Content delivery networks, cloud providers can now join routing security group

Google, Facebook, Microsoft, Netflix and Cloudflare are among the big-name companies that have joined an industry-led initiative to reduce the ability of threat actors to abuse the internet’s global routing system for cyber attacks.

The Internet Society said today that those providers and others have agreed to follow the Mutually Agreed Norms For Routing Security (MANRS) after content delivery networks (CDNs) and cloud providers were allowed to join. Until now MANRS was limited to network operators and internet exchange points.

Briefly, MANRS members agree to shore up the security of routing and signalling so threat actors can’t manipulate the ways traffic is routed and launch threats such as distributed denial of service attacks.

Related:

MANRS releases tool to help with compliance

Content and delivery networks and cloud providers don’t exchange packets with other networks, said Andrei Robchevsky, senior director for technology programs at the Internet Society. But, he added, “they connect with a lot of networks on the internet. Everyone wants to peer with a cloud network or a CDN. So the idea is can we leverage their peering power and facilitate some of the improvements in the routing system.

“Big content and cloud providers usually have thousands of networks connecting to them. If they only encourage hygiene and raise awareness of routing security issues among thousands of networks we can’t reach, to actually put filters in place preventing them from emitting incorrect routing information, we expect it will have a big effect.”

MANRS was founded in late 2014 and counts 293 network operators and 48 internet exchange points as members. Canada’s biggest network providers — Bell, Rogers and Telus — have yet to join. U.S. providers who are members include Comcast, a huge cable provider, but not AT&T or Verizon.

Canadian members include the Canarie national university research network, Alberta’s Cybera research network and Quebec’s RISQ network, as well as internet exchange providers TorIX (Toronto), YYCIX (Calgary), YXEIX (Saskatoon), and QIX (Montreal).

Related:

Canadian IXPs join MANRS

In January the World Economic Forum issued a report urging internet service providers to join MANRS.

There are at least 60,000 independent networks that comprise the internet. They exchange what is called reachability information among themselves using the BGP (Border Gateway Protocol) standard. Each network builds its own “map” or routing table of the internet they use to decide where to forward packets. However, the databases of the information held by operators aren’t always accurate. That can cause networks to be hijacked, in addition to service outages.

The Internet Society estimated that in 2017 there were 14,000 routing outages or incidents, including hijacking, leaks, spoofing and large-scale Denial of Service (DoS) attacks.

The MANRS rules encourage members to help prevent the spread of incorrect routing information by filtering announcements in their route servers.

Content delivery networks and cloud providers who sign up agree to follow six actions to improve the resilience and security of the routing infrastructure:

  • Prevent propagation of incorrect routing information
  • Prevent traffic of illegitimate source IP addresses
  • Facilitate global operational communication and co-ordination
  • Facilitate validation of routing information on a global scale
  • Encourage MANRS adoption
  • Provide monitoring and debugging tools to peering partners (optional)

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now