Presentation is loading. Please wait.

Presentation is loading. Please wait.

Propuestas Concepción 2018

Published bySandra Espinoza Ponce Modified over 6 years ago

Similar presentations

Presentation on theme: "Propuestas Concepción 2018"— Presentation transcript:

1 Propuestas Concepción 2018
Date 2016 Propuestas Concepción 2018 Marzo 2018 Christian O’Flaherty Regional Development Presentation title – Client name

2 ISOC MANRs SOS Internet

3 We stand for a better Internet.
Founded in 1992 by pioneers of the early Internet, the Internet Society drives technologies that keep it open and safe. We promote policies that empower people to enable universal access for all. We stand for a better Internet. The Internet Society was founded by some of the Internet's earliest pioneers to help drive the Internet's development around the world. It is also the organizational home of the Internet Engineering Task Force (IETF). Working through a global community of chapters and members bound by a common purpose, the Internet Society coordinates across a broad range of different groups to promote the technologies that keep the Internet safe and secure, advocate for policies that enable universal access and champion an open Internet at all. The Internet Society believes that an Internet of opportunity should be available to everyone, everywhere and it is the Internet Society's mission to make that vision a reality.  2

4 The Internet Society at Work
Promotes Internet technologies that matter Provides leadership in policy issues Advocates open Internet standards The Internet Society: Encourages open development of standards, protocols, administration. Enables economic growth in developing countries through education and training Fosters participation and develops new leaders in areas important to the evolution of the Internet. Provides reliable information about the Internet. Leads and facilitates discussion of issues that affect Internet evolution and developments. Develops Internet infrastructure Undertakes outreach that changes lives Recognizes industry leaders

5 Mutually Agreed Norms for Routing Security
MANRS

6 The Internet appears seamless due to trust
IP prefixes are learned in BGP from a customer, propagated to all your “peers,” who pick the “best” announcement and propagate that path to their customers These relationships may span continents The reverse path must signal correctly too for the Internet to work and this path may traverse different networks IP packets are forwarded from one hop to the next hop closer to the destination with minimal inspection

7 This trust can break down
My network accepts an invalid routing announcement which I propagate, my peer decides it is the “best path” and announces it to their customers The “best path” was not selected because it can deliver traffic to the destination, but rather for lower cost, “nearest exit” Traffic is being discarded, but how does the affected party contact the correct person to fix a problem that may traverse continents?

8 What is available to improve Internet security?
Tools Prefix and AS-PATH filtering, RPKI, IRR, … Ingress and egress anti-spoofing filtering, uRPF, … Coordination and DDoS mitigation Challenges Your safety is in someone else’s hands Implementing control plane fixes at just one network to network interface does not resolve the problem Technological fixes and mitigation efforts can sometimes break seamless end-to-end forwarding of legitimate traffic

9 Welcome, Mutually Agreed Norms for Routing Security (MANRS)!
The Internet is successful because of its long history of collaboration. To stimulate visible security improvements, we need a culture of collective responsibility. The Routing Resilience Manifesto, underpinned by the “Mutually Agreed Norms for Routing Security (MANRS)” document, aims at supporting this goal.

10 Mutually Agreed Norms for Routing Security (MANRS)
Defines four concrete actions that network operators should implement. The problem cannot be solved alone - the real effect of the measures depends on how broadly they are adopted. MANRS tries to merge technology and people together to help craft a solution. Security problems of the global routing system are known, as well as various solutions. So how do we improve security and resilience of the global routing system I think many of us know that one of the challenges is that the problem cannot be solved alone, the real effect of the measures depends on how broad the measures are adopted. And if we look from an individual ISP point of view there are additional challenges, while the overall problem is significant, a typical ISP doesn’t feel a lot of pain. Good array of technologies, BCPs, etc. – but what to pick? And how to convince an ISP/management that doing this is a Good Thing? So here comes another facet – a social aspect, based on things like community, reciprocity and collaboration. This effort tries to merge the two (technology and people) together.

11 Good MANRS Filtering – Prevent propagation of incorrect routing information. Anti-spoofing – Prevent traffic with spoofed source IP addresses. Coordination – Facilitate global operational communication and coordination between network operators. Global Validation – Facilitate validation of routing information on a global scale. Limited scope: e.g. ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity e.g. enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure e.g. maintain globally accessible up-to-date contact information.

12 Prevent propagation of incorrect routing information
1. Filtering Prevent propagation of incorrect routing information Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity. Network operator is able to communicate to their adjacent networks which announcements are correct. Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces.

