Right now, the internet is comparable to the Wild West. It is open and free, making it fantastic for business and collaboration, but also vulnerable to outlaws who are eager to commit malicious attacks and misconfiguration caused by human error. There is a lack in best practice implementation of security protocol making the internet’s routing system vulnerable to routing leaks and IP address spoofing - but this doesn’t need to be the case.
ISOC is an international non-profit that advances the internet as a global technical infrastructure, a resource to enrich people’s lives and a force for good in society. In 2014, they launched the Mutually Agreed Norms for Routing Security, or MANRS. Based on existing best practices in the industry, MANRS is a promise on behalf of network operators around the world to clean up their part of the Wild West and improve the security of the global routing system.
Operators who choose to adopt MANRS commit to a variety of security protocols that prevent the circulation of incorrect routing information, prevent traffic with spoofed IP addresses and encourage the validation of global routing information.
MANRS helps in four ways. Many operators are already doing their part but there is a disconnect between them and the broader network. For the most part, they aren’t aware where they are vulnerable or that a solution exists. The purpose of MANRS is address these gaps by prompting network operators to review and revise their protocols in whichever four categories they need to improve. According to ISOC, the four categories are the following:
- Filtering: Prevent propagation of incorrect routing information
- Anti-spoofing: Prevent traffic with spoofed source IP addresses
- Coordination: Facilitate global operational communication and coordination between network operators
- Global Validation: Facilitate validation of routing information on a global scale
MANRS is a great initiative, and one that we desperately need, but it will require a community effort across the globe to implement change. I encourage everyone in Canada, or across the world for that matter, to reach out to your internet service provider and ask them what they are doing to address vulnerabilities and improve the global routing system. At CIRA, we’re about to embark on our own journey with MANRS by looking inwards and identifying where we can implement MANRS’ best practices.