ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience
-
Upload
internet-technology-matters-internet-society -
Category
Technology
-
view
140 -
download
3
Transcript of ISOC Efforts in Collaborative Responsibility Toward Internet Security and Resilience
www.internetsociety.org
What do we know about routing resilience and how to make it better? Internet Society
The Challenge
Economic factors– Externalities, information asymmetry, free riding
Technical factors– Technology building blocks
– Common understanding of the problem
– Common understanding of solutions
Social factors
– Collective responsibility
– Collaborative spirit
Global Internet Routing Infrastructure
Our global commons
– We all depend on and benefit from it
Far reaching effects
– Configuration errors, malicious actors
– Example: Indosat event
Interconnectivity and interdependence– “Inward” and “Outward” risks
– Example: 300Gbps attack on Spamhaus
www.internetsociety.org
Routing resilience survey
How “risky” is the global routing system?
How often do incidents happen?– Routing Resilience Measurements Workshop
http://www.internetsociety.org/doc/report-routing-resiliency-measurements-workshop
– Frequency very much depends on the threshold for false positives
What is the impact?– Data are missing, sensitive or not collected at all
– Risk assessment is a guess at best
Is your network affected?
– Detect incidents
– Eliminate false positives
– Assess the impact
Are you adequately protected?
https://www.internetsociety.org/rrs/
Data collection
Network Information– Once, during the initial sign up.– Network type, connectivity, and practices used in mitigating routing security incidents. It should take approximately 10-15 minutes to fill out the registration form.
Data related to routing security incidents via an automated monitoring effort
– On first login a “historical” overview will be presented, listing detected suspicious events over last 6-12 months
– After that once a week newly detected suspicious events are collected and displayed in the portal
– Participants are asked to validate and classify these events Impact: severe, moderate, insignificant, not an incident
Detection: monitoring system, customer call, this alert
Evidence based risk analysis
64500
64500
64500
64500
64500
64500
Evidence based risk analysis
64500
64500
64500
64500
64500
64500
Check and Classify
Confidentiality concerns
We understand the sensitivity of some of the data involved in this effort. Therefore, the Internet Society is committed to ensuring participant-specific information remains confidential.
All data collected is stored on Internet Society servers. Any information or analyses shared beyond a specific network will be fully anonymized.
Some statistics: participation
4 months
24 participants
311 networks
442 events registered
264 events classified
0
5
10
15
20
25
30
35
408/28/11
9/28/11
10/28/11
11/28/11
12/28/11
1/28/12
2/28/12
3/28/12
4/28/12
5/28/12
6/28/12
7/28/12
8/28/12
9/28/12
10/28/12
11/28/12
12/28/12
1/28/13
2/28/13
3/31/13
4/30/13
5/31/13
6/30/13
7/31/13
8/31/13
9/30/13
10/31/13
11/30/13
12/31/13
1/31/14
Unknown
Not an incident
Insignificant
Moderate
Severe
Impact severity
Impact severity (II)
1%3%
6%
42%48% Severe
Moderate
Insignifcant
Unknown
Not an incident
How did you learn about the event?
NMS Alert
Customer Call
RRS Alert
Not an incident
Interested in Participating?
If you decide to participate, please send a request for the creation of your account to [email protected].
In the request please indicate – your AS number and – e-mail address for notifications.
You may also include AS numbers of your customers for which you would like to monitor and classify related security incidents.
www.internetsociety.org
Collective responsibility and collaboration for Routing Resilience and Security
Routing Resilience Manifesto
- Principles of addressing issues of routing resilience- Interdependence and reciprocity (including collaboration)
- Commitment to Best Practices
- Encouragement of customers and peers
- Guidelines indicating the most important requirements- BGP Filtering
- Anti-spoofing
- Coordination and collaboration
Anti-spoofing movement
spoofed traffi c
normal traffi c
Networks not allowing IP-spoofing
test ing site
Objectives
•Raise awareness and encourage actions by demonstrating commitment of the growing group of supporters
•Demonstrate industry ability to address complex issues
•Provide guidance