Routing protocols play a vital role in the operation of the Internet and the services based on it. However, many of these protocols were developed without security in mind.
For example, the Border Gateway Protocol (BGP) did not originally consider the possibility of attacks between peers. A lot of work has gone into origin and path verification in BGP over the past few decades.
However, ignoring the security implemented by BGP, especially message parsing, leads to multiple vulnerabilities that can be exploited for denial of service (DoS).
There is a common attitude within the security industry: "if it ain't broken, don't fix it". People tend to ignore security audits, wrongly thinking that these types of vulnerabilities are less serious than origin and path validation issues.
Traditional risk assessments often fail to thoroughly examine all software and devices on the network and their impact, creating blind spots. These gaps can become even more pronounced when organizations are not even aware that these routing protocols are in use.
Routing protocols can appear in more places than one might imagine, such as data centers, VPNs across organizational sites, and embedded in custom devices.
unknown risks
Over the past year, threat actors have increasingly targeted network devices, including routers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a binding operational directive requiring federal agencies to reduce the risk of these devices.
The increased focus on routers has raised concerns about the security of the underlying routing protocols. For example, there are cases of threat actors exploiting routers for reconnaissance, malware deployment, and command and control communications.
There are also three BGP DoS issues in CISA's catalog of known exploits, as well as two other DoS vulnerabilities affecting another routing protocol implementation.
Additionally, BGP hijacks and leaks have raised concerns, resulting in incidents where traffic is redirected to unintended destinations, potentially exposing sensitive information.
Data center attacks pose another significant risk, as vulnerabilities in routing protocols can be exploited to isolate data centers from the internet, rendering their services inaccessible.
Blind Spots of Risk Assessment
To address blind spots in risk assessment, a multi-pronged approach is required.
Organizations should patch their network infrastructure as often as possible, but you can't fix damage you don't know about. In fact, asset inventory should track all devices connected to the network and the software running on them, including routing protocols.
This awareness enables organizations to identify vulnerabilities and take the necessary actions to prioritize remediation. Organizations can also mitigate these risks by implementing segmentation policies to protect unpatched devices from being exposed to the internet.
Ideally, security should start with software developers, who can reduce the likelihood of vulnerabilities in routing protocol implementations by using enhanced static and dynamic analysis techniques and securing the software development lifecycle. Additionally, effective communication should be established to address and resolve any identified vulnerabilities in a timely manner.
Likewise, suppliers who integrate these protocols into their equipment also become a source of third-party risk in the supply chain. The implementation of a software bill of materials (SBOM) provides a better understanding of the vulnerabilities present in devices and networks, enabling organizations to better manage their risks. However, when vendors don't provide this kind of transparency (or they don't know their devices are affected), the onus is ultimately on organizations to proactively assess their attack surface.
Finally, the security research community plays an invaluable role in the discovery and responsible disclosure of these security vulnerabilities. In some cases, security research provides more timely and effective fixes and mitigation recommendations than software developers and vendors should issue security bulletins. For example, in the case of the recent BGP vulnerability, security researchers released an open-source BGP fuzzer that can quickly test protocol implementations for vulnerabilities.
exposure risk
Vulnerabilities that affect software also affect connected devices, so enhancing security requires a joint effort from both. Security researchers can improve awareness of the potential risks of routing protocols and their impact on the wider ecosystem, but ultimately it is up to organizations to advocate for better security.
Organizations must prioritize comprehensive visibility into network devices, from traditional endpoints and servers to all software and devices. They must implement rigorous vulnerability assessments and establish effective threat detection and response mechanisms.
Software developers and vendors need to improve their security practices, improve communication, and increase transparency. Working together, we can strengthen the security of routing protocols and protect our connected world.