Email this Article Email   

CHIPS Articles: Routing Robustness and DDoS Mitigation: NIST Releases Draft SP Pub 800-189

Routing Robustness and DDoS Mitigation: NIST Releases Draft SP Pub 800-189
By CHIPS Magazine - December 18, 2018
In recent years, numerous routing control plane anomalies such as Border Gateway Protocol (BGP), prefix hijacking, and route leaks have resulted in Denial of Service (DoS), unwanted data traffic detours, and performance degradation. Large-scale Distributed Denial of Service (DDoS) attacks on servers using spoofed Internet Protocol (IP) addresses and reflection-amplification in the data plane have resulted in significant disruption of services and damage.

But now, Draft NIST SP 800-189, Secure Interdomain Traffic Exchange: Routing Robustness and DDoS Mitigation, provides technical guidance and recommendations for technologies that improve the security and robustness of interdomain traffic exchange. Technologies recommended in the draft for securing the interdomain routing control traffic include Resource Public Key Infrastructure (RPKI), BGP origin validation (BGP-OV), and prefix filtering, NIST reported.

Additionally, technologies recommended for mitigating DoS and DDoS attacks include prevention of IP address spoofing using source address validation with Access Control Lists (ACLs) and unicast Reverse Path Forwarding (uRPF). Other technologies, such as Remotely Triggered Black Hole (RTBH) filtering, Flow Specification (Flowspec), and Response Rate Limiting (RRL), are also recommended as part of the overall security mechanisms, NIST said.

The draft is intended as guidance for information security officers and managers of federal enterprise networks. The guidance also applies to the network services of hosting providers, such as cloud-based applications and service hosting, and Internet Service Providers (ISPs) when they are used to support federal IT systems.

NIST also recommends the draft to enterprise and transit network operators and equipment vendors in general. A public comment period for NIST SP 800-189 is open until Feb. 15, 2019.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer