Autonomous Systems – Why It is Important in Your Corporate Network & How Hackers Use it
The ‘net’ in ‘internet’ stands for network. So technically it’s an internetwork–a network of computer networks. Are you confused yet?
When we discuss routing, we refer to these independent computer networks as autonomous systems. A single autonomous system routes packets internally, while packets that travel across the internet typically traverse many autonomous systems.
Think about it: internet routing happens across autonomous systems, not single computers. Thanks to the Internet Assigned Numbers Authority (IANA), each AS gets their own unique 16 digit identification number or the ASN.
Smaller networks like your house have much simpler interactions between the network and the internet. When you buy an internet service plan, your ISP (internet service provider) gives you a DSL or one of those old school cable modems, which allows you to access “the entire internet.” The only thing concerning the router is that on one side you have your local computers+devices, and on the other hand of the network link you have the entire internet.
So Why Create Autonomous Systems?
For mere mortals, that’s enough to explain how the internet works. But when you want to avoid being beholden to a single internet service provider or your internet connection is not as good as you need it; when you want to ‘expand your parameters’ of possibility, as they say, you create your own AS.
Having your own AS can be beneficial for your network in several ways, including:
- IP address portability
- Having flexible network management
- Direct peering with IXP’s
- An individual network identity for external and internal purposes
- Full control of traffic
- The ability to establish your BGP with ASN No.
How to Create an Autonomous Systems
Creating an autonomous system is not that difficult and only takes a few steps. If you wish to create an autonomous system, here’s how you do it:
Step 1: Found a company – A legal entity is required to create an AS, so start brainstorming on a business name.
Step 2: Get a public address space for yourself – This might be the toughest step. You need to acquire a block of public IP address which will be large enough for advertising over BGP. Three are no more IPv4 addresses left, so you will have to buy an IPv6 address which can be pretty costly.
Step 3: Find peers – The tricky part about the internet game is that you need to be interconnected with one part of it to be able to reach anything. If you peered with just a single other AS, there would be no need to run BGP. But if you did, you can just use a private autonomous system number which your upstream provider can easily replace with their own. Then they’ll pass your routes to the rest of the internet.
Step 4: Get a router with the capability of handling the entire Internet routing table – This is one powerful router you can’t buy at your local depot. A solution would be to build a router by yourself out of a server that runs a router operating system.
How Hackers Use AS
As a company grows and invests into its own AS, security concerns over your network and traffic start coming into play. You probably have loads of private corporate information which you want to keep private. Hackers hunt that information, and with enough skill, they can access your network, intercept your packets, and get remote access to all your computers to install some malicious code onto your server.
It’s not hard to find own the owner of the IP range. Plenty of services give broad information about organizations such as WHOIS, CIDR, and so on. Knowing this info can help you identify connections between companies, figure out the attack surface, and run a nasty targeted DDoS attack.
That’s where the cybersecurity market comes in. There exist tools which showcase vulnerabilities and help remove malicious software from your network. However, few of these tools focus on actually preventing attacks.
Word on the market is that an up and coming cybersecurity company called Spyse is developing a solution based on the collection of mass data from the internet. Spyse uses this data to create a vast map of vulnerabilities of a network. This tool aims to help security specialists predict vulnerabilities, staying one step ahead of the hackers, and preventing potential threats to the system.
Recently, Spyse has released several tools for security engineers, pentesters, sysadmins, and business analysts which are running in beta test mode. ASlookup is one of their most recent creations, which allows you to monitor your organization’s, network’s, or company’s infrastructure.
The Spyse team knows that the best way to address threats is to prevent them beforehand; therefore, their services are aimed at helping you determine the attack surface and identify vulnerabilities before they’re exposed. Plus, they are giving away 3 free credits to all new users.
This post Autonomous Systems – Why It is Important in Your Corporate Network & How Hackers Use it originally appeared on GB Hackers.