Collective responsibility for security and resilience of the global routing s...APNIC
This document discusses collective responsibility for security and resilience of the global routing system. It outlines problems with the current routing system like prefix hijacking and IP spoofing. It then introduces the Mutually Agreed Norms for Routing Security (MANRS) initiative, which defines a minimum set of actions and best practices around routing security that network operators can commit to. This includes preventing propagation of incorrect routing information, preventing traffic with spoofed source IP addresses, and facilitating global operational communication between network operators. The goal of MANRS is for network operators to commit to and implement these actions to improve the security and stability of the global routing system.
Presentation given by Fakrul Alam, APNIC Senior Training Officer, at the Indonesian Network Information Centre’s Open Policy Meeting (IDNIC OPM) held in Batam, Indonesia from 30 to 31 May 2016
The document discusses improving the quality of APNIC's Whois database. It provides information on APNIC's initiatives to bulk update contact information in MyAPNIC and remove orphaned objects. Members are encouraged to contribute by keeping their resource usage and contact data up to date. The document also discusses RPKI and the benefits of generating Route Origin Authorizations (ROAs), including preventing accidental hijacking and verifying authorized prefix announcements. Statistics on ROA adoption in the Asia-Pacific region are presented.
Collective responsibility for security and resilience of the global routing s...APNIC
This document discusses collective responsibility for security and resilience of the global routing system. It outlines problems with the current routing system like prefix hijacking and IP spoofing. It then introduces the Mutually Agreed Norms for Routing Security (MANRS) initiative, which defines a minimum set of actions and best practices around routing security that network operators can commit to. This includes preventing propagation of incorrect routing information, preventing traffic with spoofed source IP addresses, and facilitating global operational communication between network operators. The goal of MANRS is for network operators to commit to and implement these actions to improve the security and stability of the global routing system.
Presentation given by Fakrul Alam, APNIC Senior Training Officer, at the Indonesian Network Information Centre’s Open Policy Meeting (IDNIC OPM) held in Batam, Indonesia from 30 to 31 May 2016
The document discusses improving the quality of APNIC's Whois database. It provides information on APNIC's initiatives to bulk update contact information in MyAPNIC and remove orphaned objects. Members are encouraged to contribute by keeping their resource usage and contact data up to date. The document also discusses RPKI and the benefits of generating Route Origin Authorizations (ROAs), including preventing accidental hijacking and verifying authorized prefix announcements. Statistics on ROA adoption in the Asia-Pacific region are presented.
APNIC Foundation CEO Duncan Macintosh gave an update on APNIC's activities and new service initiatives at the offical launch of the PNG IXP in Port Moresby on 17 May 2017.
Enhancing security incident response capabilities in the AP APNIC
APNIC Security Specialist Adli Wahid highlights APNIC’s contribution to improving incident response capabilities in the region through training and capacity development, engagement with LEAs and CERTs, and collaboration with partners such as APCERT.
This document discusses the need for governments to support IPv6 adoption through policy in order to ensure continued growth of the Internet. It notes that IPv4 addresses are exhausted, requiring a transition to IPv6. Government policies can mandate IPv6 readiness in procurement and develop transition roadmaps. Partnerships between government and industry are important, as is supporting IPv6 training to build capacity. Leading by example in adopting IPv6 can encourage broader deployment.
APNIC is a not-for-profit organization that provides Internet resources like IP addresses and autonomous system numbers to the Asia Pacific region. It serves 56 economies and oversees the distribution of IPv4, IPv6, and ASNs. APNIC offers services like resource distribution, DNS delegation, training programs, and facilitates policy development for the region. Becoming an APNIC member provides benefits like access to registry services, training opportunities, and participation in technical conferences.
This document discusses Internet infrastructure and provides an overview of Internet connectivity. It describes how data is sent over the Internet using packets with source and destination IP addresses. Autonomous systems (ASes) are groups that share a routing policy and each has a unique AS number. Visualizations show global and regional Internet connectivity between ASes. South Asia networks in countries like India, Pakistan, and Bangladesh are depicted. The presentation looks ahead to future trends of growing edge networks and new technologies changing Internet interconnections.
