1 / 25

Propuestas Concepción 2018

Propuestas Concepción 2018. Marzo 2018. Christian O’Flaherty Regional Development oflaherty@isoc.org. Date 2016.

reese
Download Presentation

Propuestas Concepción 2018

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presentation title – Client name Propuestas Concepción 2018 Marzo 2018 Christian O’Flaherty Regional Development oflaherty@isoc.org Date 2016

  2. Founded in 1992 by pioneers of the early Internet, the Internet Society drives technologies that keep it open and safe. We promote policies that empower people toenable universal access for all. • We stand for a better Internet. • 2

  3. The Internet Society at Work • Promotes Internet technologies that matter • Provides leadership in policy issues • Advocatesopen Internet standards • Develops Internet infrastructure • Undertakes outreach that changes lives • Recognizes industry leaders

  4. Mutually Agreed Norms for Routing Security MANRS

  5. The Internet appears seamless due to trust • IP prefixes are learned in BGP from a customer, propagated to all your “peers,” who pick the “best” announcement and propagate that path to their customers • These relationships may span continents • The reverse path must signal correctly too for the Internet to work and this path may traverse different networks • IP packets are forwarded from one hop to the next hop closer to the destination with minimal inspection

  6. This trust can break down • My network accepts an invalid routing announcement which I propagate, my peer decides it is the “best path” and announces it to their customers • The “best path” was not selected because it can deliver traffic to the destination, but rather for lower cost, “nearest exit” • Traffic is being discarded, but how does the affected party contact the correct person to fix a problem that may traverse continents?

  7. What is available to improve Internet security? • Tools • Prefix and AS-PATH filtering, RPKI, IRR, … • Ingress and egress anti-spoofing filtering, uRPF, … • Coordination and DDoS mitigation • Challenges • Your safety is in someone else’s hands • Implementing control plane fixes at just one network to network interface does not resolve the problem • Technological fixes and mitigation efforts can sometimes break seamless end-to-end forwarding of legitimate traffic

  8. Welcome, Mutually Agreed Norms for Routing Security (MANRS)! • The Internet is successful because of its long history of collaboration. • To stimulate visible security improvements, we need a culture of collective responsibility. • The Routing Resilience Manifesto, underpinned by the “Mutually Agreed Norms for Routing Security (MANRS)” document, aims at supporting this goal.

  9. Mutually Agreed Norms for Routing Security (MANRS) • Defines four concrete actions that network operators should implement. • The problem cannot be solved alone - the real effect of the measures depends on how broadly they are adopted. • MANRS tries to merge technology and people together to help craft a solution.

  10. Good MANRS • Filtering – Prevent propagation of incorrectrouting information. • Anti-spoofing – Prevent traffic with spoofed sourceIP addresses. • Coordination – Facilitate global operational communication and coordination between network operators. • Global Validation – Facilitate validation of routing information on a global scale.

  11. 1. Filtering • Prevent propagation of incorrect routing information • Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity. • Network operator is able to communicate to their adjacent networks which announcements are correct. • Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces.

  12. 2. Anti-Spoofing • Prevent traffic with spoofed source IP address • Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network.

  13. 3. Coordination • Facilitate global operational communication and coordination between the network operators • Network operators should maintain globally accessible up-to-date contact information.

  14. 4. Global Validation • Facilitate validation of routing information on a global scale. • Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties.

  15. MANRS is a document – and it is a commitment • The company supports the Principles and implements at least one of the Actions for the majority of its infrastructure. Implemented Actions are marked with a check-box. The Action "Facilitate global operational communication" cannot be the only one and requires that another Action is also implemented. • The company becomes a Participant of MANRS, helping to maintain and improve the document, for example, by suggesting new Actions and maintaining an up-to-date list of references to BCOPs and other documents with more detailed implementation guidance.

  16. https://www.manrs.org FIN MANRs

  17. SOS Internet Experienciasensituaciones de Emergencia

  18. Recomendaciones Previas – Durante - Recuperación

  19. Ejemplos de Recomendaciones • Preparación: Como amurar racks, fijarservidores, cables de alimentación, ubicaciónequiposen rack (de abajo a arriba), etc. • Durante: Acceso a lugaresafectados, energía (combustible, baterias), comoaprovecharayuda, priorizar, cuidar el espectro, etc. • Recuperación: Ayudar a repararenlugar de desplegarnuevasredes

  20. PEDIDO: • Sumarse al grupo de WApp • Ayudar con la evaluación de Proyectos • Colaborar con documentos (revisión, sugerencias, autoría, etc.) • Participarenreuniones, representar al grupo, viajar.

  21. FirstnameLastname Job title surname@isoc.org

  22. There are many ways to support the Internet. Find out today how you can make an impact.

More Related