Internet Routing with MANRS
By Fred Baker
The Internet as we know it is approximately 35 years old. The Border Gateway Protocol (BGP), the primary backbone routing protocol, was designed before we knew much about security; we have been changing and fixing it as our knowledge has increased. Improvements include the establishment of specific data to help operators identify what routing data is valid and what is not, as well as specific operational practices to address known attacks. To date, the biggest problem with those capabilities is that many operators remain either unaware or unconvinced that their participation is needed if matters are to improve.
Charles Dudley Warner famously said, “Everybody complains about the weather, but nobody does anything about it.” In the summer of 2014, a group of companies made the same observation about Internet routing—and then did something about it. The result is the Mutually Agreed Norms for Routing Security[1], or MANRS, a global initiative designed to collaboratively provide crucial fixes to reduce the most common routing threats. And the acronym is no accident, the authors are making a point: it is good etiquette, good manners, to say trustworthy things when speaking to one’s neighbour. MANRS actions result in trustworthy Internet routing, a reasonable basis for a business.
At the writing of this report, more than 100 Internet service providers (ISPs)[2] and Internet exchange points (IXPs)[3] , comprising hundreds of Autonomous Systems (ASs) in many countries, have agreed to take the following four actions:
- Filtering route origins
- Anti-spoofing of source addresses in Internet traffic
- Coordination of actions
- Global validation of routing announcements
Individually, the four steps are quite straightforward. While they require some effort, that effort is neither difficult nor expensive for most implementations. The issues those steps address, however, are costly from both insurance and public relations perspectives. For example, if a company’s traffic is misrouted to someone who harvests access credentials and uses them to hack the company or its customers, hundreds of millions of dollars in damage could be accrued. What’s more, the company misrouting the traffic could be found culpable. More than simply good route hygiene or cheap insurance, these recommended actions might be all that stands between your network and the financial and public relations nightmare of a security breach.
Governments are taking notice of routing issues. For example, in the United States, the National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) recently reinforced the importance of the MANRS project by publishing a draft US standard[4], [5] along the same lines. In addition to Resource Public Key Infrastructure (RPKI)[6] and route origin validation (ROV)[7] , the NIST–DHS standard calls for path validation via Border Gateway Protocol Security (BGPsec), which is a possible future building block for routing security. US Government networks and companies that contract with governments in the United States should anticipate fulfilling requirements similar to those outlined in the MANRS agreement.
This paper explores some of the issues surrounding routing security and provides examples of both implementation approaches and where those approaches have been used to successfully prevent or mitigate attacks. It includes the following sections:
- Section 2: Introduction. A description of the issues around Internet routing and why we need to address the security of it.
- Section 3: The Four MANRS Actions. An outline of the four MANRS actions and how they may be cost-efficiently and effectively carried out.
- Section 4: Conclusion. Possible next steps.
- References. For those interested in more detail, this paper references a number of reports and relevant online commentary.
Read and download Fred Baker’s white paper, “Internet Routing with MANRS“.
Endnotes
[1] https://www.manrs.org/
[2] https://www.manrs.org/participants/
[3] https://www.manrs.org/participants/ixps/
[4] https://www.zdnet.com/article/standard-to-protect-against-bgp-hijack-attacks-gets-first-official-draft/
[5] https://www.zdnet.com/article/standard-to-protect-against-bgp-hijack-attacks-gets-first-official-draft/
[6] Resource Public Key Infrastructure, also known as Resource Certification, is a specialized public key infrastructure framework designed to secure the Internet’s routing infrastructure.
[7] Route Original Validation describes route filtering in order to ensure that the routes received match RPKI-certified specifications
Routing Security for Policymakers
An Internet Society White Paper
Although unseen to the average user, Internet Protocol (IP) routing underpins the Internet. By ensuring that packets[1] go where they are supposed to, routing[2] has a central role in the reliable function of the Internet. It ensures that emails reach the right recipients, e-commerce sites remain operational, and e-government services continue to serve citizens. The security of the global routing system is crucial to the Internet’s continued growth and to safeguard the opportunities it provides for all users.
Every year, thousands of routing incidents[3] occur, each with the potential to harm user trust and handicap the Internet’s potential.[4] These routing incidents can also create real economic harms. Key services may become unreachable, disrupting the ability of companies and users to participate in e-commerce.[5] Or packets may get diverted through malicious networks, providing an opportunity to spy on them.[6] While known security measures can address many of these routing incidents, misaligned incentives limit their use.
All stakeholders including policymakers, must take steps to strengthen the security of the global routing system.[7] This can only be done while also preserving the vital aspects of the routing system that have enabled the Internet to be so ubiquitous and improving their security. Through leading by example in their own networks, strengthening communication, and helping realign incentives to favor stronger security, policymakers can help improve the routing security ecosystem.
Read and download “Routing Security for Policymakers.”
The white paper is also available in French and Spanish.
Endnotes
[1] Network packets or “packets,” are data sent over a network or networks.
[2] Routing is the practice of determining the way to get data from one location to another location over a network or multiple networks.
[3] Routing incidents are Border Gateway Protocol updates that have a negative impact.
[4] https://www.internetsociety.org/blog/2018/01/14000-incidents-2017-routing-security-year-review/
[5] For example, in April 2017, a route leak caused a “large-scale internet disruption that slowed or blocked access to websites and online services for dozens of Japanese companies.” https://bgpmon.net/bgp-leak-causing-internet-outages-in-japan-and-beyond/
[6] For several minutes in April of 2017, a network operator suspiciously hijacked the Internet traffic of several financial services. If intentional, the hijack could have been used to allow the network operator to read unencrypted financial information as it passed through its networks, or to attempt to decrypt encrypted financial information. https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/
[7] While other forms of security (e.g. physical security or data security) are important for all stakeholders, including network operators, this policy brief is scoped to focus solely on improving routing security. For more information on securing the infrastructure of Internet service providers please see: https://www.rfc-editor.org/rfc/rfc3871.txt
MANRS Project Study Report
MANRS was founded with the ambitious goal of improving the security and reliability of the global Internet routing system, based on collaboration among participants and shared responsibility for Internet infrastructure. These are undoubtedly essential pillars supporting the Internet’s tremendous growth and success, but we must better articulate the incentives of contributing to global security and resilience to grow MANRS participation and reach our goals.
To do so, we engaged 451 Research to understand the attitudes and perceptions of Internet service providers and the broader enterprise community around MANRS and how it relates to their organizations. The results of the study are documented in the report below.
There are also two specific use cases available that outline the benefits of MANRS participation for service providers and enterprise organizations: