Site icon IT World Canada

MANRS tool for network providers aims at improving Internet routing security

Image by Monsitj from GettyImages.ca

The Internet Society has added a free online tool for Internet providers who are members of its Mutually Agreed Norms for Routing Security (MANRS) initiative to better help them measure compliance with the voluntary standard.

Called MANRS Observatory, it tracks the number of routing incidents by region and by country, and monitors metrics for MANRS actions.

It does this by aggregating data from a number of trusted third-party sources into a dashboard, allowing network operators to identify problem areas and help them improve the security of their networks.

The Internet Society keeps a public database of MANRS members and what they are doing to adhere to the standard, noted Andrei Robchevsky, senior technology program manager Internet Society, but it isn’t completely transparent. “To improve credibility and the power of this initiative in discussions we decided we needed some factual data to demonstrate the networks have implemented those actions.”

The dashboard has two faces: The public can see general data for countries, while MANRS members will be able to see more detailed data, including those of competitors.

While MANRS members may think the are doing okay, Observatory gives them a view from the outside, Robchevsky said. MANRS participants will be able to see how well they are adhering to the requirements, they will also see how their peers are doing.

In addition, government policy makers will be able to better understand the state of routing security and resilience and help improve it by calling for MANRS best practices.

Routing security is vital to the future and stability of the Internet, the Internet Society notes. Last year more than 12,000 routing outages or attacks – such as hijacking, leaks, and spoofing – led to stolen data, lost revenue and reputational damage.

A routing leak last year by a Nigerian ISP caused some of Google’s traffic to be misrouted through China resulting in outages in many parts of the world, the organization said, while in June of this year a massive route leak knocked out large parts of the Internet offline for several hours.

Around the world 201 network operators (ISPs) and 34 Internet Exchange Points (IXPs) are either MANRS members or support the program, including Google and Microsoft.

However, of the roughly 1,260 networks in this country only three Canadian ISPs are members — the CANARIE university research network, Clearcable Networks (an ISP consulting firm which also offers carrier voice solution for service providers and a content distribution network) and eBox (a provider which covers parts of southern Ontario). Missing are Tier 1 Internet giants Bell Canada, Rogers Communications, Shaw and Telus.

Two of the nine Canadian IXPs are members (TorIX and Calgary’s YYCIX).

Robchevsky was at a loss to explain why the big providers here aren’t members of MANRS.

“I speak to some big Tier 1s [around the world] and some are afraid, because as MANRS gets more visibility they are afraid of the publicity if there is a security incident,” he said. “Also the bigger the company the more it has to do to comply.”

The Internet Society is working with the Canadian Internet Registry Authority (CIRA), which oversees the .ca domain, to promote MANRS, he said, “but it doesn’t seem to resonate with people in Canada.”

In a statement, CIRA CEO Byron Holland said he is pleased that Observatory has launched. “CIRA is both an ISOC member and an official partner in MANRS, and we encourage network operators of all types to join the initiative.

“As a network operator who is still working to become MANRS compliant ourselves, we know that it isn’t just a matter of flipping a switch. It’s still early days for the initiative, and we know from conversations at the annual CA-IX meeting that Canada’s largely volunteer-led Internet Exchange Points are looking very closely at joining. Going forward there’s no doubt that the MANRS Observatory will help Internet Exchange Point operators keep the global routing system safe and secure against new threats.

“In the meantime, one of the single best ways to improve routing security for Canadian users is to have the country’s major internet service providers become MANRS compliant as soon as possible. Bringing more ISPs into the program would undoubtedly help protect the largest number of internet users against new routing threats and help keep Canada’s internet safe, secure, and stable.”

Asked about the low Canadian support of MANRS Mark Wolff, chief technology officer of CANARIE noted that routing information is key to the operation of any network, so making changes to what may be fundamental routing rules is not taken lightly as it may impact users of that network. “Thus network operators could be somewhat concerned about the impact during the transition to MANRS, and finding the right time to implement it.

“Second, to avoid any such impacts to users in the first place, potentially lengthy detailed analysis and planning is often required, especially for operators with many routes. Not all operators have the personnel to dedicate to implementing MANRS, so that may delay either the decision to implement or the implementation itself.

“Finally, while MANRS makes complete sense in securing routing information, its main beneficiary is the users of the network, not the network operator. So, unfortunately, delaying MANRS implementation does not adversely affect a network operator (the network still works), and thus MANRS does not get the priority it deserves.”

MANRS is seeing steady adoption, Robchevsky said, but more members are needed. More Internet users, he added, need to demand routing security best practices. “The more network operators applying MANRS actions, the fewer incidents happening, the less damage done. Our hope is that the MANRS Observatory will help drive greater participation,” he said.

Exit mobile version