nanog mailing list archives
Re: Is AS information useful for security?
From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Thu, 15 Dec 2011 09:44:39 -0500 (EST)
On Thu, 15 Dec 2011, Joe Loiacono wrote:
Is a good knowledge of either origin-AS, or next-AS with respect to flows valuable in establishing, monitoring, or re-enforcing a security posture? In what ways?
If I'm understanding your question correctly, I think it can be helpful, to a degree. It's always good to 'know your neighbors', but for the most part I don't think an organization's security posture would change very much, based strictly on next-AS. In the case of next-AS, you already know your neighbors somewhat, because you have some sort of a business relationship with them (your transit providers, peers, downstream BGP-speaking customers, etc).
origin-AS could be another story. If you know of an AS that is being used by the bad guys for bad purposes, you can write a routing policy to dump all traffic to/from that AS into the bit bucket or take some other action that could be dictated by your security policy. In that case, a routing policy could be considered an extension of a security policy.
jms
Current thread:
- Is AS information useful for security? Joe Loiacono (Dec 15)
- Re: Is AS information useful for security? Justin M. Streiner (Dec 15)
- RE: Is AS information useful for security? Drew Weaver (Dec 15)
- Re: Is AS information useful for security? Paolo Lucente (Dec 15)
- Re: Is AS information useful for security? Patrick Sumby (Dec 16)
- Re: Is AS information useful for security? Eric (Dec 15)
- RE: Is AS information useful for security? Drew Weaver (Dec 15)
- Re: Is AS information useful for security? Justin M. Streiner (Dec 15)