Routing protocols play a critical role in the functioning of the Internet and the services built upon them. However, many of these protocols were developed without security concerns in mind.
For example, the Border Gateway Protocol (BGP) did not originally consider the potential for attacks between peers. Much work has been dedicated in the past decades to origin and path validation in BGP. However, neglecting the security of BGP implementations, especially message parsing, has resulted in multiple vulnerabilities that could be exploited to achieve denial of service (DoS).
There has been a prevailing attitude within the security industry that "if it ain't broke, then don't fix it." There is a tendency to overlook security auditing with the mistaken belief that these types of vulnerabilities are less serious than the origin and path validation issues.
Traditional risk assessment often fails to thoroughly examine all the software and devices on a network and their implications, creating blind spots. These gaps can become even more pronounced when an organization does not even realize these routing protocols are in use. Routing protocols can show up in more places than one might think, such as data centers, VPNs across organization sites, and embedded in custom appliances.
Over the past year, threat actors have increasingly targeted network devices, including routers. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive mandating federal agencies mitigate the risks of those devices.
This intensified focus on routers raises concerns about the security of the underlying routing protocols. For instance, there have been cases of threat actors leveraging routers for reconnaissance, malware deployment, and command and control communications. There are also three BGP DoS issues in CISA's known exploited vulnerabilities catalog, alongside two other DoS vulnerabilities affecting implementations of another routing protocol.
Additionally, BGP hijacks and leaks have been a cause for concern, leading to incidents where traffic is redirected to unintended destinations, potentially exposing sensitive information. Data center attacks pose another significant risk, as vulnerabilities in routing protocols can be exploited to isolate the data center from the Internet, rendering its services inaccessible.
Blind Spots in Risk Assessment
To address the blind spots in risk assessment, a multi-pronged approach is necessary.
Organizations should be patching network infrastructure as often as possible, but you can't fix what you don't know is broken. Pragmatically, an asset inventory should be keeping track of all devices connected to the network and the software running on it, including routing protocols.
This awareness enables organizations to identify vulnerabilities and take necessary measures to prioritize their remediation. Organizations can also mitigate these risks by implementing segmentation strategies to protect unpatched devices from exposure to the Internet.
Ideally, security should begin with software developers, who could reduce the likelihood of vulnerabilities in routing protocol implementations by using enhanced static and dynamic analysis techniques and securing the software development lifecycle. Additionally, effective communication should be established to promptly address and resolve any identified vulnerabilities.
Likewise, vendors that integrate these protocols into their devices become a source of third-party risk in the supply chain. The implementation of software bills of materials (SBOMs) can provide greater visibility into the vulnerabilities present in devices and networks, enabling organizations to better manage their risks. However, when a vendor does not provide this sort of transparency (or they are unaware that their devices are affected) the responsibility ultimately rests with the organization to proactively assess their attack surface.
Finally, the security research community plays a valuable role in the discovery and responsible disclosure of these security vulnerabilities. In certain instances, security research provides more timely and effective remediation and mitigation recommendations than the security bulletins that should be issued from software developers and vendors. For example, in the case of the recent BGP vulnerability, security researchers have published an open source BGP fuzzer that can quickly test protocol implementations to discover vulnerabilities.
Bring Risks to Light
Vulnerabilities that affect software also affect connected devices, so enhancing security requires a concerted effort between the two. Security researchers can raise awareness of the potential risks of routing protocols and their impact on the broader ecosystem, but it is ultimately upon organizations to advocate for better security.
Organizations must prioritize comprehensive understanding of their network devices beyond traditional endpoints and servers to all software and devices. They must implement rigorous vulnerability assessments and establish effective threat detection and response mechanisms.
Software developers and vendors need to improve their security practices, enhance communication, and promote transparency. By working together, we can strengthen the security of routing protocols and protect our interconnected world.