The Internet is Helping Us, and We Need to Make it More Secure (by Minding Our MANRS)
The Internet lets us physically distance, yet remain richly connected. Over the last weeks, we've moved teaching and learning, research, and administration from our offices, classrooms and labs to our homes. Last weekend I sang "Happy Birthday" to my son via Facetime, and I connect with fellow parents nearly every day. The Internet is remarkable, but its routing infrastructure is largely insecure and at risk of disruption by accident or malice.
The Internet2 community operates a vast and critical infrastructure, and we have a role in ensuring its health. Over the coming weeks, Internet2 will be ramping up its efforts to support the community's adoption of Mutually Agreed Norms for Routing Security (MANRS).
Some of us are further down the MANRS path than others. We hope to leverage the experience and guidance of our exemplars. The benefits of MANRS will accumulate to everyone as we make progress on broader adoption.
At part of our outreach, Internet2 is hosting Kevin Meynell from the Internet Society on Monday, April 27 at 4 p.m. ET, where Kevin will demonstrate the use of the MANRS’ observatory via Zoom.
Here are the full details of Kevin’s talk:
Minding Your MANRS
There are over 66,000 networks comprising the Internet that exchange reachability information using the Border Gateway Protocol (BGP), but the problem is that BGP is almost entirely based on trust with no built-in validation of the legitimacy of routing updates.
This causes many problems such as IP prefix hijacking, route leaks, and IP address spoofing, and there have been a growing number of major incidents in the past few years. There are solutions to address these issues, but securing one’s own network does not necessarily make it more secure, as it remains reliant on other operators also implementing these solutions, too.
The MANRS initiative looks to address these problems by encouraging network operators, content providers and IXPs to subscribe to four actions including filtering, anti-spoofing, coordination and address prefix validation. MANRS has also developed resources to help implement these. The recently developed MANRS Observatory helps network operators to view routing incidents that affect their networks, to check the general routing health of networks, countries and regions, and to provide a longer-term overview on whether routing incidents are getting better or worse.
About Kevin Meynell
Kevin works at the Internet Society as the senior manager of technical and operational engagement, supporting the deployment of key Internet technologies, including Routing Security and the MANRS initiative.
He previously worked for JANET, the UK NREN, before joining TERENA (now the GÉANT Association) where he worked for the next 16 years on activities including the 6NET and 6DISS IPv6 deployment projects, eduroam, the Global Lambda Interconnect Facility, the TERENA Certificate Service and TF-CSIRT, as well having responsibilities for NREN Development Support in Eastern and Southern Europe and Central Asia.
After leaving TERENA, he worked as the Manager of the Shibboleth Consortium that develops the widely used Shibboleth web single sign-on software before moving to APNIC as its Head of Training in 2014. He joined the Internet Society in October 2015.