Page 92 - SAMENA Trends

Page 92 - SAMENA Trends - May 2020

P. 92

ARTICLE SAMENA TRENDS

Routing Incidents Have Real World threats. Network operators are taking Because BGP has no built-
Consequences collective responsibility for the resilience
Unfortunately, today’s Internet is constantly and security of a critical part of the Internet in security mechanisms, it
under attack from criminals, activists, and infrastructure by agreeing to implement is both easy and common
state-level actors seeking opportunities to four simple actions: for ASes to announce
steal data, impose censorship, undertake 1. Filtering prevents propagation
espionage, conduct cyberwarfare, and of incorrect routing information. incorrect information
otherwise cause disruption. Ensure the correctness of your own (whether accidentally or
announcements and announcements
Because BGP has no built-in security from your customers to adjacent maliciously), and/or to
mechanisms, it is both easy and common networks. send packets with forged
for ASes to announce incorrect information 2. Anti-spoofing prevents traffic with false
(whether accidentally or maliciously), source IP addresses. Enable source (or "spoofed") IP source
and/or to send packets with forged (or address validation for at least single- addresses. This can lead
"spoofed") IP source addresses. This can homed stub customer networks, your to large-scale Distributed
lead to large-scale Distributed Denial-of- own end-users, and infrastructure.
Service (DDoS) attacks, service disruption, 3. Coordination facilitates global Denial-of-Service (DDoS)
and traffic interception, redirection, or operational communication between attacks, service disruption,
modification, which all pose significant network operators. Maintain globally
and substantial security risks. accessible up-to-date contact and traffic interception,
information in common routing redirection, or modification,
Routing incidents are increasing as more databases, and respond in a timely
networks have joined the Internet, often fashion if incidents occur. which all pose significant
with inexperienced staff, and as bad actors 4. Global Validation verifies routing and substantial security
have learned to exploit BGP’s limitations. information on a global scale. Publish risks.
your routing policy so others can
See the [SIDEBAR] to learn more about validate what information is correct. the need to demand enhanced routing
types of routing incidents and real-world security. You can help in two ways:
examples. How You Can Help 1. Lead By Example: Implement the
The MANRS Actions are well-established MANRS Actions and do your part for
How MANRS Can Help industry best practices, and are designed the security of the Internet. Network
Mutually Agreed Norms for Routing Security to be low-cost and non-controversial. operators - including all organizations
(MANRS) is a global initiative, supported by However, many network operators still with ASes - can help make routing
the Internet Society, that provides crucial have not implemented them, and most security a new norm and a baseline for
fixes to reduce the most common routing enterprises have not yet fully realized other networks to follow. That will also
Following data from the MANRS Observatory shows the State of Routing Security in all the SAMENA member countries.

Learn more about MANRS by visiting the website at https://www.manrs.org.
92 MAY 2020

87 88 89 90 91 92 93 94 95 96 97