[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is AS information useful for security?

Subject: Is AS information useful for security?
From: streiner at cluebyfour.org (Justin M. Streiner)
Date: Thu, 15 Dec 2011 09:44:39 -0500 (EST)
In-reply-to: <OF2C8CE79A.2D50A70F-ON85257967.004D5B9F-85257967.004D8221@csc.com>
References: <OF2C8CE79A.2D50A70F-ON85257967.004D5B9F-85257967.004D8221@csc.com>

On Thu, 15 Dec 2011, Joe Loiacono wrote:

> Is a good knowledge of either origin-AS, or next-AS with respect to flows
> valuable in establishing, monitoring, or re-enforcing a security posture?
> In what ways?

If I'm understanding your question correctly, I think it can be helpful, 
to a degree.  It's always good to 'know your neighbors', but for the most 
part I don't think an organization's security posture would change very 
much, based strictly on next-AS.  In the case of next-AS, you already 
know your neighbors somewhat, because you have some sort of a business 
relationship with them (your transit providers, peers, downstream 
BGP-speaking customers, etc).

origin-AS could be another story.  If you know of an AS that is being used 
by the bad guys for bad purposes, you can write a routing policy to dump 
all traffic to/from that AS into the bit bucket or take some other action 
that could be dictated by your security policy.  In that case, a routing 
policy could be considered an extension of a security policy.

jms

Follow-Ups:
- Is AS information useful for security?
  - From: drew.weaver at thenap.com (Drew Weaver)
- Is AS information useful for security?
  - From: eric at roxanne.org (Eric)

References:
- Is AS information useful for security?
  - From: jloiacon at csc.com (Joe Loiacono)

Prev by Date: local_preference for transit traffic?
Next by Date: De-bogon not possible via arin policy.
Previous by thread: Is AS information useful for security?
Next by thread: Is AS information useful for security?
Index(es):
- Date
- Thread