The National Institute of Standards and Technologies (NIST) is seeking comment on a draft set of technical guidance and recommendations to improve the security and robustness of interdomain traffic exchange.
The agency is seeking public comments on the SP 800-189 draft by Feb. 15, 2019.
NIST said recommended technologies in the draft include “Resource Public Key Infrastructure (RPKI), BGP origin validation (BGP-OV), and prefix filtering.” It also features “technologies recommended for mitigating DoS [denial-of-service] and DDoS [distributed denial-of-service] attacks include prevention of IP address spoofing using source address validation with Access Control Lists (ACLs) and unicast Reverse Path Forwarding (uRPF).” NIST added that “Other technologies, such as Remotely Triggered Black Hole (RTBH) filtering, Flow Specification (Flowspec), and Response Rate Limiting (RRL), are also recommended as part of the overall security mechanisms.”
The agency said the draft is “intended to guide information security officers and managers of Federal enterprise networks. The guidance also applies to the network services of hosting providers (e.g., cloud-based applications and service hosting) and Internet Service Providers (ISPs) when they are used to support Federal IT systems. The guidance will also be useful for enterprise and transit network operators and equipment vendors in general.”