Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.internetsociety.org How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.

Published byMillicent Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.internetsociety.org How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky."— Presentation transcript:

1 www.internetsociety.org How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky

2 www.internetsociety.org Routing Resilience Manifesto, aka MANRS https://www.routingmanifesto.org/ https://www.manrs.org/

3 The Internet Society Mutually Agreed Norms for Routing Security (MANRS) 3 MANRS builds a visible community of security-minded operators  Promotes culture of collaborative responsibility Defines four concrete actions that network operators should implement  Technology-neutral baseline for global adoption

4 The Internet Society Good MANRS 1.Filtering – Prevent propagation of incorrect routing information. 2.Anti-spoofing – Prevent traffic with spoofed source IP addresses. 3.Coordination – Facilitate global operational communication and coordination between network operators. 4.Global Validation – Facilitate validation of routing information on a global scale. 4

5 The Internet Society 1. Filtering Prevent propagation of incorrect routing information Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity. Network operator is able to communicate to their adjacent networks which announcements are correct. Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces. 5

6 The Internet Society 2. Anti-Spoofing Prevent traffic with spoofed source IP address Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network. 6

7 The Internet Society 3. Coordination Facilitate global operational communication and coordination between the network operators Network operators should maintain globally accessible up- to-date contact information. 7

8 The Internet Society 4. Global Validation Facilitate validation of routing information on a global scale. Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties. 8

9 The Internet Society MANRS is not (only) a document – it is a commitment 1)The company supports the Principles and implements at least one of the Actions for the majority of its infrastructure. 2)The company becomes a Participant of MANRS, helping to maintain and improve the document and to promote MANRS objectives 9

10 The Internet Society Public launch of the initiative - 6 November 2014 10

11 The Internet Society A growing list of participants 11

12 The Internet Society Current Activities Expanding the group of participants Looking for industry leaders in the region Building a community around MANRS A trusted mailing list, possible other activities Developing better guidance Tailored to MANRS In collaboration with existing efforts, like BCOP 12

13 The Internet Society Are you interested in participating? 13 Anti-SpoofingFilteringCoordinationGlobal scale

14 The Internet Society I suspect some of you are asking yourself 14 My company has always taken security seriously, we’ve implemented many of the Actions and much more long time ago… - Why joining MANRS now? What difference will it make?

15 The Internet Society Is any of these a good reason? 15 Because routing security is a sum of all contributions Because this is a way to demonstrate a new baseline Because a community has gravity that can attract others

16 The Internet Society Is your local operational community interested in this tool? 16 Relatively small communityx with a common operational objective MANRS as a reference point MANRS as a platform you can build related activities

17 The Internet Society 17 What the participants say

18 The Internet Society 18 We believe the security, stability, and resiliency of the Internet operation can be improved via distributed and shared responsibilities as documented in MANRS. As one of the largest academic networks in the world, CERNET is committed to the MANRS actions. Xing Li, Deputy Director, CERNET Adherence to MANRS is an important commitment that operators make back to the Internet community. Together we aim to remove the havens from which miscreants maintain the freedom and anonymity to attack our network and our customers. David Freedman, Claranet Group Comcast is committed to helping drive improvements to the reliability of the Internet ecosystem. We are thrilled to be engaged with other infrastructure participants across the spectrum and around the globe in pursuit of these goals. Jason Livingood, Vice President, Internet Services, Comcast Cogent supports the efforts championed by the MANRS document. The issues being promoted need practical, effective improvements to support the continued growth and reliance on the Internet. Hank Kilmer, Cogent Workonline implements the recommendations contained in the MANRS document by default. By publicly stating the measures that we take to ensure the robustness of our network, we hope to encourage our customers and peers to do the same. Ben Maddison, Director - Network Operations & Strategy, Workonline Communications (Pty) Ltd As one of the most connected Internet providers in the world, security of the Internet is top- of-mind at Level 3 Communications. The Internet is a shared responsibility, and only through these important collaborative efforts can we continue to ensure the protection of this collective infrastructure. Dale Drew, Senior Vice President, Chief Security Officer at Level 3 Communications. We believe that the objectives and scope match our beliefs and our behaviour, and that by signing up, we may help encourage others to do so. Ian Dickinson, Network Architect, Sky Zayo is interested and desires to be more active in promoting global routing security; the MANRS document is in our (and my) opinion a really good initial level of recommendations. I think that the more participation in MANRS, the safer our routing ecosystem. And a safer routing system is good for all of us! Robert Hagens, VP, IP Architecture, Zayo Good network routing practice is the fundamental requirement for trust between providers, and ultimately creates a safer and stronger internet for customers. KPN is committed to providing secure and trustworthy communications, and by joining partners in MANRS, we continue to improve security and resiliency for all. Jaya Baloo, Chief Information Security Officer, KPN We believe in the value of coordination and shared responsibility to have a more secure Internet infrastructure. We strongly agree with the principles, the scope and the actions written in the Routing Resilience Manifesto. Gianfranco Delli Carri, IT.Gate S.p.A. We feel every effort to enhance security in the Internet is worthwhile and therefore support this initiative. Jan Boogman, Swisscom Ltd. We, at AS59715, believe that global cooperation should be a prerequisite to run an Autonomous System and MANRS is the right place to make it happen. Antonio Prado, Chief Technology Officer, SBTAP

