Internet Plumbing for Security Professionals: The State of BGP Security

Presented at Black Hat USA 2015, Aug. 5, 2015, 10:20 a.m. (50 minutes)

The underbelly of the Internet has been in a precarious condition for a while now. Even with all the knowledge about it's weaknesses, we only make slow progress in implementing technology to secure it. We see BGP routing leaks on a regular basis. It almost feels like we take it for granted but at the same time it undermines our trust in the Internet. In this talk, we'll review the current situation for BGP, a foundational piece of the network we all rely on, and focus on the practical implementation of available countermeasures through live demos and examples. In and of itself, we launch a call to action for private organizations, government entities, and academia alike to roll up the sleeves and get cracking at fixing our Internet. If we want to keep trust in "The Internet of Things," we first have to build trust in the network that powers it.

Presenters:

• Wim Remes - Rapid7
  As the Manager of Strategic Security Services for Rapid7 in EMEA, Wim Remes leverages his 15+ years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and by building resiliency into their organization. Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation combining his deep expertise in network security, identity management, policy design, risk assessment, and penetration testing to develop innovative approaches to enterprise security. Before joining the Rapid7 team, Wim was a Managing Consultant at IOActive and previously he has worked as a Manager of Information Security for Ernst and Young and a Security Consultant for Bull, where he gained valuable experience building security programs for enterprise class clients. Wim has been engaged in various infosec community initiatives such as the co-development of the Penetration Testing Execution Standard (PTES), InfosecMentors, and organizing the BruCON security conference. Wim has been a featured speaker at international conferences such as Excaliburcon (China), Black Hat Europe, Source Boston, Source Barcelona and SecZone (Colombia). He was also a Member of the Board of Directors at (ISC)2 from 2012 until 2014 and Chairperson of that Board in 2014.

Links:

• https://www.blackhat.com/us-15/briefings.html#internet-plumbing-for-security-professionals-the-state-of-bgp-security
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Internet Plumbing Gor Security Professionals The State Of BGP Security.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Internet Plumbing Gor Security Professionals The State Of BGP Security.mp4
• https://www.youtube.com/watch?v=po_9p6XxK2E
• https://www.blackhat.com/docs/us-15/materials/us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security.pdf
• https://www.blackhat.com/docs/us-15/materials/us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security-wp.pdf

Similar Presentations:

• DEF CON 31 (2023) / Route to bugs: Analyzing the security of BGP message parsing
• Black Hat USA 2015 / Breaking HTTPS with BGP Hijacking
• Black Hat USA 2015 / BGP Stream