An Overview of our Activities

Internet Society in 2018

Raúl Echeberría

Vice President, Global Engagement

echeberria@isoc.org

22 October 2018

Presentation title – Client name1

Our Mission:

We believe an open, globally-connected, trustworthy, and secure Internet is for everyone.

2

A Campaign Approach to 2018

3

Community Networks

Internet Governance

IoT MANRS

Community Networks

4

Help us connect the unconnected. “Take action to switch on the Internet, community by community.”

The Goal:

We want policy and decision makers to adopt new and innovative approaches to connect people in remote locations to the Internet.

Community networks is an alternate solution as a means of access

Tusheti Region Georgia

Internet Governance

5

Promote collaborative governance “Strengthening collaborative governance for a sustainable

Internet”

The Goal:

We want to expand and enhance the multistakeholder model by critical governments and intergovernmental organizations world-wide. We want a responsible and sustainable Internet that reflects a diverse and inclusive world.

IoT

6

Make our connected world a safer place. “Trust by design”

The Goal:

We want supplies and manufacturers to adopt security and privacy in their IoT devices to protect the network, users, and critical infrastructure from threats.

Safe and secure IoT puts people first.Back our #SecureIt campaign.

ISOC_IoT_A1_Poster01.indd 1 22/08/2018 19:11

MANRS

7

Strengthen the global routing system “Mutually Agreed Norms for Routing Security (MANRS)”

The Goal:

We want network operators to adopt our recommended actions to improve the security of the routing system of the Internet.

The Basics: How Routing Works

8

There are ~60,000 networks (Autonomous Systems) across the Internet, each using a unique

Autonomous System Number (ASN) to identify itself to other networks.

Routers use Border Gateway Protocol (BGP) to exchange “reachability information” - networks

they know how to reach.

Routers build a “routing table” and pick the best route when sending a packet, typically based on

the shortest path.

The Honour System: Routing Issues

9

Border Gateway Protocol (BGP) is based entirely on trust between networks

• No built-in validation that updates are legitimate• The chain of trust spans continents• Lack of reliable resource data

Which Leads To …

Routing Incidents Cause Real World Problems

11

Event Explanation Repercussions Example

Prefix/Route Hijacking

A network operator or attacker impersonates another network operator, pretending that a server or network is their client.

Packets are forwarded to the wrong place, and can cause Denial of Service (DoS) attacks or traffic interception.

The 2008 YouTube hijack

Route Leak A network operator with multiple upstream providers (often due to accidental misconfiguration) announces to one upstream provider that is has a route to a destination through the other upstream provider.

Can be used for traffic inspection and reconnaissance.

September 2014. VolumeDrive

began announcing to Atrato nearly

all the BGP routes it learned from

Cogent causing disruptions to

traffic in places as far-flung from

the USA as Pakistan and Bulgaria.

IP Address Spoofing

Someone creates IP packets with a false source IP address to hide the identity of the sender or to impersonate another computing system.

The root cause of reflection DDoS attacks

March 1, 2018. Memcached

1.3Tb/s reflection-

amplificationattack reported by

Akamai

12

The Solution: Mutually Agreed Norms for Routing Security (MANRS) Provides crucial fixes to eliminate the most common routing threats

13

Mutually Agreed Norms for Routing Security

MANRS defines four simple but concrete actions that network operators must implement to dramatically improve Internet security and reliability.• The first two operational improvements eliminate the root causes of common routing issues and

attacks, while the second two procedural steps improve mitigation and decrease the likelihood of future incidents.

CoordinationFacilitate global

operational communication and

coordination between network operators

Maintain globally accessible up-to-date contact

information in common routing databases

Anti-spoofingPrevent traffic with spoofed source IP

addresses

Enable source address validation for at least single-

homed stub customer networks, their own end-users, and infrastructure

MANRS Actions

FilteringPrevent propagation of

incorrect routing information

Ensure the correctness of your own announcements and announcements from

your customers to adjacent networks with prefix and AS-

path granularity

Global ValidationFacilitate validation of

routing information on a global scale

Publish your data, so others can validate

14

15

The IXP ProgrammeLaunched April 23, 2018

IXPs and Interconnection.

16

Primary role

• Keep local Internet traffic within local infrastructure and reduce costs associated with traffic exchange between networks.

• Improve the quality of Internet services and drive demand by reducing delay and improving end-user experience.

• Create a convenient hub for attracting key Internet infrastructures within countries.

• Act as a catalyst for overall Internet development including commercial, governmental and academic stakeholders.

Collective responsibility

Reaping the benefits of ICT is dependent on reducing Internet connectivity and bandwidth costs, improving infrastructure, and improving quality of service to all Internet users.

The responsibility now rests on ISPs, governments, businesses, and consumers. Collectively we must press for faster roll out of the ICT infrastructure and services that are foundational to our dreams of building a Caribbean

internetsociety.org@internetsociety

Thank you.

Galerie Jean-Malbuisson 15 CH-1204 GenevaSwitzerland+41 22 807 1444

11710 Plaza America DriveSuite 400Reston, VA 20190 USA +1 703 439 2120

17

.internetsociety.org@internetsociety

Get involved.

Galerie Jean-Malbuisson 15 CH-1204 GenevaSwitzerland+41 22 807 1444

11710 Plaza America DriveSuite 400Reston, VA 20190 USA +1 703 439 2120

There are many ways to support the Internet. Find out today how you can make an impact.

18

internetsociety.org@internetsociety

Involúcrate.

Galerie Jean-Malbuisson 15 CH-1204 GenevaSwitzerland+41 22 807 1444

11710 Plaza America DriveSuite 400Reston, VA 20190 USA +1 703 439 2120

19