Building a More Trusted and Secure Internet RIPE 70, May 12 2015.

Slides:



Advertisements
Similar presentations
The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.
Advertisements

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Self-Managing Anycast Routing for DNS
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
E-Government Policies, Strategies and Implementation Jamal Shahin Institute for European Studies, Vrije Universiteit Brussel 15:00 – 15:20, 21 December.
The Dance of Co-Opetition Dave Crocker Brandenburg Consulting MY: +60 (19) (408)
Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
VoIP – Security Considerations An Examination Ricardo Estevez CS 522 / Computer Communication Fall 2003.
Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.
Networking Standards. Objectives Identify organizations that set standards for networking.
The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University
Evolved from ARPANET (Advanced Research Projects Agency of the U.S. Department of Defense) Was the first operational packet-switching network Began.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Host Identity Protocol
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Global Connectivity Joint venture of two workshops Kees Neggers & Dany Vandromme e-IRG Workshop Amsterdam, 13 May 2005.
APNIC Secretariat Paul Wilson Director General. APNIC Planning Process 2 Member Survey Operational Plan Membership EC Secretariat Strategy / Activity.
Network Components 101 Travis Hill.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
DSSA-WG Progress Update Dakar – October Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
TTA activity for countering BOTNET attack and tracing cyber attacks 14 July, 2008 Heung-youl Youm TTA, Korea DOCUMENT #:GSC13-GTSC6-07 FOR:Presentation.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
Working Group #4: Network Security Best Practices March 22, 2012 Presenter: Tony Tauber, Comcast WG #4 Member Via teleconference: Rod Rasmussen, Internet.
1 APNIC Update Paul Wilson Director General. 2 Overview APNIC 2010 Operational Plan Highlights and Achievements 2011 Member and Stakeholder Survey Area.
Working Group #4: Network Security Best Practices September 12, 2012 Presenter: Rod Rasmussen, Internet Identity WG #4 Co-Chair.
Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) Authors: Junho Suh, Hoon-gyu Choi, Wonjun.
ENISA efforts for securing European Internet Infrastructure
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
NUOL Internet Application Services Midterm presentation 22 nd March, 2004.
How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.
Internet Protocol Addresses What are they like and how are the managed? Paul Wilson APNIC.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
Lecture 18 Page 1 CS 236, Spring 2008 DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.
A BCOP document: Implementing MANRS Job Snijders (NTT) Andrei Robachevsky (ISOC)
Chapter 25 Internet Routing. Static Routing manually configured routes that do not change Used by hosts whose routing table contains one static route.
Benefits and Value of an IXP The IXP Value Proposition.
APNIC DNSSEC deployment considerations APNIC 23, Bali George Michaelson R&D Officer APNIC.
1 Internet Society Collaborative Security & MANRS ENOG 10 – 14 October 2015, Odessa Maarit Palovirta
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Planning an Active Directory Deployment Lesson 1.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
01/27/10 What is PlanetLab? A planet-wide testbed for the R & D of network applications and distributed computing Over 1068 nodes at 493 sites, primarily.
18 January 2006 Copenhagen ERO - TISPAN WG4 meeting
DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c
A policy framework for an open and trusted Internet
Zueyong Zhu† and J. William Atwood‡
Wireless Network Security
COLLABORATIVE SECURITY An approach to tackling Internet
Working together to improve routing security for all
MANRS IXP Partnership Programme
Measuring routing (in)security
MANRS for IXPs Why we did it? What did we do?
Improving global routing security and resilience
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.
FIRST How can MANRS actions prevent incidents .
MANRS Implementation Guides
Amreesh Phokeer Research Manager AfPIF-10, Mauritius
Validating MANRS of a network
Presentation transcript:

Building a More Trusted and Secure Internet RIPE 70, May

What Must We Trust? (1) Steve Bellovin: “For more than 50 years, all computer security has been based on the separation between the trusted portion and the untrusted portion of the system.” Once it was “kernel” versus “user” mode, on a single computer As systems became more and more distributed, and their number grew enormously, the whole notion of a so-called TCB (Trusted Computing Base) became irrelevant must_we_trust/ must_we_trust/

What Must We Trust? (2) For networking, once a tight operational community with close collaboration links, the Internet grew into a global communication and information sharing system – along with that “trust” deteriorated – unfortunately, a lot of network operation is still based on trust There is a need to re-enforce trust and the culture of collective responsibility. Can we and to what extent create a Trusted Networking Base today?

Goal and Vision for GovIX in AT Provide a trustworthy platform for entities of public administration and organizations offering important services to them Support business continuity in case of general Internet outages and/or during (DDoS) attacks Add value to the usual “simple” exchange point components by: – Admission control managed by a government entity (and advisory group) – Offering (authoritative) DNS Services for the full tree from the root through at., gv.at. and to individual identities! – GovCERT is involved as well – Operated by the neutral ACOnet and VIX Team (not a member itself!)

Status of GovIX in AT Implementation: A dedicated VLAN on top of ACOnet’s country-wide fiber infrastructure Authoritative DNS servers directly accessible from this VLAN Configured to be used as the regular, preferred path amongst participants Experience so far: Has proven its usefulness already! – e.g. by providing access to the National Citizens Register in case of ISP problems and upstream line outages Ongoing challenges: Logistics within the participating organizations, like – Identifying the important services offered to, or consumed from, other entities (to support availability tests and outage management “fire drills”), Identifying and managing the DNS identities used – Integrating (an) Austrian Certificate Service Provider(s) – in progress

The Mutually Agreed Norms for Routing Security (MANRS) 10 Aka Routing Resilience Manfesto: Defines a minimum package: 4 Actions Too many problems to solve, too many cases Collective focus and commitment Your safety is in someone other’s hands

Good MANRS 1.Prevent propagation of incorrect routing information 2.Prevent traffic with spoofed source IP address 3.Facilitate global operational communication and coordination between the network operators 11

Panellists Jaya Baloo, KPN (chief information security office) Ondřej Filip, CZ.NIC [FENIX] Marc Gauw, NLnet [TNI] Andrei Robachevsky, ISOC [MANRS] Wilfried Woeber, Viena University (emeritus DB WG co-chair) [GovIX]

Question 1 a)The focus on the problem the initiatives try to solve b)And “how”, the approach to the problem

Question 2 Since the ultimate objective is to build a more trusted and secure Internet a)How are these approaches going to scale up? b)What are the issues, e.g. technical, logistics, business continuity, …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.