08_Infrastructure Security_3

00:00 - Content of this Chapter 00:02 - Coming back to our original problems … 00:46 - Routing should enable reachability 00:57 - Routing should enable reachability 01:03 - Routing should enable reachability 01:58 - Routing should enable reachability 02:06 - Why should you care? 03:02 - Recap: Internet in a nutshell 03:18 - Recap: Internet in a nutshell 03:52 - Simple example (1): More specific wins 04:22 - Simple example (2): Multiple upstreams 05:11 - Simple example: Shorter path wins AS B configures 05:44 - Simple example (2): Shorter path wins 06:38 - Might be misconfigurations, might be malicious. 07:20 - Hijacks in the real world? Three prominent examples! 08:41 - Threat models for BGP 08:56 - Threat models for BGP 10:40 - Problem 12:06 - Protection concepts secure the origin or the complete path 13:24 - Challenges in protecting BGP 13:46 - Protection concepts secure the origin or the complete path 14:03 - Content of this Chapter 14:11 - The Resource Public Key Infrastructure (RPKI) is the basic solution proposed in the IETF (RFC 6480) 16:07 - Routing Origination Authorization (ROA) legitimates an AS to originate IP prefix(es) 17:50 - A ROA is not a certificate 18:28 - RPKI & ROA 20:10 - Content of this Chapter 20:15 - RPKI ROA deployment is continuously growing 20:43 - RPKI ROA deployment is continuously growing 21:02 - Prefix origin validation using RPKI consists of two steps 21:59 - Prefix origin validation using RPKI consists in two steps 22:20 - Architecture overview 23:29 - RTRlib is reference implementation of RPKI RTR in C 23:57 - Content of this Chapter 24:10 - Motivation 25:56 - Attacker model (in the web ecosystem) 26:59 - Threat models for BGP 28:04 - Customer announces transit to provider 29:11 - Customer announces transit to provider 29:48 - Reasons for not Deploying RPKI 31:43 - Questions & Tasks