21 slides
How do you protect your data in the face of Increasing costs, Rising threats Snowballing

How do you protect your data in the face of Increasing costs, Rising threats Snowballing

Veritas Backup Exec TM | April 2020 How do you protect your data in the face of Increasing costs, Rising threats Snowballing Evolving technology shrinking budgets and regulations complexity landscape Increasing costs, shrinking

393 views • 28 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
Puerto Rico T estsite for Exploring Contamination Threats (PROTECT) NIEHS SRP P42 Research

Puerto Rico T estsite for Exploring Contamination Threats (PROTECT) NIEHS SRP P42 Research

Puerto Rico T estsite for Exploring Contamination Threats (PROTECT) NIEHS SRP P42 Research Program Northeastern University; University of Puerto Rico; University of Michigan West Virginia University, Silent Spring Institute, EarthSoft

817 views • 44 slides
TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats

TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats

TR15 2018 1 2 TR360 2016 + T h r e a t s + Typical Threats Low-Tech Malicious Threats Explosive ad incendiary Threats Bio Hazardous Powder Threats 3 Improvised mechanical Devices TR15 Smart Scan Can easily detect the component

192 views • 16 slides
Secure Your Home Network Vancouver ISSA - Community Outreach Program Security Awareness Training

Secure Your Home Network Vancouver ISSA - Community Outreach Program Security Awareness Training

Secure Your Home Network Vancouver ISSA - Community Outreach Program Security Awareness Training Overview of Securing your Home Network What do you need to protect? What are the threats? How do you protect against the threats? What

348 views • 31 slides
Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs.

Route Servers, Mergers, Features, and More. Integration of IXPs. Route Server challenges Chris Malayter cmalayter@equinix.com What drives a RS integra6on? Two IXs merging into

433 views • 17 slides
Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect

Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect

Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect Your Revenue - Brussels, Geneva Luxury Law New York Summit David Hull 14 November 2018

461 views • 19 slides
The need for IXPs Shamika Sirimanne Director Information and Communications Technology and

The need for IXPs Shamika Sirimanne Director Information and Communications Technology and

Connecting economies and empowering people The Asia Pacific information superhighway and regional cooperation for better ICT connectivity: The need for IXPs Shamika Sirimanne Director Information and Communications Technology and Disaster

682 views • 10 slides
53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats

53-74% Average anti-virus effectiveness against new threats* * RAP Proactive 400 New threats every minute* * Merrill Lynch ...Causing $3T USD in costs, and expected to double by 2021* * CyberSecurity Ventures (2015) Todays threat

508 views • 35 slides
Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C. Schmidt, Matthias Whlisch Christmas is near!

1.15k views • 80 slides
parents fighting air pollution to protect the health of our children WHY MOMS CARE ABOUT TOXIC

parents fighting air pollution to protect the health of our children WHY MOMS CARE ABOUT TOXIC

We are a community of parents fighting air pollution to protect the health of our children WHY MOMS CARE ABOUT TOXIC AIR The Clean Air Act has never been fully implemented. Americas kids face grave threats from toxic chemicals in the air.

345 views • 11 slides
Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial

Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial

Regional Strategy for Developing Interconnection Infrastructure IXPs, Regional Terrestrial Carriers and Carrier Neutral data center opportunities Different Folks have different Interconnection Strategies! National incumbent Telco or

321 views • 16 slides
#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason Blackett #MicroFocusCyberSummit Agenda Security threats in todays world How do you protect your endpoints? Key takeaways 3 Security Threats in

797 views • 23 slides
New Computing In 2019 and Beyond - Opportunities, Challenges, and Threats Fromm Institute Fall

New Computing In 2019 and Beyond - Opportunities, Challenges, and Threats Fromm Institute Fall

New Computing In 2019 and Beyond - Opportunities, Challenges, and Threats Fromm Institute Fall 2019 - Lecture 4 Bebo White - bebo.white@gmail.com 1 calendar 2 questions (1/3) How does one protect a patent in blockchain?

823 views • 56 slides
Greatest Threats to Water Quality NUTRIENTS feed algae suspended in water FINE SEDIMENTS

Greatest Threats to Water Quality NUTRIENTS feed algae suspended in water FINE SEDIMENTS

Small scale best management practices (BMPs) to protect lake water quality by John Cobourn, University of Nevada Cooperative Extension Greatest Threats to Water Quality NUTRIENTS feed algae suspended in water FINE SEDIMENTS also remain

632 views • 31 slides
Loom ing Threats - transcript of presentation video Nick : Team 4 Looming Threats, please give

Loom ing Threats - transcript of presentation video Nick : Team 4 Looming Threats, please give

Loom ing Threats - transcript of presentation video Nick : Team 4 Looming Threats, please give them a hand. Mark : Good afternoon, Simon and I have the absolute pleasure to be presenting on behalf of Team Looming Threats. So, one of the, I guess

377 views • 3 slides
SDN IXP Marc Bruyere The University of Tokyo Agenda SDN momentum for IXPs - Umbrella

SDN IXP Marc Bruyere The University of Tokyo Agenda SDN momentum for IXPs - Umbrella

SDN IXP Marc Bruyere The University of Tokyo Agenda SDN momentum for IXPs - Umbrella Toulouse IXP - TouIX to TouSIX Tokyo IXP - DIX-IE to PIX-IE Osaka - NSPIXP-3 to FAUCET Umbrella Issues with today IXP switching fabric IXP

247 views • 24 slides
ITS ALL ABOUT YOUR SURVIVAL HEALTH INSURANCE Doctors protect your life, you protect your

ITS ALL ABOUT YOUR SURVIVAL HEALTH INSURANCE Doctors protect your life, you protect your

ITS ALL ABOUT YOUR SURVIVAL HEALTH INSURANCE Doctors protect your life, you protect your investments. I&I will protect your Survival! PRESENTATION Policy that suits every pocket any medical emergency. Medi-claim, Accidental Death,

65 views • 3 slides
CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats

CYBER THREATS AND HOW TO A VOID THEM AGENDA 1. Development of the cyber world 2. Threats to small businesses 3. Cyber Recovery Insurance Y our presenters Anne Jackson Sarah Morton Gary Hibberd Sales Director, Lorega Sales and

342 views • 31 slides
Interconnection, Peering IXPs What and How Interconnection 2 Interconnection The Internet is

Interconnection, Peering IXPs What and How Interconnection 2 Interconnection The Internet is

Interconnection, Peering IXPs What and How Interconnection 2 Interconnection The Internet is all about interconnection! 3 Interconnection Typically Interconnection between networks in the Internet is implemented in two ways Transit

1.19k views • 60 slides
Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott Shenker + * Internet Exchange Points Global Transit / Hyper Giants National Large Content, Consumer, Hosting CDN

729 views • 20 slides
Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS

Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS

Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS Directive EU Directive on security of Networks and Information Systems UK Consultation: (August/Sept 2017):

635 views • 28 slides

More recommend