Presented by Klée Aiken at the 54th Asia Pacific Economic Cooperation Telecommunications and Information Working Group held in Kyoto, Japan from 31 October to 4 November.
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
Discussion of cybersecurity opportunities and challenges and how APNIC can assist with RPKI, DNSSEC, and BCP 38 implementation to help secure the Internet's infrastructure.
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]APNIC
CERT Australia began tracking an international ransomware campaign targeting Australia in late 2013. The campaign used localized email lures and shifted infrastructure rapidly to evade detection. It affected a large number of organizations across all sectors throughout 2014 and into 2015. The ransomware encrypted files on devices and network shares, then demanded ransom in bitcoin for decryption.
The document discusses the background and current situation regarding the IANA stewardship transition process. It provides an overview of the key stakeholders and relationships. It then presents a draft proposal from the RIRs perspective for transitioning the IANA functions away from NTIA stewardship, focusing on maintaining technical stability, ICANN continuing as operator under new accountability mechanisms, and entering new agreements between ICANN and the RIRs.
CNNIC Update, by Jessica Shen [APNIC 38 / NIR SIG]APNIC
CNNIC provides an update on its member growth, IPv4 and IPv6 allocation, China's internet statistics, .CN domain names, and SSL certificates. The number of CNNIC members has reached 645, with 1/3 of new members in cloud computing. CNNIC has allocated over 297,000 /24 IPv4 addresses and portions of 3 /21 IPv6 blocks. China has over 632 million internet users and its .CN domain registration is nearly 100% real-name based. CNNIC provides trusted SSL certificates and looks to expand this service.
ITU-APNIC collaboration on the transition from IPv4 to IPv6APNIC
APNIC Development Director Duncan Macintosh presented on the collaboration activities between the ITU and APNIC on IPv6 capacity development in developing economies at the ICTs for smart, sustainable Asia Pacific in Manila, from 6 to 7 June 2016.
This document provides updates from APNIC on membership statistics, IPv4 and IPv6 address delegations for Bhutan and other regions, autonomous system number assignments, improvements to the APNIC Whois service and MyAPNIC portal, training activities, community engagement initiatives, survey results on the quality of APNIC services, efforts to improve communication, and the state of IPv6 adoption in Bhutan. It highlights projects to expand internet infrastructure and connectivity in developing parts of Asia and the growing importance of wireless and mobile broadband access using 4G/LTE technology.
APNIC Member Services Manager Vivek Nigam gives an update on RPKI initiatives and upcoming improvements at SANOG 38, held with npNOG 6 in Kathmandu, Nepal from 18 to 22 July 2022.
APNIC Senior Internet Resource Analyst Elly Tawhai gives an update on RPKI initiatives at PacNOG 30, held in a hybrid format from 8 to 12 August 2022 in Suva, Fiji.
APNIC Foundation CEO Duncan Macintosh gave an update on APNIC's activities and new service initiatives at the offical launch of the PNG IXP in Port Moresby on 17 May 2017.
Enhancing security incident response capabilities in the AP APNIC
APNIC Security Specialist Adli Wahid highlights APNIC’s contribution to improving incident response capabilities in the region through training and capacity development, engagement with LEAs and CERTs, and collaboration with partners such as APCERT.
This document discusses the need for governments to support IPv6 adoption through policy in order to ensure continued growth of the Internet. It notes that IPv4 addresses are exhausted, requiring a transition to IPv6. Government policies can mandate IPv6 readiness in procurement and develop transition roadmaps. Partnerships between government and industry are important, as is supporting IPv6 training to build capacity. Leading by example in adopting IPv6 can encourage broader deployment.
APNIC is a not-for-profit organization that provides Internet resources like IP addresses and autonomous system numbers to the Asia Pacific region. It serves 56 economies and oversees the distribution of IPv4, IPv6, and ASNs. APNIC offers services like resource distribution, DNS delegation, training programs, and facilitates policy development for the region. Becoming an APNIC member provides benefits like access to registry services, training opportunities, and participation in technical conferences.