13 2. Anti-Spoofing Prevent traffic with spoofed source IP address Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network.

14 3. Coordination Facilitate global operational communication and coordination between the network operators Network operators should maintain globally accessible up-to-date contact information.

15 4. Global Validation Facilitate validation of routing information on a global scale. Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties.

16 MANRS is a document – and it is a commitment
The company supports the Principles and implements at least one of the Actions for the majority of its infrastructure. Implemented Actions are marked with a check-box. The Action "Facilitate global operational communication" cannot be the only one and requires that another Action is also implemented. The company becomes a Participant of MANRS, helping to maintain and improve the document, for example, by suggesting new Actions and maintaining an up-to-date list of references to BCOPs and other documents with more detailed implementation guidance.

17 FIN MANRs

18 Experiencias en situaciones de Emergencia
SOS Internet Experiencias en situaciones de Emergencia

19 Previas – Durante - Recuperación
Recomendaciones Previas – Durante - Recuperación

20 Ejemplos de Recomendaciones
Preparación: Como amurar racks, fijar servidores, cables de alimentación, ubicación equipos en rack (de abajo a arriba), etc. Durante: Acceso a lugares afectados, energía (combustible, baterias), como aprovechar ayuda, priorizar, cuidar el espectro, etc. Recuperación: Ayudar a reparar en lugar de desplegar nuevas redes

21 PLAN Fondo Expertos Voluntarios Coordinar Gobiernos ONGs, Bancos Empresas

22 Afectados Ayuda Voluntarios Países Zonas Comunidades bancos Fondos
Equipos Voluntarios Experiencias Operadores que quieren ayudar

23 PEDIDO: Sumarse al grupo de WApp Ayudar con la evaluación de Proyectos Colaborar con documentos (revisión, sugerencias, autoría, etc.) Participar en reuniones, representar al grupo, viajar.

24 Firstname Lastname Job title

25 There are many ways to support the Internet
There are many ways to support the Internet. Find out today how you can make an impact.

Download ppt "Propuestas Concepción 2018"

Similar presentations

Www.internetsociety.org Best Current Operational Practices – Efforts from the Internet Society Deploy360 – Internet Society.

Best Current Operational Practices – Efforts from the Internet Society Deploy360 – Internet Society.
Routing Basics.

Routing Basics.
Session 2.3: Skills for Supportive Supervision

Session 2.3: Skills for Supportive Supervision
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
Chapter 10 Leading Teams.

Chapter 10 Leading Teams.
Chapter 2 DO How can you create a strategic map for your hotel?

Chapter 2 DO How can you create a strategic map for your hotel?
Computer Networks Layering and Routing Dina Katabi

Computer Networks Layering and Routing Dina Katabi
The Internet Ecosystem: players and actors

The Internet Ecosystem: players and actors
Update on the California Dairy Future Task Force and moving forward December 5, 2012 CONFIDENTIAL AND PROPRIETARY Any use of this material without specific.

Update on the California Dairy Future Task Force and moving forward December 5, 2012 CONFIDENTIAL AND PROPRIETARY Any use of this material without specific.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
1-2 Training of Process Facilitators 3-1. Training of Process Facilitators 1- Provide an overview of the role and skills of a Communities That Care Process.

1-2 Training of Process Facilitators 3-1. Training of Process Facilitators 1- Provide an overview of the role and skills of a Communities That Care Process.
Building a More Trusted and Secure Internet RIPE 70, May 12 2015.

Building a More Trusted and Secure Internet RIPE 70, May
The Internet Society (ISOC) Sebastián Bellagamba Manager – Regional Bureau for Latin America and the Caribbean

The Internet Society (ISOC) Sebastián Bellagamba Manager – Regional Bureau for Latin America and the Caribbean
Www.internetsociety.org How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.

How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.

What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
Securing BGP Bruce Maggs. BGP Primer AT&T 7018 12/8 Sprint 1239 144.223/16 CMU 9 128.2/16 bmm.pc.cs.cmu.edu 128.2.205.42 Autonomous System Number Prefix.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
A BCOP document: Implementing MANRS Job Snijders (NTT) Andrei Robachevsky (ISOC)

A BCOP document: Implementing MANRS Job Snijders (NTT) Andrei Robachevsky (ISOC)
1 Internet Society Collaborative Security & MANRS ENOG 10 – 14 October 2015, Odessa Maarit Palovirta

1 Internet Society Collaborative Security & MANRS ENOG 10 – 14 October 2015, Odessa Maarit Palovirta

Similar presentations

Ads by Google