Did you know that OSPF has it’s own security features?

A major risk in a dynamically routed environment is that rogue routes are injected into the network which could result in that the communications can be hijacked. This can happen by accident i.e. through misconfiguration or misconnection of a router, which can impact the traffic flow of the network. The effects can be devastating causing major parts of the application to go down. In the worst case the router is introduced to the network for malicious reason in order to steal application data or injecting rogue commands to a control system.

The risk can be mitigated by using the built-in security features of WeOS OSPF. OSPF in WeOS support two ways of authenticating all OSPF messaging in the network, plain and MD5 authentication. Plain authentication will prevent accidental injection of routes that do not share the same credentials as the rest of the network. However the key will be sent in plain text so a malicious attacker will be able to extract the password from the OSPF messages. Alternatively MD5 authentication can be used to secure the OSPF messages.  The OSPF message is protected with a cryptographic checksum.  If an OSPF message is received without the correct signature, the message will be rejected.