Three Tips for WISPs to Improve Routing Security

By Michelle Opiyo, MANRS Fellow

While technology improvements have led to enhanced performance and greater coverage, fixed Wireless Internet Service Providers (WISPs) face stiff competition in the market. One good way to stand out is to improve security offerings by protecting the core of the Internet – routing security.

This is important because operators rely on an inherently insecure global routing system. It is under constant threat: attacks like route hijacks, route leaks, IP address spoofs, and other harmful activities can lead to denial of service, traffic inspection, lost revenue, reputational damage, and more. These incidents are global in scale, with one network’s routing problems cascading to impact others.

WISPs rely on microwave signal to transmit data over the air between the customer location and the provider’s point of presence (PoP). A receiver at the customer’s location is then cabled to their router to provider Internet access.

They are typically deployed to provide broadband access as a lower capex solution where setting up cabled networks is prohibitively expensive or where deployment of cabled access networks is hampered by terrain or other restrictions. They usually serve low population density areas where the number of subscribers does not justify the cost of deploying a cabled network end to end.

WISPs can do their part to mitigate the shared vulnerability by implementing some simple fixes that guard against common threats. With approximately 70,000 autonomous networks participating in the public Internet, collaboration among operators is essential to achieve global routing resilience.

MANRS is a consolidation of the efforts aimed at improving global routing security by bringing together security-conscious operators to implement four low risk and cost-effective actions to decrease the likelihood of future routing incidents for everyone.

Here are three tips for WISPs to enhance routing security:

1. Design your network with security in mind. It’s easier to make incremental improvements than to completely overhaul your network once significant growth has occurred.
2. Select providers and partners who are as security conscious as you are. This will allow you to have an additional layer of defense. While many WISPs and small-scale ISPs begin as stub networks, growth to a mid-sized network brings with it an increase in interconnection and additional complexity in routing policies, given the increase of transit, peers, and customer networks. Having partners that properly filter routing information across their networks and have well-documented and publicly available routing information is essential in protecting not only your own network but also those of your customers.
3. Join MANRS to gain access to the MANRS Observatory, which offers a wide range of information regarding the state of your network’s routing security. It also lets you track changes over time. In addition, the MANRS actions act as a baseline of routing security that makes it operationally easy to avoid common routing threats. Should they occur, you can easily troubleshoot issues and coordinate with peers for timely resolution.

In summary, the benefits for operators that implement the MANRS actions (filtering, anti-spoofing, coordination, and validation) are as follows:

• Reduced routing incidences traversing your network limit your liability to service-impacting security breaches, and prevent reputational damage from the far-reaching effects of these incidences;
• Competitive differentiation and improved service offering;
• Reduced operational costs as incidents are easier to detect and resolve;
• Ability to effectively coordinate with peers within the community to prevent routing incidents and for expedient resolutions should they occur; and
• Access to a growing and trusted community of like-minded operators which may promote collaboration in other business areas.

I recently hosted a webinar on “MANRS for WISPs” to introduce the initiative to operators. You can watch it here: https://youtu.be/CKeXc_HLUX8.

Learn more about the MANRS Network Operators programme and join us in protecting the core of the Internet!

Editor’s Note: This is a guest post by one of the MANRS Fellows. Fellows are emerging leaders who strongly believe that routing security is an essential component for the future well-being of the Internet and are ready to contribute to its improvement.