kentoh - Fotolia
Major cloud suppliers and content delivery network (CDN) providers have joined a global initiative supported by the Internet Society to address security threats to internet routing systems.
Dubbed Mutually Agreed Norms for Routing Security (Manrs), the initiative calls for participants to take six specific actions to improve the resiliency and security of the routing infrastructure.
These actions, of which five are mandatory, include stopping incorrect routing from being propagated, preventing traffic of illegitimate source IP addresses and validating routing information on a global scale, among others.
The latest Manrs participants include Akamai, Amazon Web Services, Azion, Cloudflare, Google and Microsoft. The Internet Society said a number of other companies will also be joining the initiative soon.
CDNs and cloud providers help companies serve content and access online services by delivering it in a distributed manner, often from locations close to users.
They typically exchange traffic – in what is known as peering – with thousands of other networks to enable traffic to flow more efficiently around the world, making them key participants in the internet’s interconnection infrastructure.
But cyber criminals have found ways to manipulate how internet traffic is routed to launch attacks, such as a distributed denial of service (DDoS), by violating the underlying assumptions related to identity that are implicit in the routing, naming and addressing systems.
The participation of cloud and CDN suppliers in Manrs follows a World Economic Forum report released in January 2020 that called for internet service providers (ISPs) to join the initiative.
“The Manrs community can leverage the new participants’ unique roles in the internet routing system, in particular their vast peering value, for the benefit of a more secure internet,” said Andrei Robachevsky, the Internet Society’s senior director for technology programmes.
“The CDN and cloud community is integral to the internet ecosystem, and by joining Manrs, they are joining a community of ISPs and internet exchange points committed to making the global routing infrastructure more secure,” he added.
Christian Kaufmann, Akamai’s vice-president for network technology, said being Manrs compliant improves the company’s routing security capabilities while potentially helping other networks to improve theirs, too.
Cloudflare, a long-time proponent of better internet routing security, has been campaigning for the industry to adopt Manrs.
“Route leaks have a cascading negative impact on businesses, and coordinated action is needed by the internet infrastructure community to improve the security, resilience, and reliability of networks,” said John Graham-Cumming, chief technology officer at Cloudflare.
Read more about network security
- New centre in Melbourne will meet growing demand for scrubbing services to mitigate the impact of distributed denial of service attacks in Australia.
- Fake content delivery networks and ngrok servers are being pressed into service to obscure credit card skimming activities.
- Prudential is turning to artificial intelligence to protect its computer networks in the US, Asia and Africa from malware hackers and internal threats.
- A BGP routing security flaw enabled unknown threat actors to steal cryptocurrency by hijacking internet routing and rerouting traffic to a phishing site in Russia.