This document discusses Internet infrastructure and provides an overview of Internet connectivity. It describes how data is sent over the Internet using packets with source and destination IP addresses. Autonomous systems (ASes) are groups that share a routing policy and each has a unique AS number. Visualizations show global and regional Internet connectivity between ASes. South Asia networks in countries like India, Pakistan, and Bangladesh are depicted. The presentation looks ahead to future trends of growing edge networks and new technologies changing Internet interconnections.
Presented by Klée Aiken at the 54th Asia Pacific Economic Cooperation Telecommunications and Information Working Group held in Kyoto, Japan from 31 October to 4 November.
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
Discussion of cybersecurity opportunities and challenges and how APNIC can assist with RPKI, DNSSEC, and BCP 38 implementation to help secure the Internet's infrastructure.
Tracking cyber kidnappers by Andrew Clark [APRICOT 2015]APNIC
CERT Australia began tracking an international ransomware campaign targeting Australia in late 2013. The campaign used localized email lures and shifted infrastructure rapidly to evade detection. It affected a large number of organizations across all sectors throughout 2014 and into 2015. The ransomware encrypted files on devices and network shares, then demanded ransom in bitcoin for decryption.
The document discusses the background and current situation regarding the IANA stewardship transition process. It provides an overview of the key stakeholders and relationships. It then presents a draft proposal from the RIRs perspective for transitioning the IANA functions away from NTIA stewardship, focusing on maintaining technical stability, ICANN continuing as operator under new accountability mechanisms, and entering new agreements between ICANN and the RIRs.
CNNIC Update, by Jessica Shen [APNIC 38 / NIR SIG]APNIC
CNNIC provides an update on its member growth, IPv4 and IPv6 allocation, China's internet statistics, .CN domain names, and SSL certificates. The number of CNNIC members has reached 645, with 1/3 of new members in cloud computing. CNNIC has allocated over 297,000 /24 IPv4 addresses and portions of 3 /21 IPv6 blocks. China has over 632 million internet users and its .CN domain registration is nearly 100% real-name based. CNNIC provides trusted SSL certificates and looks to expand this service.
ITU-APNIC collaboration on the transition from IPv4 to IPv6APNIC
APNIC Development Director Duncan Macintosh presented on the collaboration activities between the ITU and APNIC on IPv6 capacity development in developing economies at the ICTs for smart, sustainable Asia Pacific in Manila, from 6 to 7 June 2016.
This document provides updates from APNIC on membership statistics, IPv4 and IPv6 address delegations for Bhutan and other regions, autonomous system number assignments, improvements to the APNIC Whois service and MyAPNIC portal, training activities, community engagement initiatives, survey results on the quality of APNIC services, efforts to improve communication, and the state of IPv6 adoption in Bhutan. It highlights projects to expand internet infrastructure and connectivity in developing parts of Asia and the growing importance of wireless and mobile broadband access using 4G/LTE technology.
APNIC Member Services Manager Vivek Nigam gives an update on RPKI initiatives and upcoming improvements at SANOG 38, held with npNOG 6 in Kathmandu, Nepal from 18 to 22 July 2022.
APNIC Senior Internet Resource Analyst Elly Tawhai gives an update on RPKI initiatives at PacNOG 30, held in a hybrid format from 8 to 12 August 2022 in Suva, Fiji.
This document discusses Route Origin Authorization (ROA) using the Resource Public Key Infrastructure (RPKI). It provides an overview of RPKI and how it uses digital certificates to validate the association between network resources and their holders. It describes APNIC's involvement in promoting RPKI adoption in the Asia Pacific region. It outlines the benefits of ROA, such as preventing route hijacking, and minimizing routing errors. It provides step-by-step instructions on creating ROAs using the MyAPNIC portal. Finally, it shares statistics on ROA adoption rates in South Asia and details APNIC's outreach efforts to encourage more networks to validate and filter routes using RPKI.
