Which mechanism is commonly used to protect BGP session integrity against tampering in transit?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Which mechanism is commonly used to protect BGP session integrity against tampering in transit?

Explanation:
Protecting BGP session integrity relies on authenticating the data that travels over the TCP connection between peers. BGP itself runs over TCP, which provides reliability and order but not authentication of the message contents. To prevent tampering or impersonation while in transit, operators use a shared secret to generate a message authentication code for each TCP segment or BGP message. This MAC, provided by algorithms like MD5 (the older TCP MD5 Signature option) or the newer TCP-AO, is checked by the receiving peer; if the data or the MAC doesn’t match, the segment is discarded. This ensures that only sessions protected with the correct secret are accepted, thwarting tampering attempts. TLS client certificates would require wrapping BGP in TLS, which is not the standard, widely deployed method for BGP session protection. IPsec tunneling could protect the traffic but is less common for BGP specifically and introduces different deployment complexities. The idea that no protection is needed is incorrect because BGP sessions can be hijacked or tampered with if not authenticated in transit.

Protecting BGP session integrity relies on authenticating the data that travels over the TCP connection between peers. BGP itself runs over TCP, which provides reliability and order but not authentication of the message contents. To prevent tampering or impersonation while in transit, operators use a shared secret to generate a message authentication code for each TCP segment or BGP message. This MAC, provided by algorithms like MD5 (the older TCP MD5 Signature option) or the newer TCP-AO, is checked by the receiving peer; if the data or the MAC doesn’t match, the segment is discarded. This ensures that only sessions protected with the correct secret are accepted, thwarting tampering attempts.

TLS client certificates would require wrapping BGP in TLS, which is not the standard, widely deployed method for BGP session protection. IPsec tunneling could protect the traffic but is less common for BGP specifically and introduces different deployment complexities. The idea that no protection is needed is incorrect because BGP sessions can be hijacked or tampered with if not authenticated in transit.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy