Which approach to securing BGP sessions is recommended for new deployments?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Which approach to securing BGP sessions is recommended for new deployments?

Explanation:
Securing BGP sessions hinges on authenticating the TCP connection between peers and preventing spoofing. For new deployments, the recommended approach is to prefer TCP-AO if both ends support it. TCP-AO provides stronger, per-session authentication and supports better key management and algorithm agility than traditional MD5, making it harder for an attacker to impersonate a neighbor and easier to rotate keys over time. If TCP-AO isn’t available on one side, fallback to MD5 but with proper key management: use strong, unique keys, rotate them regularly, and ensure both peers use compatible keys and algorithms so the session can establish reliably. Compatibility across peers is essential to avoid dropped sessions. Disabling authentication is insecure and leaves the session open to spoofing, and using TLS to encrypt the BGP session is not a standard, widely-supported practice for BGP today, so it isn’t a practical baseline for new deployments.

Securing BGP sessions hinges on authenticating the TCP connection between peers and preventing spoofing. For new deployments, the recommended approach is to prefer TCP-AO if both ends support it. TCP-AO provides stronger, per-session authentication and supports better key management and algorithm agility than traditional MD5, making it harder for an attacker to impersonate a neighbor and easier to rotate keys over time. If TCP-AO isn’t available on one side, fallback to MD5 but with proper key management: use strong, unique keys, rotate them regularly, and ensure both peers use compatible keys and algorithms so the session can establish reliably. Compatibility across peers is essential to avoid dropped sessions.

Disabling authentication is insecure and leaves the session open to spoofing, and using TLS to encrypt the BGP session is not a standard, widely-supported practice for BGP today, so it isn’t a practical baseline for new deployments.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy