Categories
Building Trust Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Dear Network Operators, Where Are Your MANRS?!

As we just published over on the MANRS blog, we are approaching the second anniversary of launching the MANRS initiative in which network operators from around the globe work together to improve the security and resilience of the global routing system. We have just published a press release about MANRS and are working to increase MANRS’ visibility in wider circles.

We have now grown to over 40 network operators. From the press release: “As networks have come under increased stress from corporations, governments and other actors, not all benign, the visibility of the Internet’s routing infrastructure as a critical component has become as high as that of the Domain Name System (DNS) or other core infrastructure,” said Olaf Kolkman, Chief Internet Technology Officer (CITO) at the Internet Society. “By promoting routing security and resilience, MANRS gives operators a way to demonstrate their commitment to networking excellence, helping to restore trust in the Internet to anxious peers, businesses, customers and individuals.”

We are embarking upon this public relations outreach to inform more network operators about the initiative, grow its membership, and work toward improving routing security for everyone on the Internet.

Read the full release here, and stay tuned for a coverage recap in a few days! You can also follow along on the MANRS Twitter account or MANRS blog for coverage as it comes in.

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Technology

Discussing MANRS at RIPE 72 Next Week

Some time ago, a group of MANRS participants agreed that it’d be a good idea to have more precise guidance for the implementation of MANRS Actions. Having such a document could serve at least two purposes:

  • Ease deployment of measures required by MANRS (stub networks or small providers – the majority of ASNs)
  • Help check if the network setup is compliant with MANRS

Job Snijders presented this idea and an outline of the MANRS BCOP document at RIPE71 in November 2015. The idea was supported by several network operators and experts who joined the team to develop such guidance. Since then the team has done some heavy lifting as it appeared even the implementation of basic routing security practices cannot be accomplished by a single line in a config file!

We plan to present this work at the RIPE BCOP TF on May 23 during the RIPE meeting. If you are planning to attend RIPE72, please join the discussion.

This is a work in progress, but you can find the current version of the document here:

https://docs.google.com/document/d/1fQxknkC3_ggdNnPF3NfaWFpmc4ajTonVQIiD9DYBhlg/edit?usp=sharing

We welcome your review and contributions. We expect that shaping up of the document will continue in the RIPE BCOP TF.

[Editor’s Note: This post was originally published on the Routing Resilience Manifesto blog at https://www.routingmanifesto.org/2016/05/discussing-manrs-at-ripe-72-next-week/.]

Categories
Building Trust Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

More Fraudulent Routing = More Need for MANRS

Last week Doug Madory from Dyn Research presented a new set of examples of fraudulent routing, this time coming out of the Ukraine. Most of them are cases of address squatting, when a network announces an arguably unused space to do bad things like spam or malware.

They often do this (a) to hide and redirect attribution for these bad things if they are discovered, and (b) to avoid being banned by various blacklists. Like parasites, they hijack someone else’s address space, exploit it for awhile, and then move on.

Doug has observed two concerning trends. First, criminals’ assumptions are not always correct about how “unused” the address space is. A seemingly unused space can be used once in awhile, like the APRICOT network that is only used about four weeks a year. But when this usage clashes with a hijacking the impact can be severe, leading to a massive denial of service on the network.

A second trend is that criminals are getting better at hiding. Not only announcing others’ space, but also forging the AS path – a BGP attribute showing networks that routing information passed through to get to a specified router. This forged path shows the correct origin for the announced address space, so it is hard to detect and hard to filter out.

The good news is that incidents like this can be spotted and prevented if more networks begin watching more carefully what their customers are announcing. And the more networks do that, the fewer opportunities there are for criminals to exploit the global routing system, undermining its stability and security.

The MANRS actions are aimed exactly at that. MANRS defines a new industry norm for routing security that will to a great extent prevent incidents like this and improve confidence in the routing system of the Internet.

Are you a network operator already implementing the MANRS actions? Sign up today to show your support for MANRS! Interested in learning more? Read the full MANRS document and its expected actions, or contact us with any questions.

[Editor’s Note: This post originally appeared on the MANRS Blog at https://www.routingmanifesto.org/2016/03/more-fraudulent-routing-more-need-for-manrs/.]

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

MANRS and Routing Security in the News!

The Internet Society’s Andrei Robachevsky recently discussed with IDG News Service Collaborative Security, MANRS, and how we can work together to make the Internet’s routing system a safer and more stable place. In “Fixing the Internet’s routing security is urgent and requires collaboration,” Andrei and others discuss anti-spoofing, DDoS attacks, and more.

Regarding MANRS, specifically, here’s a snippet of the article:

“Implementing the MANRS recommendations, which are based on existing industry best practices, can have some short-term costs for ISPs, but according to ISOC, that’s probably not the reason why many of them have failed to implement them. The bigger problem, the organization believes, is a lack of awareness about these problems or not having the expertise to fix them.

The methods through which routing leaks and IP address spoofing can be dealt with are diverse and currently documented in different places across the Internet. That’s why ISOC and the MANRS members are working on a Best Current Operational Practices (BCOP) document that will bring those recommendations together and provide clear guidance for their implementation.

The goal is to assist the small, regional ISPs with adopting these measures, because they make up around 80 percent of the Internet, said Andrei Robachevsky, ISOC’s technology program manager.”

We encourage you to read the whole article, and if you haven’t already looked into MANRS, do it and sign up now!

[Editor’s Note: This blog post first appeared on the MANRS Blog at https://www.routingmanifesto.org/2016/03/manrs-in-the-news/.]

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Paving the Way Forward for MANRS

How do you get a community effort off the ground and make it a success? How do we even define success? Is it the number of participants, general awareness beyond its participants, or new parallel activities that the effort stimulates? Last week during NANOG 66, several MANRS participants met to discuss the challenges we want to address in 2016 and beyond that are critical to the success of this effort.

Someone recently commented that MANRS will start paying off when it begins to motivate network operators to implement the outlined Actions in order to join the initiative. That is, indeed, our objective and that is what we really see as success.

We are not there yet. In the 14 months since MANRS launched, the membership has grown steadily, but the questions remain: What are the main components that can grow it faster, solidify the membership, and mature the whole effort?

In our view there are three: Scalability, Credibility, and Community.

Scalability is about how we facilitate exponential growth and wider promotion of MANRS. We discussed a few potential ideas for us to will work on:

  • Encourage and support existing participants to become active ambassadors of the effort and MANRS.
  • Allow participants to publish guest blog posts related to their experiences on the MANRS website.
  • Develop guidance on how an organization can leverage MANRS to differentiate itself; market it internally and externally; and encourage customers, peers and suppliers to meet this security baseline.
  • Design a cool t-shirt, for MANRS members only.

Credibility is crucial. The attractiveness and motivation to join can be severely affected if operators don’t believe existing participants are running their networks above the norm documented by MANRS. There are two possible avenues to explore:

  • Compliance tests. For some Actions, such tests are relatively easy and we are already doing them when evaluating sign-up requests. Is up-to-date contact information recorded in the PeeringDB, RADB, or RIPE? Does the network publish its routing policy in one of the IRRs?

    It is more difficult to tell if the first two Actions are properly implemented by looking from the outside. Can you say if a network has deployed measures preventing wrong announcements from its customers, or those originated in the network itself? Probably not. But you can infer the opposite – there are potential holes in a network’s outward defense – if you observe announcements from it. It has the caveat of having false negatives, but it is better than no checks. That is what we are probably going to develop: look at the network’s BGP activity over past, say six months, and see if there are “suspicious” events that need further explanation.

    It is almost impossible to test from the outside whether or not a network blocks packets with spoofed source IP addresses (see, for example http://dev.internetsociety.org/doc/addressing-challenge-ip-spoofing). Fortunately, there is a tool operated and maintained by CAIDA called Spoofer that we can ask a potential participant to run to verify compliance with Action 2.

  • Vouching. When building trusted communities, it is common to use vouching when accepting new members. In many cases, peers, upstreams, and customers have a pretty good idea of the quality and security of a network they are dealing with. This probably cannot be the only acceptance test, but vouching for new members can positively contribute to the credibility and further strengthen the community around MANRS.

Community is probably one of the most important elements, since it makes the effort both scalable and credible. How can we make MANRS not a one-off sign-up event, but a continuous collaborative activity? Like security in general, MANRS is not a product – it is a process. Here, participants offered three ideas:

  • Develop a BCOP document that provides guidance for practical implementation of the Actions. This activity is already underway.
  • Use the member-only mailing list for MANRS participants to discuss issues and coordinate actions in a more trusted environment than on a public NOG list. This mailing list already exists.
  • Encourage MANRS participants to contribute to related activities, like URSA.

It was only a lunch meeting, and we could not touch on all aspects or do a deep dive into any specific issue, but the discussion provided great feedback and guidance for the improvements and expansion of the effort.

What other ideas do you have for bringing MANRS to the wider global technical community?

Note: This post originally appeared on the Routing Resilience Manifesto blog at https://www.routingmanifesto.org/2016/02/paving-the-way-forward-for-manrs/.

Categories
Building Trust Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards

Root Server DDoS Attack & How MANRS Can Help

The Internet’s root servers sustained a Distributed Denial of Service (DDoS) attack last week that is gathering quite a bit of media attention. We once again call on all network operators to consider implementing the actions outlined in the Mutually Agreed Norms for Routing Security (MANRS) document and signing on as supporters of the MANRS initiative.

Specifically, in this case we encourage Action #2: Prevent traffic with spoofed source IP addresses.

“Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users, and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network.”

From the Root Server incident report: “On November 30, 2015 and December 1, 2015, over two separate intervals, several of the Internet Domain Name System’s root name servers received a high rate of queries.” The report concludes with, “Source Address Validation and BCP-38 should be used wherever possible to reduce the ability to abuse networks to transmit spoofed source packets.”

While Source Address Validation and BCP-38 are certainly important, we believe a culture of collective responsibility is vital to maintaining the security of the Internet’s routing infrastructure. By signing onto MANRS and implementing all four Actions called for in the document, we can make progress!

[This post first appeared on the Routing Resilience Manifesto blog at https://www.routingmanifesto.org/2015/12/root-server-ddos-attack-how-manrs-can-help/.]

[Photo Credit: iStock]
Categories
Building Trust Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

MANRS Turns 1 and First Japanese Operator, IIJ, Joins

Just over one year ago, on the 6th of November 2014, a group of 9 network operators launched an effort called MANRS – Mutually Agreed Norms for Routing Security. We also kept another name – Routing Resilience Manifesto – to emphasise the collaborative and collective nature of it.

Since then more operators have joined, bringing and promoting the initiative all around the globe.

On its first anniversary, MANRS has expanded its geography to Japan! A company that is known for its innovative vision, advanced technology, and attention to security, Internet Initiative Japan Inc., or IIJ, has joined the group of MANRS participants.

“Coordination and cooperation based on our relationships of mutual trust are the key elements to run the Internet, and we have shared responsibilities to improve the Internet operation. As part of the Internet operation community, IIJ is committed to the MANRS actions,” said Junichi Shimagami, Director CTO of Internet Initiative Japan Inc.

We are looking for more leaders – networks that have already implemented the MANRS recommendations and much more – to sign up, support this effort, and encourage others!

[Editor’s Note: This blog post was originally published on the Routing Resilience Manifesto site at https://www.routingmanifesto.org/2015/11/manrs-turns-1-and-first-japanese-operator-iij-joins/.]

Image Credit: istock.com
Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Technology

Taking MANRS on the Road Going North

Two weeks ago, we organized a panel discussion on the Mutually Agreed Norms for Routing Security (“MANRS”) document at NANOG65 in Montreal. It was wonderful to see that three MANRS participants – Tony Tauber (Comcast), Job Snijders (NTT), and Rob Hagens (Zayo) – were on the panel discussing some important aspects of MANRS and routing security in general. Andree Toonk from BGPmon.net also participated, providing an overview of the security landscape.

Perhaps the most important questions were: (a) Why join MANRS? and (b) What difference can it make?

I think the takeaways from this discussion can be summarized in three bullet points:

  • Because security of the global routing system is a sum of all contributions
  • Because this is a way to visibly define and promote a new baseline in routing security
  • Because a community has gravity that can attract others, producing a network effect

Another, similar discussion happened again last week, this time in Northern Europe, in Stockholm during the Netnod meeting.

The title of my presentation, “How can we work together to improve security and resilience of the global routing system?” contained part of the answer that MANRS participants believe in: we can only improve the situation by working together. And the MANRS initiative itself offers a possible answer to the how.

Reflecting on an old well-known incident of YouTube prefix hijacking, one can observe that YouTube, by itself, could not protect its network from hijacking, but that Pakistan Telecom and PCCW could. What YouTube could have done is mitigate the attack – and that is what it did – but the damage had already been done. Another thing that a network can do is to help others to protect their networks. For instance, letting others know what announcements to expect by registering this information in an IRR, or RPKI.

The promise of MANRS is that it can help others to protect your network. But to make this happen, you should join, too.

There was strong support for the idea that implementing the actions identified in MANRS is a good way to go that can make routing more secure and reliable. There was less agreement that one should also join the MANRS initiative, though. Apart from traditional shyness (we are simply doing our job well), there are other factors, like perceived difficulties of convincing other people in the company of the benefits of this initiative.

Write us (http://www.routingmanifesto.org/contact/) if you want to discuss this further, or simply share your doubts and concerns – that is very helpful, too!

And if you are ready and convinced – Gå med i MANRS idag!!

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Why Routing Security Matters, and IXPs Play a Role

Routing incidents happen all the time, but for an individual average network operator they seem somewhat infrequent. When these routing incidents happen, though, they have real – and negative – consequences. Does this infrequency mean we don’t have to worry? Here we outline three reasons why network operators MUST be concerned about routing security incidents.

Background

A year ago, the Internet Society and BGPmon conducted a routing resilience survey focused on collecting routing incident data from operators’ points of view. It showed that many network operators have routing security incidents at least once a month, and about 5% of those incidents have real (and negative) network impacts.

But, for the majority of the networks in the survey, it was business as usual most of the time, and changes in the routing system we observed were related to connecting new customers or changing providers.

Does this mean there is nothing to worry about? No problems?

The answer is – no. If you’re a network operator, you should be concerned.

First, lack of routing security can cause outages.

Routing system vulnerabilities are well known and incorrect routing configuration changes or malicious announcements propagate quickly and can often cause significant damage – a DoS attack, non-optimal traffic flow affecting network performance, or traffic interception (“hijacking”).

In these cases, customers are negatively affected and you might not meet your service level agreements. The challenge here, as I mentioned before, is the seeming infrequency of such incidents with potentially significant impact. Humans are not very good at assessing probabilities; we buy lottery tickets hoping to win big, but worry about being hit by lightning during a thunderstorm when in fact the probability of the latter is less than that of the former…

Second, many routing incidents go under the radar and can affect your network’s reputation.

There is a growing trend of abusing routing vulnerabilities through various types of malicious activities, like sending spam or spreading malware. Unlike DoS incidents with high public exposure – like the YouTube route hijacking – these incidents have less impact on network operations and may go unnoticed for months. Criminals are trying to avoid exposure by squatting on unused address space or limiting the propagation of bogus announcements. On the surface it looks like nothing “bad” has happened to your network – apart from increased spam or malware – leading to greater difficulty tracking down the criminals.

But, attacks of this sort may have another impact – they affect your reputation as a network operator. Network and address blocks are more likely to be put on blacklists, impacting services for your customers and users and potentially affecting your ability to make peering arrangements.

Finally, routing security has a strong social component

It turns out, your network protection is in the hands of other networks. For example, to protect your network from route hijacking, other networks must act and take measures. At the same time, deploying these protective measures often has costs and less obvious benefits for their own network.

Let me put it another way – you don’t get the benefits of routing security technology by doing this alone – your network security depends on whether other operators deploy these measures, too. The more networks deploy them, the more return on investment everyone gets.

We believe that global adoption of routing security measures can be most effectively motivated in local communities, like Internet Exchange Points (IXPs) or small Network Operator Groups (NOGs). In these communities people usually know each other and collaboration is often part of the culture, since they have common operational objectives.

A global effort called the Mutually Agreed Norms for Routing Security (MANRS, aka Routing Resilience manifesto) can help here, by providing visibility and awareness, a common platform, and a baseline for recommended security actions.

The foundation of MANRS is existing security building blocks and new ones that are being developed; there is an array of solid best-practices for additional checks on routing information a network receives from its customers and peers.

To paraphrase slightly what I wrote in one of my recent blog posts, “MANRS + IXPs = A MORE Secure Internet Routing System”:

“We see MANRS as a tool for local communities, like Internet exchange points (IXPs), to create a new norm for more secure and resilient routing.”

Are you interested in signing up to officially show your support for MANRS and collaborative routing security? Visit www.manrs.org, read the whole document, and let us know you’re onboard!

[Editor’s Note: This was cross-posted on the IXP Toolkit website at http://ixptoolkit.org/blog/2015/07/23/why-routing-security-matters-and-ixps-play-role.]

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Talking MANRS at NANOG On The Road Tomorrow in Herndon, VA

I’ve been invited to give a short talk on MANRS at NANOG On The Road in Herndon, Virginia tomorrow (23 June). I’ll talk about the Routing Resilience Manifesto, the Mutually Agreed Norms for Routing Security (MANRS) document itself, and the four recommended actions outlined, as follows:

  • Filtering – Prevent propagation of incorrect routing information.
  • Anti-spoofing – Prevent traffic with spoofed source IP addresses.
  • Coordination – Facilitate global operational communication and coordination between network operators.
  • Global Validation – Facilitate validation of routing information on a global scale.

The NANOG On The Road Agenda is packed with sessions on security, so this is a wonderful opportunity to explain the Routing Resilience Initiative, MANRS, and how to sign up and get involved.

The event won’t be live streamed, but it will be recorded and the video and slides will be posted on the NANOG website. I’ll let you know when the links are up.

Will you be there? I’d love to chat with you!

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS)

Are Network Security Issues Stifling Innovation? We’ll discuss at BTE 2015 Next Week.

Next week I’ll be a panelist at Light Reading’s Big Telecom Event in Chicago. The panel I’m on is called “Network Security: Is Security the Big Showstopper?” Heavy Reading Analyst Patrick Donegan moderates, and I’ll join other industry experts from Telus, the OpenCloudConnect Security Working Group, and Covata. The panel is on Tuesday, June 9, from 3-4pm.

There is often, and rightly, a great deal of attention given to technologies and services that network operators can employ to make their own networks more secure. These solutions are incredibly important, but are limited to what can be done within a single operator’s network(s). One of the key aspects of making networks more secure, however, is the collaborative aspect of security that involves implementing technologies that improve the overall security of the Internet. In the absence of these kinds of improvements, the overall security of networks connected to the Internet will remain limited.

At the Internet Society, we have been encouraging network operators to embrace a set of practices developed by the Internet technical community and endorsed by a group of leading networks operators. These practices are described in the Routing Resiliency Manifesto, a set of mutually agreed norms for routing security. These norms intend to address problems relating to incorrect routing information, spoofed source IP addresses, and coordination and collaboration between network operators. The manifesto calls for a set of actions from all network operators and we have seen a continually increasing number of network operators sign up to be counted as participating in this global initiative.

We believe these kinds of collaborative security activities will make a better, more robust, and more secure Internet for every network operator who connects to it, and in turn enhance the security of their own networks by making it more difficult for bad actors to engage in malicious activity targeting individual networks.

Our assertion is that security is not the big showstopper, but that making the Internet more secure for all its participants is a major undertaking. Every operator must look at not only securing their own networks, but contributing to the global activity of making the entire Internet more secure for the benefit of every network operator. The Internet is a tremendous engine for innovation and it’s exciting to anticipate the innovation possible on it going forward. Indeed part of that innovation itself is making the Internet more secure and there is a world of opportunity for those who can contribute to that goal. We look forward to the discussion on this important topic next week.

About BTE

You are invited to join Light Reading and the Internet Society as a VIP attendee at Light Reading’s Big Telecom Event, taking place June 9 and 10 in Chicago. BTE 2015 will comprise a conference where more than 200 of the leading minds in telecommunications will discuss the technologies poised to revolutionize the world’s economy.

Don’t miss your opportunity to attend the communications industry’s fastest-growing event, featuring:

  • Keynote speakers from AT&T, Arista, BT Wholesale, Brocade Centurylink Cloud Cisco, Google, Intel, Internet Society, Level 3 Communications and Time Warner Cable.
  • A demo floor of 60-plus telcos and industry associations, giving attendees real-world perspective into the latest and most innovative telecom solutions. We’ll be in booth #203 and would love to talk to you!
  • Incredible networking opportunities including a pre-qualified audience of more than 1,000 service provider attendees, networking lunches and cocktail receptions on the demo floor and a Battle of the Bands concert open to all attendees.

Register here today.

VIP attendees of ISOC will receive:

  • VIP Onsite Check-In
  • VIP Welcome Gift
  • The Heavy Reading Exclusive BTE Research Package: A 5,000 word strategic analysis of the state of the art in monetizing next-generation, high-capacity networks, produced exclusively for BTE VIP attendees

VIP attendees of ISOC who do not qualify for free admission will also receive 20% off early-bird admission prices. Enter promo code: ISOC20

BTE provides complimentary admission for verified employees of service providers, operators, financial & educational institutions, utilities, and government agencies.

Categories
Encryption Improving Technical Security IPv6 Mutually Agreed Norms for Routing Security (MANRS) Open Internet Standards

Talking Encryption, Routing Security, IPv6, and More at Mobile World Congress

Photo: android – google space CC BY-NC-SA 2.0

Next week I’ll be at Mobile World Congress in Barcelona, Spain, talking about pervasive monitoring and additional Internet encryption, increasing routing security and resilience through the MANRS initiative, and growing IPv6 deployments in mobile operator networks. I encourage you to also read my colleague’s blog post yesterday about Kathy Brown’s keynote on the Economics of Internet Governance and Michael Kende’s panel on the regulatory enablers and obstacles to innovation of and for the mobile Internet. For today, though, I’ll focus on our technology messages.

This is a HUGE trade show for the mobile world, and it’s a great opportunity to talk to mobile operators, network equipment vendors, analysts, and others about the technology issues at the intersection of mobile networks and the Internet.

Pervasive monitoring remains a serious threat to every user of the Internet. The Internet technical community is increasing efforts to make all Internet communications more private and more secure. We support those efforts strongly and will be speaking to network operators about the practical issues of getting from where we are today to a more secure and private future.

Working collaboratively to ensure a more secure and stable routing infrastructure is also an important goal for us. To that end, I plan to speak to network operators about signing on to support the actions outlined in the Mutually Agreed Norms for Routing Security, or “MANRS” document, contained within the Routing Resilience Manifesto initiative. The more network operators who agree to the practices outlined in that initiative and who publicly declare that they support such practices, the more likely we will see a truly stable and secure network.

Finally, IPv6 deployment has been growing steadily for the past several years. There are significant mobile deployments at Verizon Wireless and T-Mobile USA in the United States, and other smaller scale deployments in mobile networks around the globe, but there is much work to be done. We would like to encourage more IPv6 uptake in mobile networks and plan to speak to operators about impediments to that progress. (As always, our Deploy360 Programme is poised to help operators get started.)

If you’re planning to attend Mobile World Congress and would like to discuss any of these issues, please drop me a note in the comments here or via our social media channels – Twitter, Facebook, or Google+. My colleague Phil Roberts and I would love to spend some time speaking with you in Barcelona.