APNIC’s Engagement on Security

Slides:

Advertisements

Similar presentations

Policy Aspects of the Transition to IPv6 Geoff Huston Chief Scientist, APNIC.

Advertisements

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

APNIC Update Paul Wilson Director General. Overview Priorities in 2009 IPv4 exhaustion IPv6 deployment Security Internet Governance Priorities in 2010.

1 Muhammed Rudman

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

Public Policy Issues in the Communications and Infrastructure Services Policy area Geoff Huston APNIC June 2011.

Developing Information Security Policy. Why is Developing Good Security Policy Difficult? Effective Security/IA Policy is more than locking doors and.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Geoff Huston Chief Scientist, Asia Pacific Network Information Centre IPv6 Workshop European Digital Agenda Assembly June 2011.

The Resource Public Key Infrastructure Geoff Huston APNIC.

APNIC Update Paul Wilson ARIN October 2013.

Greg Rattray ICANN Chief Internet Security Advisor

APNIC Update Paul Wilson Director General. APNIC RIR for Asia Pacific –IP address allocation and management –Open policy development Support for Internet.

APNIC Update RIPE 59 October Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings.

Internet Addressing and the RIR system (part 2) 12 February 2004 Phnom Penh, Cambodia Paul Wilson, APNIC.

APNIC Depletion of the IPv4 free address pool – IPv6 deployment The day after!! 8 August 2008 Queenstown, New Zealand In conjunction with APAN Cecil Goldstein,

Technical Area Report Byron Ellacott Technical Area Manager.

IPv4 Unallocated Address Space Exhaustion Geoff Huston Chief Scientist APNIC November 2007.

2016 Services Roadmap APNIC Services George Kuo 9 September 2015 Jakarta.

TeamCluster Project Real time project management solutions Harry Hvostov April 27, 2002.

AFRINIC Update Anne-Rachel Inné COO, AFRINIC ARIN 32, Phoenix October 2013.

APNIC Security Update APSIRCC 2002 Tokyo, 25 March 2002.

Internet Cooperation in the Asia Pacific Bali IGF, Nusa Dua Hall 1, hrs.

1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.

1 Transition to IPv6: Should ISPs consider it now? PITA 11th AGM Meeting 2007 Tahiti, French Polynesia 24 April 2007.

IP Address Management The RIR System Nurani Nimpuno APNIC.

Issue Date: Revision: APNIC Outreach Activities in Cyber Security Adli Wahid Security Specialist

Beyond the IPv4 Internet Geoff Huston Chief Scientist, APNIC.

Launched March at UN Statistical Commission in side event.

“Your application performance is only as good as your network” (4)

IT Service Transition – purpose and processes

Auto-Detecting Hijacked Prefixes?

Auto-Detecting Hijacked Prefixes?

Regional Internet Registries An Overview

Information Technology Sector

Ian Bird GDB Meeting CERN 9 September 2003

Paul Wilson RIPE 66 Dublin

a collaborative effort

Internet Evolution and IPv6

Prof. JD Kabasa, OHCEA CO-PI & Principal COVAB

Global Registry Knowledge Update Leslie Nobile

Internet Routing Health Measurement Bar BoF

World Health Organization

Beyond Technical Solutions

Technical Cooperation Section SEDI- Executive Office

A Speculation on DNS DDOS

The Biodiversity and Protected Areas Management (BIOPAMA) Programme

REACH Mission & Objectives

The Sendai Framework Data Readiness Review 2017

Cloud Testing Shilpi Chugh.

A commentary on the ITU-T proposal for national address registries for IPv6 Geoff Huston April 2005.

Some Thoughts on Integrity in Routing

APNIC Trial of Certification of IP Addresses and ASes

Institutional Framework, Resources and Management

Internet Technological Evolution and the Role and Impact of ICANN

AVI AFRIQUE October 2018 Tshepo Peege

APNIC Survey 2018 RIPE 77 – Amsterdam.

Why don’t we have a Secure and Trusted Inter-Domain Routing System?

Cybersecurity ATD technical

Societal resilience analysis

A commentary on the ITU-T proposal for national address registries for IPv6 Geoff Huston April 2005.

State of World’s Cash Report:

Introduction to Regional Internet Registries (RIRs)

Improving global routing security and resilience

Overview of policy proposals

APNIC Member and Stakeholder Survey 2009

Report on the Asia Pacific Energy Leaders’ Summit

The Biodiversity and Protected Areas Management (BIOPAMA) Programme

Presentation transcript:

APNIC’s Engagement on Security Geoff Huston Chief Scientist, APNIC

Even simple machinery can fail in epic ways!

With more complex machinery… We can confidently anticipate even more epic forms of failure

Our Shared Vulnerability Many aspects of our society now rests upon digital foundations: Government Infrastructure Finance Health Food Water If we undermine the integrity and security of these digital foundations then we expose ourselves to very serious risks

A Toxic Internet What kind of world have we built when millions of webcam baby monitors can be orchestrated to perform a terabit attack on the domain name infrastructure on the US eastern seaboard, and disrupt the lives of millions of people for an afternoon?

What are we doing about it?

APNIC’s Security Stance APNIC’s vision is for a global, open, stable, and secure Internet that serves the entire Asia Pacific community.

Our Surveys We regularly survey our members and stakeholders regarding their views of current challenges Security is now the highest rated challenge (it used to be IPv6)

APNIC Survey 2018 Q9. Thinking about your Internet-related services, products or activities, what are the MAIN operational challenges facing your organisation? Consistent with focus group feedback, network security is the number one challenge facing the community in 2018 East Asia Oceania SE Asia South Asia LDEs Developing Developed Network security 28% 34% 22% 26% 25% 31% Scarcity of IPv4 addresses 13% 9% 14% 11% 12% Cost of network operations 10% 17% Hiring and / or keeping skilled employees 8% 16% Deployment of IPv6 7% Management of bandwidth and network capacity Keeping up with the pace of technology changes 5% 6% 4% Regulatory requirements involving the Internet 3% Benchmarking and understanding best practice in network operations 2% Access to reliable and credible Internet industry data 1% Other 0%

APNIC Survey 2018 Q10. Thinking about network security, what are the MAIN challenges facing your organisation? Q11. How might APNIC best assist you or others with network security challenges? 10

What we do in this area Sharing global security best practice information with APNIC Members and building regional security capacity through training and technical assistance Working with the NIRs to ensure accuracy of registry Ongoing consistency checks to historical NIR block assignments RDAP and Whois alignment Point of Contact validation Supporting the creation of CERT/CSIRTs in the Asia Pacific to strengthen the community’s ability to mitigate security incidents Coordinating with the Asia Pacific security community, including the law enforcement community, to enhance mutual understanding and share views from the numbers community.

Infrastructure Security This is perhaps the most critical common vulnerability in the Internet If an attacker can successfully undermine the integrity of the routed address space and the integrity of the name space then the attacker does not have to target individual hosts or systems, as the entire network is exposed

Infrastructure Security How can we improve the name and address infrastructure of the Internet to mitigate the continual stream of routing anomalies and name hijacks? Some collection of cryptographic mechanisms appears to offer the most promise, by allowing all BGP speakers and DNS resolvers the ability to distinguish a genuine artefact from an artifice intended to mislead and misdirect

Securing the Address Space and Routing Some 15 years ago APNIC designed a secure framework that allows testable attestations about addresses and their uses – this is today’s RPKI We’ve been working with other RIRs, the IETF, the Internet Society and other stakeholders to encourage the use of this RPKI as a the central tool to support address and routing integrity We continue to work in the IETF for viable approaches to integrate this RPKI into the inter-domain routing system

Securing the DNS We are supporting the effort to deploy DNSSEC validation across the resolution space We are using measurement platforms to inform the community what is happening with DNSSEC deployment, and encouraging service operators to switch on DNSSEC validation We have encouraged DNS resolver vendors to integrate DNS features that make the DNS more resilient against attack and reduce the fragility of the current WebPKI CA system

We are doing what we can here But its probably not enough when thinking about the scope of the security issues confronting us There is no magic solution in our visible future, so we don’t expect this topic to go away anytime soon While there is no ‘silver bullet’ to make all this just go away, we are doing what we can, and working with others, to make incremental improvements in the area, to make abuse and attack more challenging for bad actors