Senior Training Officer, Sheryl (Shane) Hermoso, outlines the importance of securing Internet routing to prevent route hijacking and prefix mis-origination with RPKI at the recent VNIX/NOG event in Ha Noi in November 2016.
This document discusses IPv4 transfers and the Resource Public Key Infrastructure (RPKI). It provides information on who can transfer IPv4 addresses between APNIC members and other RIRs, and shows statistics on IPv4 transfers from Singapore. It describes what RPKI is and how it helps secure internet routing by validating routes. It provides instructions on how to create Route Origin Authorization (ROA) objects in MyAPNIC to participate in RPKI and the benefits of maintaining ROAs. Statistics on ROA adoption in several Asian countries are also presented, along with an example of a successful ROA deployment campaign in Bangladesh.
This document provides information about Resource Public Key Infrastructure (RPKI) and IPv4 transfers. It discusses how RPKI helps secure internet routing by preventing route hijacking and minimizing errors. Details are given on how to create and maintain ROA objects. Statistics show uptake of RPKI in various countries and economies in Southeast Asia. The document also covers who can do IPv4 transfers, the transfer process in MyAPNIC, and tips for pre-approval and listing transfers.
Introduction to RPKI by Sheryl (Shane) HermosoMyNOG
The document discusses the Resource Public Key Infrastructure (RPKI) which aims to address routing incidents caused by IP prefix hijacking and misorigination. It provides an overview of RPKI technical details, components, and deployment status. RPKI uses digital certificates and Route Origin Authorizations (ROAs) to validate that IP prefixes are announced by their legitimate holders and prevent unauthorized route announcements. Major RPKI components include Certificate Authorities (CAs), Relying Parties (RPs), and routers configured to use RPKI data to validate BGP routes.
The document discusses the Resource Public Key Infrastructure (RPKI) which aims to address routing incidents caused by IP prefix hijacking and misorigination. It provides an overview of RPKI technical details, components, and deployment status. RPKI uses digital certificates and Route Origin Authorizations (ROAs) to validate that IP prefixes are announced by their legitimate holders and prevent unauthorized route announcements. Major RPKI components include Certificate Authorities (CAs), Relying Parties (RPs), and routers configured to use RPKI data to validate BGP routes.
APNIC Updates: RPKI, what we’ve learned and what we’ve been doing by Zen ChuanMyNOG
This document summarizes initiatives by APNIC to promote adoption of Resource Public Key Infrastructure (RPKI) and Route Origin Authorization (ROA) in the Asia-Pacific region. It finds that some economies in Southeast Asia have over 65% ROA adoption rates, with the Philippines at 96.36%. While Malaysia has made progress, full 100% adoption has not been achieved. The document outlines APNIC's efforts like training, campaigns and interface improvements to help members create and maintain valid ROAs. It also discusses ongoing work like alerts, pre-validation and API improvements to reduce invalid routes and ROA downtimes.
APNIC Senior Internet Resource Analyst Zen Ng gives an RPKI adoption update and lessons learned at MyNOG 9, held on 19 September in Kuala Lumpur, Malaysia.
This document provides an overview of IPv6 deployment and discusses reasons for and against adopting IPv6. It summarizes the status of IPv4 address exhaustion and reviews IPv6 readiness statistics globally and for various networks. The document outlines choices for network operators regarding IPv6 adoption, including doing nothing, prolonging IPv4 through NAT or address trading, or deploying IPv6. It also discusses IPv6 security considerations and issues specific to IPv6.
The document provides an overview of the Resource Public Key Infrastructure (RPKI) which aims to address routing incidents like hijacking and misdirection. It discusses how RPKI uses digital certificates and Route Origin Authorizations (ROAs) to validate that an Autonomous System is authorized to originate routes for specific IP address blocks. The key components of RPKI include Certificate Authorities, Relying Parties, and routers configured with RPKI support to filter routes based on validation of origin AS authorization. Deployment status at the Regional Internet Registries and an APNIC RPKI service are also covered.
