Latest in the News: RPKI, BGP and Other Internet Security Best Practices

2 min read
29 September 2022
Beatričė Raščiūtė

Why is RPKI ROV important? What can be done about BGP vulnerabilities? Is it possible to enhance the security of internet-connected devices? These are the questions addressed in the latest news.

A laptop with a lock and a key next to it.

At times, internet security best practices do not cross the minds of internet users. That is because they often assume that internet-connected devices are relatively secure and that as long as they do not visit suspicious sites or respond to spam emails, they will be safe. Of course, things are a little more complicated than that. 

It is true that what we do can significantly influence our own virtual security. However, internet security, in most cases, is in the hands of technology developers and device manufacturers.  

The Resource Public Key Infrastructure (RPKI) was introduced in 2008 to support the Border Gateway Protocol (BGP) routing infrastructure. It was clear from the get-go how important this framework would be. Today, network security researchers still keep pushing for wider RPKI adoption. The developers and manufacturers of internet-connected devices also have a long way to go to ensure security for end users. 

Dutch network security researchers highlight the importance of RPKI ROV

Route Origin Authorization (ROA) enables classifying BGP announcements as valid, invalid or not found. The general rule of thumb is that network operators reject invalid announcements. 

Koen van Hove, a network security researcher at the University of Twente, took part in an experiment related to RPKI ROV (route origin validation). During the experiment, the researchers investigated where traffic goes. They concluded that 75% of the traffic reached the intended location, thus highlighting the importance of RPKI ROV. 

More on the topic: Where did my packet go? Measuring the impact of RPKI ROV 

FCC prepares to tackle BPG vulnerabilities

It is important to research internet security, but it is perhaps even more important to apply the findings and introduce changes. That is why the US Department of Justice and the Department of Defense support Federal Communications Commission’s advances to improve internet routing security. 

According to the FCC, BGP vulnerabilities place personal and commercial data at risk of “theft, espionage and sabotage.” The commission claims that while BGP is essential for effective routing, it essentially has no security features. FCC hopes that new technical security standards and more transparency can help ensure better internet security overall.  

More on the topic: Department of Justice and Department of Defense Support Federal Communications Commission Inquiry into Internet Security 

The EU aims to protect the users of internet-connected devices

The first of its kind, the Cyber Resilience Act, introduced by the European Union, aims to enhance the security of all wired and wireless devices connected to the internet. The Act targets hardware and software manufacturers and developers responsible for the products within the EU market.  

According to the EU Cyber Resilience Act announcement, the Act will protect end users by ensuring they are properly informed. It is argued that while manufacturers may face reputational damage when cyberattacks affect their products, the end users are the ones who pay for the exploited vulnerabilities. Especially when they do not have sufficient information about their products and how they are secured.  

More on the topic: State of the Union: EU Cyber Resilience Act – Questions & Answers 

About the author

Beatričė Raščiūtė

Technical Content Writer

Beatričė is a Technical Content Writer at IPXO. Having experience in translations, she decided to test new waters in the tech industry as a writer. While creating content, she dives deep into different internet and networking topics with the goal to present valuable information in the most reader-friendly way.
Table of contents

Related reading

A magnifying glass, a megaphone and a warning sign.
31 October 2022   •   News

Latest in the News: rDNS Queries Reveal Too Much, CISA Demands Asset Visibility, Splinternet, Desktop Holds IPv6 Back 

Learn how rDNS queries may be linked to privacy issues, what CISA does to ensure asset visibility, how the rift between IPv4 and IPv6 may lead to splinternet, and…

Read more
ISO 27001 certification logo with the words: we are 27001 certified.
12 September 2022   •   News, Product Updates

IPXO Obtains ISO 27001 Certification for Full Compliance With the Best Information Security Practices

IPXO is 100% ISO 27001 certified. Discover what this certification means and how we achieved it.

Read more
A person holding a golden key.
30 August 2022   •   News

Latest in the News: IP Addresses Hold the Key to Business Success 

In the digital era, most businesses would not exist without Internet Protocol addresses. IP addresses, or simply IPs, ensure communication across the global network of…

Read more

Subscribe to the IPXO email and don’t miss any news!