Home / Blogs

Verisign Expands MANRS Relationship to Strengthen Global Routing Security

Verisign has been involved with an initiative known as Mutually Agreed Norms for Routing Security, or MANRS, since its inception. MANRS, which is coordinated by the Internet Society, focuses on strengthening the security and resiliency of IP networks throughout the world by identifying and providing best practices for mitigating common routing security threats.

MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. Since then, with the help of Verisign and other MANRS participants, the initiative has grown to also include content delivery networks (CDN) and cloud providers.

Recently, Verisign deepened its commitment to MANRS by becoming an official participant in its newly launched CDN and Cloud Programme, along with several prominent technology companies, including Google, Microsoft, and AWS. This program is comprised of five mandatory, and one optional, security-strengthening participant actions. The five mandatory actions that every MANRS CDN participant must implement are:

  1. Prevent propagation of incorrect routing information: Ensure correctness of own announcements; ensure correctness of announcements of their peers (non-transit) by implementing explicit (whitelist) filtering with prefix granularity.
  2. Prevent traffic with illegitimate source IP addresses: Implement anti-spoofing controls to prevent packets with illegitimate source IP address from leaving the network (egress filters).
  3. Facilitate global operational communication and coordination: Maintain globally accessible up-to-date contact information in PeeringDB and relevant Regional Internet Registry (RIR) WHOIS databases.
  4. Facilitate validation of routing information on a global scale: Publicly document ASNs and prefixes that are intended to be advertised to external parties. Two main types of repositories are Internet Routing Registries (IRRs) and Resource PKI (RPKI). The requirement is to publish this information in at least one of these repositories, (publication of information in one or more IRRs may be appropriate), a recommendation is to maintain in both.
  5. Encourage MANRS adoption: Actively encourage MANRS adoption among their peers.

As a responsible, security-focused network operator and cloud service provider, Verisign endeavors to assist with the development of and follow industry best practices on filtering non-valid and reserved space from its peers, in addition to implementing anti-spoofing controls at all of its borders. Verisign also maintains up-to-date contact information in the PeeringDB and relevant RIR databases as well as accurate routing information in the IRRs. Finally, Verisign personnel actively promote MANRS adoption at conferences and industry meetings.

Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains. Routing security is of the utmost importance to Verisign's mission and, as an early participant in the MANRS Network Operator Program, Verisign remains fully supportive of this initiative and its efforts to promote a culture of collective responsibility, collaboration, and coordination among network peers in the global internet routing system.

Click here to learn more about the MANRS initiative.

By Yong Kim, Vice President of Cyber Strategy and Research at Verisign – He leads engineers and researchers focused on cybersecurity initiatives in support of Verisign's operational security and overarching mission objectives. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex

IP Addressing

Sponsored byIPv4.Global

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign