Working together to improve routing security for all

Slides:

Advertisements

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Advertisements

Anti-Spam Management for Service Provider in Malaysia Alan Lee NTT MSC.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Philips iSite 3.5 Administration

Best current operational practices (BCOP) Richard Jimmerson.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

2009 Mines Safety Roadshow Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow held.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

Supportive Services for Veteran Families (SSVF) Data HMIS Lead and Vendor Training Updated 5/22/14.

Agricultural Market Information System (AMIS): State of Play AMIS First Meeting of the Rapid Response Forum 11 April 2012 Mexico City Abdolreza Abbassian,

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

24/02/20050 Euro-IX update APNIC 19 - IX SIG Kyoto Japan by Serge Radovcic of Euro-IX

Building a More Trusted and Secure Internet RIPE 70, May

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.

1 ARIN: Our Mission, Role and Services John Curran President and CEO.

A BCOP document: Implementing MANRS Job Snijders (NTT) Andrei Robachevsky (ISOC)

Benefits and Value of an IXP The IXP Value Proposition.

Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.

Euro-IX update IX SIG APNIC17 Kuala Lumpur Feb 25 th Euro-IX update APNIC 17 - IX SIG 25 th February Kuala Lumpur Serge Radovcic Euro-IX.

1 Internet Society Collaborative Security & MANRS ENOG 10 – 14 October 2015, Odessa Maarit Palovirta

St Mary’s College Information Evening The New Zealand Curriculum focuses on 21st century learning, ensuring learners are equipped to participate in and.

CHILDREN OF PRISONERS PARTNERSHIP What is the Children of Prisoners (CP) Partnership? The CP Partnership is a funding project between PFI and selected.

Internet Quarantine: Requirements for Containing Self-Propagating Code

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Multicast Outline Multicast Introduction and Motivation DVRMP.

Workstream 4: Tools, toolkits and resources

Internet Routing Health Measurement Bar BoF

Traffic Volume Dependencies between IXPs

Montenegro Internet eXchange Point (MIXP) – a success story

We Care About Data Quality at IXPs

Who should be responsible for risks to basic Internet infrastructure?

How do we decide where to deploy to next?

The Internet: A System of Interconnected Autonomous Systems

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

KRNIC Member Workshop November 2001 Seoul, Korea

ITIL: Why Your IT Organization Should Care Service Support

Internet Interconnection

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Introduction to ARIN and the Internet Registry System

ITIL: Why Your IT Organization Should Care Service Support

Jessica Yu ANS Communication Inc. Feb. 9th, 1998

MANRS IXP Partnership Programme

Measuring routing (in)security

RST processes Session 5 Presentation 2.

APNIC 21- IX SIG Perth Australia by Serge Radovcic of Euro-IX

Propuestas Concepción 2018

MANRS for IXPs Why we did it? What did we do?

Improving information exchange:

ITIL: Why Your IT Organization Should Care Service Support

DDoS Attack and Its Defense

Introduction to Regional Internet Registries (RIRs)

Improving global routing security and resilience

Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny

FIRST How can MANRS actions prevent incidents .

Copenhagen, Denmak Bijal Sanghani

Internet eXchange Point Database Netnod Meeting– 2018

IXPDB & Euro-IX Tools SEE , Sarajevo.

ENOG16, Tiblisi Arnold Nipper – IXPDB Admin

MANRS Implementation Guides

Amreesh Phokeer Research Manager AfPIF-10, Mauritius

Draft Charter Community of Practice for Direct Access Entities

Validating MANRS of a network

APNIC Solving problems for our community

IXP FilterCheck A New Route Analysis Tool for IXPs

Presentation transcript:

Working together to improve routing security for all The MANRS IXP Programme Andrei Robachevsky manrs@isoc.org

Mutually Agreed Norms for Routing Security MANRS defines four simple but concrete actions that network operators must implement to improve Internet security and reliability. The first two operational improvements eliminate the root causes of common routing issues and attacks, while the second two procedural steps improve mitigation and decrease the likelihood of future incidents. MANRS builds a visible community of security minded network operators and IXPs

MANRS Actions Filtering Prevent propagation of incorrect routing information Ensure the correctness of your own announcements and announcements from your customers to adjacent networks with prefix and AS-path granularity Anti-spoofing Prevent traffic with spoofed source IP addresses Enable source address validation for at least single-homed stub customer networks, their own end-users, and infrastructure Coordination Facilitate global operational communication and coordination between network operators Maintain globally accessible up-to-date contact information in common routing databases Global Validation Facilitate validation of routing information on a global scale Publish your data, so others can validate

A bit of history

EURO-IX 28th Forum: “What is in MANRS for an IXP?” Is routing security important for your community? An opportunity to build a “safe neighborhood” Do you need a global reference point? A platform where you can organize related activities Are you willing to feed your expertise back to MANRS? Strengthening the global community

Developing a set of useful actions Development team AMS-IX, AOIX, BKNIX, CABASE, DE-CIX, IIFON, IXPN, LONAP, NIC.CR, RINEX, TorIX Requirements Improve routing resilience and security Be useful to IXP members Do not set the bar too high, so that few IXPs can join Do not set it too low, so it makes no difference Make the actions concrete and measurable

EURO-IX 30th Forum: What’s on the table? Prevent propagation of incorrect routing information Assist in preventing unwanted traffic ? Facilitate global operational communication and coordination between network operators Provide monitoring and debugging tools Promote MANRS among the membership Perform MANRS Local auditing Assist with the mitigation of a DDoS attack

EURO-IX 31st Forum: This initiative needs your feedback Vote link: http://etc.ch/Pz5h As we go Action by Action, please vote We’ll see the results immediately A priority list by importance and feasibility Specific comments on an Action are welcome

Implemented/Easy vs Difficult/Not Useful

And then, after the roadshow (LA, AF, AP, NA)

The IXP Programme Launched April 23, 2018

A dozen of leading IXPs around the globe already joined

Action 1. Facilitate prevention of propagation of incorrect routing information (Mandatory) The IXP implements filtering of route announcements at the Route Server based on routing information data (IRR and/or RPKI)

Action 2. Promote MANRS in the IXP membership (Mandatory) Action 2-1: Offer assistance to its members to maintain accurate routing information in an appropriate repository (IRR and/or RPKI) OR Action 2-2: Offer assistance in implementing MANRS ISP Actions for the members Action 2-3: Indicate MANRS participation on the member list and the website Action 2-4: Provide incentives linked to MANRS readiness

Action 3. Protect the peering platform The IXP has a published policy of traffic not allowed on the peering fabric and performs filtering of such traffic.

Action 4. Facilitate global operational communication and coordination between network operators The IXP facilitates communication among members by providing necessary mailing lists, and member directories.

Action 5. Provide monitoring and debugging tools to participants The IXP provides a looking glass for its members.

Join the group of initial participants for the launch of the programme Your IXP has to implement the majority (3/5) of the Actions, including mandatory 1&2

Why is this important?

We Are In This Together Network operators and IXPs have a responsibility to ensure a globally robust and secure routing infrastructure. The network security depends on actions of other players: networks and IXPs The more network operators and IXPs work together, the fewer incidents there will be, and the less damage they can do.

LEARN MORE: https://www. manrs. org/ixp JOIN: https://www. manrs LEARN MORE: https://www.manrs.org/ixp JOIN: https://www.manrs.org/join-ixp

MANRS@isoc.org