RNP reached an important milestone in network security, with the registration of all its 39 IP blocks in the RPKI (Resource Public Key Infrastructure) project. RPKI is a resource certification system, which validates the source of IP routing advertisements and allows the user to avoid security attacks involving traffic capture, also known as hijacking .
According to data from NIST, the US National Institute for Standards and Technology, RNP is now included in the 32% of valid IP address prefixes in the Latin America and Caribbean region, managed by the Latin America and Caribbean Network Information Center (LACNIC).
Being a part of the global RPKI infrastructure is considered the first step in raising the level of maturity of network security with regard to global validation, as this ensures protection of prefixes, since the other members, such as the major global providers, can block invalid prefixes.
“RPKI allows networks to advertise their own prefixes and validate prefixes from other networks”, explains RNP Network specialist, Marcel Faria, responsible for the project.
In the case of RNP user organizations, their use of RNP prefixes provides an additional layer of protection against traffic hijacking attacks.
What are hijacking attacks and how to prevent them
In 2018, a hijacking attack gained worldwide notoriety for the traffic capture of an Amazon Web Services (AWS) DNS service called Route 53. The attacker hijacked the IP blocks allocated to Amazon and diverted traffic to a malicious domain, for the theft of cryptocurrencies.
The losses could have been greater had it not been for the prefix filters from MANRS (Mutually Agreed Norms for Routing Security), a global initiative for secure routing. Supported by the Internet Society (ISOC) and a large number of providers worldwide, MANRS offers support to reduce the most common security threats in routing.
RNP was accepted as a network operator and follows the recommendations of MANRS in four sets of actions: filtering, anti-spoofing, coordination and global validation. This latter validation is provided by RPKI.
To read this article on Portugues please click here.