Pfortner and the Secure BGP Implementation

We have seen a steady increase in the number of threats coming through, yet existing algorithms like BGP don’t seem to have evolved to mitigate them.  In recent years we’ve seen algorithms like SSL die out for this reason.  Another problem is that on the Layer 3 level, we’ve basically relied on the other layers of the OSI to protect us against threats.  We have our access lists and route maps, but more evidence from the enterprise world has shown these to be inherently trusting of which ever MAC address gets accepted into the compilation of the routing table.

At Pfortner we recently combined 3 technologies to create the ULTIMATE BGP authentication methodology.

All of us who find ourselves pre-occupied with the layer 3 world, have re-occurring nightmares of BGP high jacking or insider threats at one of our “TRUSTED” service providers.  The latter is dangerous because they have access to all your international and local links (and all data they provide).  After many a sleepless nights and robust debates, the development team at Pfortner have built a solution into our SRC product that mitigates BGP related risks by leveraging our patented STEALTH technology together with some encryption algorithms to bring you the most secure version of BGP we’ve seen thus far.

We gone as far as to run it over the public cloud (internet) without any compromise of leaking data, exposing services or our routing information.  We achieved this version of BGP by leveraging Diffie Hellman certificate key exchange to automatically create a VPN tunnel between trusted two points (Primary DC and Branch) and then using STEALTH we keep both sides of the routers undetectable to any port scan etc.  If the key exchange is successful, BGP authentication will happen between the two parties, and only if the key exchange was successful will it do route redistribution between the two Pfortner SRC systems. All data traversing these systems are encrypted and compressed.

This all happens in the blink of an eye.  If any of your connectivity partners has problems on their network, the SRC systems will automatically failover to the next connectivity option without sacrificing security of data.

Now here comes the part you’ve been asking yourself:  How does this help you sleep at night?

You can now run any branch/campus network over a public cloud (internet etc.) using publicly available connectivity packages (no private MPLS or APNs required) without exposing any of your data, confidential/critical services or routing information.  And we’ve built all of this to be configured once and deployable automatically on all future roll outs.

  • Enhanced Security,
  • Resilience,
  • Cost Saving!

If you would like to see a demo of this technology please give us a call.