APNIC Service Team Lead Anna Mulingbayan gives an introduction to APNIC at the PCTA Convention 2023, held in Boracay, Philippines from 10 to 14 April 2023.
APNIC Service Team Lead Anna Mulingbayan gives an introduction to APNIC at the PCTA Convention 2023, held in Boracay, Philippines from 10 to 14 April 2023.
PCTA 2019: How to obtain Internet resources to join the IXPAPNIC
APNIC Senior Internet Resource Analyst Anna Mulinbayan presents on getting Internet number resources to join the IXP at PCTA 2019 in Manila, Philippines from 2 to 4 April 2019.
Should I run my own RPKI Certificate Authority?APNIC
This document discusses the Resource Public Key Infrastructure (RPKI) and whether an organization should run their own RPKI Certificate Authority or use a hosted service. It provides an overview of RPKI and how it enables route origin validation. It then covers the different components, hosted vs delegated models, and factors to consider in choosing an approach. Key points include software and hardware requirements for running your own CA, the hybrid option of a hosted publication server, and that delegated RPKI is not inherently more secure but provides better access control and integration with an organization's systems.
APAN 50: RPKI industry trends and initiatives APNIC
APNIC Infrastructure and Development Director Che-Hoo Cheng gives an overview of the RPKI, why it is important, and how to create ROAs and ROVs to secure routing announcements.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Integrating Physical and Cybersecurity to Lower Risks in Healthcare!Alec Kassir cozmozone
The contemporary hospital setting is witnessing a growing convergence between physical security and cybersecurity. Because of advancements in technology and the rise in cyberattacks, healthcare facilities face unique challenges.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
2. Resource Certification, ROA, RPKI
2
• APNIC offers Resource Certification as a tool to Members
to create Route Origin Authorizations (ROAs) in MyAPNIC
• A ROA is a digitally signed, cryptographic object
generated by the Resource Certification service
• The Resource Public Key Infrastructure (RPKI) is the
framework that enables users of public networks to verify
the authenticity of data that has been digitally signed by
the rightful custodian of the IP resource.
3. Benefits of creating a ROA
3
• Verify whether an AS is authorized to announce a specific
IP prefix
• Minimize common routing errors
• Prevent most accidental hijacks
4. 4
A
AS1 (ISP of Victim)
AS4 (Large ISP)
AS2
(Legitimate owner of 1.1.1.1/16)
BGP:1.1.1.1/16
B
C
D
BGP:1.1.1.1/24
BGP:1.1.1.1/16
BGP:1.1.1.1/24
AS3 (ISP of Hijacker)
Source : http://www.secureworks.com/
5. 5
A
AS1 (ISP of
Victim)
AS4 (Large ISP)
AS3 (ISP of Hijacker)
AS2
(Legitimate owner of 1.1.1.1/16)
BGP:1.1.1.1/16
B
C
D
BGP:1.1.1.1/24
BGP:1.1.1.1/16
Source : http://www.secureworks.com/
6. What is a ROA object ?
6
• What’s contained in a ROA
– The AS number you have authorized
– The prefix that is being originated from it
– The most specific prefix (maximum length) that the AS may
announce
For example: “ISP 4 permits AS 65000 to originate a route for the
prefix 192.2.200.0/24”
7. Creating ROA in MyAPNIC
7
• What you need to have before creating a ROA
– Must be an APNIC Member
– Have access to MyAPNIC
– Digital Certificate installed
• Takes only 5 minutes to create, and 10 minutes to be
visible to the public
8. RPKI Initiatives
8
10 face-to-face and
elearning RPKI training
courses delivered
RPKI presentations to
NOGs and conferences
Development of the ‘Ready
to ROA’ Campaign – hands
on sessions to help
Members create ROAs
New shirts, stickers, web
content to promote
campaign
Ready to ROA launched in
2015
9. Invitation to ROA session
9
• 9th March @ “Coffee Shop” hall
• Create your ROA object on the spot
• Provide your feedback; share your experiences
• Get your ROA t-shirt
• Drop in your business card