19 www.internetsociety.org https://www.routingmanifesto.org/ https://www.manrs.org/

Download ppt "Www.internetsociety.org How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky."

Similar presentations

The role of networks in the process of immigrant integration NIKOS STATHOPOULOS, NIKOS STATHOPOULOS, DIRECTOR, G&D SOCIAL LAB LTD Integration programs.

The role of networks in the process of immigrant integration NIKOS STATHOPOULOS, NIKOS STATHOPOULOS, DIRECTOR, G&D SOCIAL LAB LTD Integration programs.
Embedding Public Engagement Sophie Duncan and Paul Manners National Co-ordinating Centre for Public Engagement Funded by the UK Funding Councils, Research.

Embedding Public Engagement Sophie Duncan and Paul Manners National Co-ordinating Centre for Public Engagement Funded by the UK Funding Councils, Research.
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
Your Technology Is Connected. Are You? Your technology doesn’t exist in a vacuum. Welcome to the networked and interconnected technology ecosystem where.

Your Technology Is Connected. Are You? Your technology doesn’t exist in a vacuum. Welcome to the networked and interconnected technology ecosystem where.
OpenStand and Collaborative Communities For innovation, solutions and market growth Kantara Initiative 3 June 2014 Summit Karen McCabe Senior Director,

OpenStand and Collaborative Communities For innovation, solutions and market growth Kantara Initiative 3 June 2014 Summit Karen McCabe Senior Director,
1 Attracting and Retaining Human Capital David Lofquist, HR Director for Russia, ExxonMobil.

1 Attracting and Retaining Human Capital David Lofquist, HR Director for Russia, ExxonMobil.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.
Transition of U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) Stewardship of the IANA Functions to the Global.

Transition of U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) Stewardship of the IANA Functions to the Global.
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.
WHAT IS ISO 9000.

WHAT IS ISO 9000.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Connecting Classrooms Online. What is Connecting Classrooms Online?  Connecting Classrooms Online (CCO) provides a single, over-arching framework for.

Connecting Classrooms Online. What is Connecting Classrooms Online?  Connecting Classrooms Online (CCO) provides a single, over-arching framework for.
AN INVITATION TO LEAD: United Way Partnerships Discussion of a New Way to Work Together. October 2012.

AN INVITATION TO LEAD: United Way Partnerships Discussion of a New Way to Work Together. October 2012.
UN GLOBAL COMPACT for NGOs

UN GLOBAL COMPACT for NGOs
1 Consultative Meeting on “Promoting more effective partnership between INGOs and other CSOs” building on Oxfam’s “Future Roles of INGO in Cambodia”, 24.

1 Consultative Meeting on “Promoting more effective partnership between INGOs and other CSOs” building on Oxfam’s “Future Roles of INGO in Cambodia”, 24.
Session Chair: Peter Doorn Director, Data Archiving and Networked Services (DANS), The Netherlands.

Session Chair: Peter Doorn Director, Data Archiving and Networked Services (DANS), The Netherlands.
THE ROAD TO OPEN ACCESS A guide to the implementation of the Berlin Declaration Frederick J. Friend OSI Open Access Advocate JISC Consultant Honorary Director.

THE ROAD TO OPEN ACCESS A guide to the implementation of the Berlin Declaration Frederick J. Friend OSI Open Access Advocate JISC Consultant Honorary Director.

Similar presentations

Ads by Google