Skip to main content
  • State of the Internet

Why MANRS are important

Right now, the internet is comparable to the Wild West. It is open and free, making it fantastic for business and collaboration, but also vulnerable to outlaws who are eager to commit malicious attacks and misconfiguration caused by human error. There is a lack in best practice implementation of security protocol making the internet's routing system vulnerable to routing leaks and IP address spoofing - but this doesn't need to be the case.
By Jacques Latour
Chief technology officer

Right now, the internet is comparable to the Wild West. It is open and free, making it fantastic for business and collaboration, but also vulnerable to outlaws who are eager to commit malicious attacks and misconfiguration caused by human error. There is a lack in best practice implementation of security protocol making the internet’s routing system vulnerable to routing leaks and IP address spoofing – but this doesn’t need to be the case.

Right now, the internet is comparable to the Wild West. It is open and free, making it fantastic for business and collaboration, but also vulnerable to outlaws who are eager to commit malicious attacks and misconfiguration caused by human error. There is a lack in best practice implementation of security protocol making the internet’s routing system vulnerable to routing leaks and IP address spoofing – but this doesn’t need to be the case.

In an effort to enforce good manners on the internet and across the globe, the Internet Society (ISOC) has introduced MANRS, a commitment by network operators to improve the global routing system.

ISOC is an international non-profit that advances the internet as a global technical infrastructure, a resource to enrich people’s lives and a force for good in society. In 2014, they launched the Mutually Agreed Norms for Routing Security, or MANRS. Based on existing best practices in the industry, MANRS is a promise on behalf of network operators around the world to clean up their part of the Wild West and improve the security of the global routing system.

Operators who choose to adopt MANRS commit to a variety of security protocols that prevent the circulation of incorrect routing information, prevent traffic with spoofed IP addresses and encourage the validation of global routing information.

MANRS helps in four ways. Many operators are already doing their part but there is a disconnect between them and the broader network. For the most part, they aren’t aware where they are vulnerable or that a solution exists. The purpose of MANRS is address these gaps by prompting network operators to review and revise their protocols in whichever four categories they need to improve. According to ISOC, the four categories are the following:

  1. Filtering: Prevent propagation of incorrect routing information
  2. Anti-spoofing: Prevent traffic with spoofed source IP addresses
  3. Coordination: Facilitate global operational communication and coordination between network operators
  4. Global Validation: Facilitate validation of routing information on a global scale

MANRS is a great initiative, and one that we desperately need, but it will require a community effort across the globe to implement change. I encourage everyone in Canada, or across the world for that matter, to reach out to your internet service provider and ask them what they are doing to address vulnerabilities and improve the global routing system. At CIRA, we’re about to embark on our own journey with MANRS by looking inwards and identifying where we can implement MANRS’ best practices.

About the author
Jacques Latour

As an expert in developing innovative, leading-edge IT solutions, Jacques has established CIRA as a global leader among ccTLD registries. He has 25+ years of experience in the private and not-for-profit sectors and as CIRA’s CTO,is currently leading CIRA Labs, CIRA’s innovation hub and providing leadership and direction for the management and security of the .CA registry and its underlying DNS.

A visionary in the Internet community, Jacques led the development of CIRA’s Internet Performance Test, is an outspoken advocate for the adoption of IPv6 and represents the .CA registry internationally as a member of a variety of working groups and advisory groups. He is committed to the development of a new Canadian Internet architecture. He has served as the catalyst for the creation of a national Canadian IXP association, CA-IX, and is a member of the Manitoba Internet Exchange’s (MBIX) and the DNS-OARC Board of Directors.  Jacques is also a member of ICANN’s Security and Stability Advisory Committee (SSAC).

Jacques holds an Electronics Engineering Technologist diploma from Algonquin College, is ITIL v3 Foundation certified and is a certified Agile ScrumMaster.

Loading…