Home / Blogs

Verisign Expands MANRS Relationship to Strengthen Global Routing Security

Verisign has been involved with an initiative known as Mutually Agreed Norms for Routing Security, or MANRS, since its inception. MANRS, which is coordinated by the Internet Society, focuses on strengthening the security and resiliency of IP networks throughout the world by identifying and providing best practices for mitigating common routing security threats.

MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. Since then, with the help of Verisign and other MANRS participants, the initiative has grown to also include content delivery networks (CDN) and cloud providers.

Recently, Verisign deepened its commitment to MANRS by becoming an official participant in its newly launched CDN and Cloud Programme, along with several prominent technology companies, including Google, Microsoft, and AWS. This program is comprised of five mandatory, and one optional, security-strengthening participant actions. The five mandatory actions that every MANRS CDN participant must implement are:

  1. Prevent propagation of incorrect routing information: Ensure correctness of own announcements; ensure correctness of announcements of their peers (non-transit) by implementing explicit (whitelist) filtering with prefix granularity.
  2. Prevent traffic with illegitimate source IP addresses: Implement anti-spoofing controls to prevent packets with illegitimate source IP address from leaving the network (egress filters).
  3. Facilitate global operational communication and coordination: Maintain globally accessible up-to-date contact information in PeeringDB and relevant Regional Internet Registry (RIR) WHOIS databases.
  4. Facilitate validation of routing information on a global scale: Publicly document ASNs and prefixes that are intended to be advertised to external parties. Two main types of repositories are Internet Routing Registries (IRRs) and Resource PKI (RPKI). The requirement is to publish this information in at least one of these repositories, (publication of information in one or more IRRs may be appropriate), a recommendation is to maintain in both.
  5. Encourage MANRS adoption: Actively encourage MANRS adoption among their peers.

As a responsible, security-focused network operator and cloud service provider, Verisign endeavors to assist with the development of and follow industry best practices on filtering non-valid and reserved space from its peers, in addition to implementing anti-spoofing controls at all of its borders. Verisign also maintains up-to-date contact information in the PeeringDB and relevant RIR databases as well as accurate routing information in the IRRs. Finally, Verisign personnel actively promote MANRS adoption at conferences and industry meetings.

Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains. Routing security is of the utmost importance to Verisign’s mission and, as an early participant in the MANRS Network Operator Program, Verisign remains fully supportive of this initiative and its efforts to promote a culture of collective responsibility, collaboration, and coordination among network peers in the global internet routing system.

Click here to learn more about the MANRS initiative.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Yong Kim, Vice President of Cyber Strategy and Research at Verisign

He leads engineers and researchers focused on cybersecurity initiatives in support of Verisign’s operational security and overarching mission objectives.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC