filmov
tv
Internet Routing and Traffic Security – A view from Cloud and CDN Providers
Показать описание
Routing and traffic security is one of the top challenges faced by the Internet today. A reliable and secure Internet is essential for society, but the trust model on which connectivity is based has eroded through BGP hijacks, routing misconfigurations, and DDoS attacks. While the Internet community has pursued several practical mechanisms to protect the Internet from these vulnerabilities, it is clear that the pace of adoption and deployment needs to increase further. Cloud and CDN providers are subject to these same issues, and also have some unique challenges that have led to collaborations in forums such as MANRS to introduce additional best practices. This session includes perspectives from several cloud and content providers to share their progress and experience implementing routing and traffic security to protect the Internet, and highlight how they are working with the wider Internet community toward the same goal.
Presentation 1: Internet Society
Title: Decentralized security of a globally distributed system: challenges and opportunities”
Speaker: Andrei Robachevsky
Summary/Abstract: The talk will discuss a broader question of challenges and opportunities of solving security problems of a decentralized and globally distributed system, such as Internet routing. MANRS, launched in 2014 by 9 network operators, has grown to more than 800 participants, covering 4 programs focused on network operators, IXPs, CDN& Cloud providers and network equipment vendors. What is the most effective way participants from these groups can contribute to better routing security? What are the incentives, material and immaterial, for doing so? The presentation will discuss the efficacy of the approach and its sustainability, as well as the efforts to improve both. In particular, it will talk about developing another tier - MANRS+ aimed at providing higher security assurance, especially in business-to-business relationships and handing the effort, initially coordinated by the Internet Society, fully to the community.
Presentation 2: Google
Title: A multi-pronged approach for securing Internet routing
Speaker: Anees Shaikh
Summary/abstract:
Protecting networks and users from Internet routing disruptions cannot be achieved with a single “silver bullet” solution – the threats are varied, and require development and deployment of multiple technical capabilities. Google has deployed a combination of mechanisms, including route filtering systems, public registrations to enable correctness checks by other networks, and monitoring systems that provide early detection when routes are hijacked. We have also emphasized collaboration with the wider Internet operator community to improve data hygiene to enable all networks to deploy practical security mechanisms.
Presentation 3: Amazon
Title: How AWS is helping to secure internet routing
Speaker: Fredrik Korsbäck
Summary/Abstract: To help put an end to BGP hijacking, AWS has been working closely with other industry leaders to make an industry-wide standard practice the use of Resource Public Key Infrastructure (RPKI) to digitally sign route announcements. This is not a simple process, and it has taken lots of time, effort, and cooperation. We are happy to have over 99% of our IPv4 and IPv6 -Space covered under a Route Origination Authorization for two years, and that we are right now dropping RPKI invalid routes in every single Point-of-Presence for AS16509. In this talk we will look at how we did it and what we believe the future holds.
Presentation 4: Microsoft
Title: Building reliable RPKI infrastructure for large scale networks and Protect network against DDoS.
Speaker: Somesh Chaturmohta
Summary / abstract
Microsoft operates one of the largest global networks in the world, connecting over 190 Microsoft Edge (PoP) locations and 61+ Azure regions. Protecting the Internet on this large scale network comes with unique challenges. In this talk, we talk about how at Microsoft we have deployed a reliable RPKI infrastructure and steps we are taking to protect the network against DDoS.
Presentation 1: Internet Society
Title: Decentralized security of a globally distributed system: challenges and opportunities”
Speaker: Andrei Robachevsky
Summary/Abstract: The talk will discuss a broader question of challenges and opportunities of solving security problems of a decentralized and globally distributed system, such as Internet routing. MANRS, launched in 2014 by 9 network operators, has grown to more than 800 participants, covering 4 programs focused on network operators, IXPs, CDN& Cloud providers and network equipment vendors. What is the most effective way participants from these groups can contribute to better routing security? What are the incentives, material and immaterial, for doing so? The presentation will discuss the efficacy of the approach and its sustainability, as well as the efforts to improve both. In particular, it will talk about developing another tier - MANRS+ aimed at providing higher security assurance, especially in business-to-business relationships and handing the effort, initially coordinated by the Internet Society, fully to the community.
Presentation 2: Google
Title: A multi-pronged approach for securing Internet routing
Speaker: Anees Shaikh
Summary/abstract:
Protecting networks and users from Internet routing disruptions cannot be achieved with a single “silver bullet” solution – the threats are varied, and require development and deployment of multiple technical capabilities. Google has deployed a combination of mechanisms, including route filtering systems, public registrations to enable correctness checks by other networks, and monitoring systems that provide early detection when routes are hijacked. We have also emphasized collaboration with the wider Internet operator community to improve data hygiene to enable all networks to deploy practical security mechanisms.
Presentation 3: Amazon
Title: How AWS is helping to secure internet routing
Speaker: Fredrik Korsbäck
Summary/Abstract: To help put an end to BGP hijacking, AWS has been working closely with other industry leaders to make an industry-wide standard practice the use of Resource Public Key Infrastructure (RPKI) to digitally sign route announcements. This is not a simple process, and it has taken lots of time, effort, and cooperation. We are happy to have over 99% of our IPv4 and IPv6 -Space covered under a Route Origination Authorization for two years, and that we are right now dropping RPKI invalid routes in every single Point-of-Presence for AS16509. In this talk we will look at how we did it and what we believe the future holds.
Presentation 4: Microsoft
Title: Building reliable RPKI infrastructure for large scale networks and Protect network against DDoS.
Speaker: Somesh Chaturmohta
Summary / abstract
Microsoft operates one of the largest global networks in the world, connecting over 190 Microsoft Edge (PoP) locations and 61+ Azure regions. Protecting the Internet on this large scale network comes with unique challenges. In this talk, we talk about how at Microsoft we have deployed a reliable RPKI infrastructure and steps we are taking to protect the network against DDoS.
1:28:56
0:11:18
0:06:14
0:19:40
0:46:28
0:03:10
0:03:10
0:12:31
1:17:46
0:14:39
0:06:26
0:54:29
0:05:28
![[WEBINAR] How CloudFlare](https://i.ytimg.com/vi/JNSgCzyF5q4/hqdefault.jpg)
0:38:24
0:06:33
0:12:27
0:05:39
0:20:27
0:06:11
0:23:20
0:00:44
0:06:21
0:16:37
0:45:31