The Mutually Agreed Norms for Routing Security (MANRS) initiative,
supported by the Internet Society, today announced that Microsoft has
joined the program whose primary objective is to reduce the most common
threats to the Internet’s routing system.
Routing security is vital to the future and stability of the Internet.
Last year alone, there
were 12,600 routing outages or incidents such as route hijacking and
leaks that led to large-scale Distributed Denial of Service (DDoS)
attacks, stolen data, lost revenue, reputational damage and more. MANRS
addresses these threats through technical and collaborative action
across the Internet. Those who join MANRS agree to specific actions to
improve the resilience and security of the routing infrastructure to
keep the Internet safe for businesses and consumers alike.
“Microsoft has long been committed to increasing cybersecurity online.
We are therefore excited to be joining the MANRS community in addressing
the very real challenges related to routing security, which impact
businesses and consumers on a daily basis. In addition to having
implemented the existing MANRS framework in our operations, we are also
partnering with Internet Society, the Cybersecurity Tech Accord and
others to examine how actors beyond network operators and IXPs can
effectively contribute to routing security,” said Yousef Khalidi,
Corporate Vice President, Azure Networking
From DDoS attacks and spamming to stolen data, the global routing system
is vulnerable to malicious threats. Whether it’s a planned attack or a
configuration mistake, routing incidents have global impact and in many
cases are difficult to detect.
Last year, a
routing leak by a Nigerian ISP caused some of Google’s traffic to be
misrouted through China causing outages in many parts of the world, and
an ISP from Indonesia hijacked
prefixes of multiple US payment processing companies causing
re-routing of sensitive data for 30 minutes.
“Routing incidents are global in scale with one operator’s routing
problems impacting others. The safety of large network operators such as
Microsoft, as well as the security of the Internet as a whole depends on
routing security,” explains Olaf Kolkman, Chief Internet Technology
Officer for the Internet Society. “The more network operators take the
actions as specified by MANRS, the fewer incidents there will be,
thereby mitigating damage,” he adds.
MANRS comprises simple but concrete steps for network operators that are
essential to improving Internet security and reliability. In joining
MANRS, participants commit to implement actions to address common
challenges related to routing security:
Filtering: prevents the propagation of incorrect routing information.
This technique provides assurance against configuration errors that
can lead to “hijacking” traffic directed to other networks, resulting
in widespread outages.
Anti-spoofing: prevents traffic with spoofed source IP addresses, a
practice that can help dramatically diminish the prevalence and impact
of distributed denial of service (DDoS) attacks.
Coordination: facilitates timely communication and coordination among
peers, which is essential for incident mitigation and better assurance
of the technical quality of relationships.
Global validation: encourages network operators to publish routing
data, which is essential for limiting the scope of routing incidents,
making the global system more resilient.
The first two operational improvements eliminate common routing issues
and attacks, while the second two procedural steps provide a bridge to
universal adoption and decrease the likelihood of future incidents. Most
operators have implemented all four, including Microsoft, while none
have acted on fewer than three.
While MANRS was originally created for network operators, Internet
Exchange Points (IXPs) also have an important role in routing security.
To address the unique needs and concerns of IXPs, the community created
a related but separate set of MANRS actions for IXP members.
For more information on MANRS, visit https://www.manrs.org.
About the Internet Society
Founded by Internet pioneers, the Internet
Society is a non-profit organization dedicated to ensuring the open
development, evolution and use of the Internet. Working through a global
community of chapters and members, the Internet Society collaborates
with a broad range of groups to promote the technologies that keep the
Internet safe and secure, and advocates for policies that enable
universal access. The Internet Society is also the organizational home
of the Internet Engineering Task Force (IETF).