摘要
分析边界网关协议(BGP)当前版本中存在的漏洞和脆弱性,指出可能遭受的基于TCP及自身漏洞的攻击。提出BGP的安全威胁模型和防范策略,以及如何对协议功能进行扩展的措施。以CISCO路由器为例,给出典型的安全防范配置。实践证明,通过访问控制列表、数字签名、路由过滤、源地址检测和协议扩展方案,可以有效提高网络的安全性和稳定性。
By analyzing the loopholes and weakness in the current version of Border Gateway Protocol(BGP) and noting the potential attacks based on TCE this paper gives the BGP security threat model and the corresponding preventive strategy, and explains how to extend the functions of the protocol. As an example, a typical security precaution setup of the CISCO routing is illustrated. Practice proves that, network security and stability can be effectively improved through access control lists, digital signature, routing filtering, source address detection and protocol extended function.
出处
《计算机工程》
CAS
CSCD
北大核心
2008年第5期145-147,共3页
Computer Engineering
基金
惠州市科技计划基金资助项目(2006P42)
惠州学院科研基金资助项目(C_206.0205)
关键词
路由协议
漏洞
攻击
防范
安全
边界网关协议
routing protocol
loopholes
attack
precaution
security
Border Gateway Protocol(BGP)