Visiongain’s analysis indicates that the cyberwarfare market will reach a value of $15.9 billion in 2012 as governments around the world continue to invest in a range of cyberwarefare protection solutions. Such IP hijack attacks as the 2010 incident where a chinese ISP momentarily hijacked and redirected to china 10%-15% of the Internet traffic including sites o Dell, Apple, starbucks and CNN are a grim reminder of the shortcomings of the Internet protocols. With SaaS and other public cloud adoptions stacks increasing this becomes even more significant topic of conversation amongst IT professionals. While the rather frequent causes can be blamed on intentional and accidental route leakages as well as border routers having no built-in security to block network hijacks, a solution to the issue has been a high priority item for the Internet Engineering Task Force (IETF). The issue has been very well known over the last 10 years however the solutions to the issue(s) were either too complex or too expensive to implement up until now where increased government pressures have been increasing to find a viable solution.
At a recent Quebec IETF meeting and at last month's IETF meeting in Paris, the internet draft for the solution was formerly introduced. The solution involves a 2 step process: 1) Publishing where route origins data is placed in the reverse-DNS 2) Verifying using software tools (the system is build on DNSSEC) and appliances to match unique ISP operational procedures. The BGP Route Origin Verification, or ROVER for short, leverages site reverse DNS records to publish route announcement and consequently carrying out real-time verifications of the BGP routes. While there have been preliminary discussion with Cisco’s secure networking group on how to interface the technology with routers, the deployment itself requires no changes to the existing routers, firmware or policies. Several early adopter telecomm and ISPs are in the process of publishing route origins in their reverse DNS and signing with DNSSEC.
There is also a ROVER testbed available, through registration, at “rover.secure64.com”.