Now if you're like me, I know that you rolled out of bed this morning and thought, oh my gosh, today I get to learn more about routing security. Right? Everybody loves routing security. So let me explain what that is and why it's important security. I think everybody recognizes this old cartoon on the Internet, nobody knows that you're a dog. At the same time, nobody knows if Pakistan is YouTube. And that's because of the great system of highly insecure routing security that the Internet has today, which basically allows anybody to announce that they are the destination for a particular site, which as you might imagine, is pretty problematic. So this is a classic, you know, canonical example of that, where Pakistan accidentally announced that they were YouTube. And suddenly, all of YouTube's Google traffic routed to Pakistan for a little while, kind of a problem. So this is a great eye chart of what the Internet really looks like you have all of these different networks that are these sort of ovals of autonomous systems. And the way that they know how to get to other networks, is basically by sharing a map of routes on the Internet that share is that you know, how do you get from point A to point B, you can get to a network, usually through a variety of different paths. So those are called routes. But to understand that, and to have a network come online and connect, and know how to get from point A to point B, you have to share routing information through a protocol that a bunch of folks at the Internet Engineering Task Force developed many, many years ago. But that was designed at a very different there, it was designed and they narrow, the VC there on the left, where everybody knew each other, there were all kinds of academics, there was a small number of, you know, generally academic and nonprofit networks, and 100. Imagine that somebody would, you know, do something like, you know, have spam word, watch a network attack, because gosh, that's somebody that you worked with the new at UCLA, or at University of Pittsburgh, or what happened. So that was an era of assumed trust. The era that we're in now is on the right, the era zero trust, where you can trust anything, you don't know who someone is, when they connect to the network, you don't know if traffic is valid. So that's really difficult if the protocol that is a core one that announces where all of these network resources are on the on the Internet, was designed in an era that we are quite frankly, long past. So there are two problems that come up with routing security. One is hijacked. So that's where something malicious, nefarious, where you're trying to attack and take over a property on the Internet than the other mistakes. And you might think, well, it's got to be attacks all the time. That's what's really causing the issue. In fact, most of the time is just mistakes. People roll out and announced the wrong routing information. And suddenly traffic is destined to the wrong place. And you know, that's probably more common. But it's also the case that malicious actors can announce false routing information and cause traffic to be destined to them. And that's a way to commit financial crimes to do cyber attacks. You know, you name it. And so, you know, those are sort of the two different aspects that, so how does the community solve that? So the first one of these, and I'll talk about the first one in a second, but then there are sort of a variety of ways, I'm going to give you the main two things that the candidate is doing now. But there are a large variety of these. One of them is source address validation, which I'm not going to bore you with, it's basically making sure that any packets you said to the Internet as network operator truly originated from your network, that it's not a faked packet, which is actually more common than you would think. But the next one, which is the things that networks are doing right now, is basically citing those route information, those routing updates to Well, the first step is if you own an IP addresses, let's say you're CloudFlare, you have a bunch of content that's going to be destined to your network, you have on either dresses that you basically owned that have been delegated to you by an authority in North America where you were breached or wherever. And so you basically do something like web sites today for secure websites, you're signing a certificate attached to those IP addresses and saying, I assert ownership over this. And there's a whole chain of trusted Baladi step that says, yes, it's really true. Cloudflare owns these IP addresses. Got it. So that's sort of step one. Step two is making sure that that signature is valid. So if you're willing to accept a routing update from CloudFlare, you should go check this ad Update site because I know Cloudflare signs their updates, and if so, does that key match does that signature validate? And if not, I'm going to ignore it. And that way, if your cloud player you have signed those addresses. And if your Comcast you validate those addresses, there can't be any route hijacks or other other things that might try to reroute traffic from, you know, whether it's CloudFlare, or Netflix or Google or Facebook, or what have you or your bank. So those are really two key parts. Now that networks are rolling out. The good news is that a lot of those things have been happening. For years, the Internet Society started an effort called mutually agreed norms and routing security, which is another thing called MANRS, you know, nerds, like myself, love our acronyms. That's another one. We were one of the cofounders at Comcast many years ago, but a lot of ISPs around the world have been implementing, there are a lot of open source tools that are mature that enable somebody to go out and deploy this today. And then there's been a lot of network operator groups, industry groups, standards bodies that have worked on this, and best practices. So the good news is that these are sort of solved problems insofar as you have tools that are available, basically off the shelf to do these things. And if you're a network operator, you should be validating signatures, and you should be a fuel content owner or network operator announcing and signing your route updates. So that's it that is routing security in a nutshell. And thank you for your time today.
