Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Securing Border Gateway Protocol (BGP)

Developing Good BGP Neighbour Relationships @ APRICOT 2019

Routing Security is featuring heavily on the APRICOT 2019 programme, which is being held on 23-28 February 2019 in Daejeon, South Korea. This helps build on the MANRS initiative being supported by the Internet Society,

On Wednesday, 27 February (09.30-13.00 UTC+9) there will be a Routing Security session that will discuss the latest problems, developments, and how routing security measures can be implemented. Speakers include Job Snijders (NTT) who’ll be discussing changes to BGP in the coming 18 months; Töma Gavrichenkov (Qrator Labs) on how BGP hijacks can be used to compromise the digital certificates used to secure online transactions; and from Anurag Bhatia (Hurricane Electric) who’ll analyse the top misused ASNs.

During the second part of the session, Tashi Puntsho (APNIC) will cover the practical issues and implications of deploying your own RPKI Certificate Authority; Tim Bruijnzeels (NLnet Labs) will discuss the use of route servers at Internet Exchange Points; whilst Ed Lewis (ICANN) will discuss the issues with using the RIR Whois databases.

Following on from this, our colleague Andrei Robachevsky will be raising awareness of the MANRS Initiative during the FIRST Technical Colloquium (16.30-18.00 UTC+9).

FIRST is the global organisation of Computer Security and Incident Teams (CSIRTs) which are often in the front line when network security incidents occur, but are also involved in implementing preventative measures and capacity building. MANRS therefore considers CSIRTs to be important partners in improving the security and resilience of the global routing system, as well as providing input and feedback on the MANRS Observatory that is being developed to provide analysis of the state of the security and resilience of the routing system.

The Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) is the largest international Internet conference in the region, drawing network engineers, operators, researchers, service providers, users and policy communities from over 50 countries to teach, present, and develop relationships. Other Asia-Pacific networking organisations also use the opportunity to meet, in order to share knowledge required to operate the Internet.

If you’re interested in attending then it’s still possible to register at

Alternatively, if you’re unable to make it in person, then the sessions can be followed via webcast.

Further Information

Deploy360 Improving Technical Security Internet of Things (IoT) Mutually Agreed Norms for Routing Security (MANRS) Securing Border Gateway Protocol (BGP)

FIRST/TF-CSIRT: The Changing Face of Cybersecurity

The Internet Society was recently approved as a Liaison Member of TF-CSIRT, the European Forum for Computer Security Incident Response Teams, and therefore took the opportunity to participate in the FIRST/TF-CSIRT Symposium that was held 5-7 February 2018 in Hamburg, Germany.

The Internet Society continues to support organisations and activities concerned with maintaining the safety, stability and security of the Internet, and our colleague Kevin Meynell is already known within the TF-CSIRT community having run the forum between 2008 and 2012 and overseen its transition from a grouping of primarily academic CSIRTs to a wider industry body encompassing more than 160 National, Government, Military and Commercial CSIRTs, as well as those in academia.

TF-CSIRT meets three times per year, but starting in 2008 the first meeting of the year has always been held jointly with FIRST, the global Forum of Incident Response and Security Teams. This provides an opportunity for the European CSIRTs to meet with their counterparts around the world to exchange information, and develop the networks of trust that are critical to effective cooperation in handling cyber incidents when they occur, but also in development of early warning and prevention techniques.

And a number of the presentations had particular resonance with the Internet Society’s campaigns to improve the security of the BGP routing system and the Internet-of-Things.

The ShadowServer Foundation is an organisation of volunteers that gathers and analyses data on botnets and malware propagation. The collected data is sent to National CSIRTs and network owners via a daily free remediation feed, and has been used to support law enforcement investigations. The talk by Piotr Kijewski focused on how ShadowServer operates, what data it collects, and its achievements in taking down botnets.

Gaus Rajnovic (Panasonic PSIRT) provided further insight into how the evolution of devices into smart devices connected to services has potentially increased the number of vulnerabilities and potential attack vectors on the Internet, and this has greatly increased the challenges for CSIRTs, especially in those industries that are traditionally less focused around the Internet.

One such response is CERT@VDE that has been established on behalf of the German Association for Electrical, Electronic & Information Technologies. This focuses on offering CSIRT services to small and medium-sized enterprises to address the gap in trust and capabilities in security as industrial automation increasingly moves onto the Internet.

Jose Vila and Javier García Hernández (CSIRT-CV/S2 Grupo CERT) highlighted the challenges of using open source software for running an Intrusion Detection System (incidentally based on PF_RING which came out of another project I was involved with back in 2005!) as more devices connect to the network and more bandwidth is consumed. This necessitated a new build on a Cluster of Suricata machines which has allowed the 10 Gb/s barrier to be reached with commodity hardware, as well as improving detection capacities.

On a similar theme, Peter Kleinert (Binconf CDC) discussed how open source source vulnerability scanners can be combined into multiple hardened clusters designed to scan for vulnerabilities in networks consisting of many subnets in multiple locations. This included collection and analysis of logs, monitoring of hardware and software, and also secure offline updating.

ENISA, the EU Agency for Network and Information Security, also announced that it has established a task force with the view to developing a common reference taxonomy of incidents.

Finally, another important announcement from the International Cybersecurity Initiatives team at CERT/CC (the original CSIRT) was the extension of their capacity building activities from East Asia and Sub-Saharan Africa to Eastern Europe. This focuses on their National CSIRT Development Mentoring Framework that describes a standard set of activities to be performed by a National CSIRT whilst identifying the specific circumstances in each country.

Further Information