By Mohamed Hafez, the Information Security Team Lead of the Internet Society Sudan Chapter
The Internet’s openness and global nature make it a wonderful tool to empower individuals and businesses worldwide. Unfortunately, the Internet’s routing protocol is inherently insecure, and routing incidents are commonplace, consistently leading to disrupted services or stolen data.
To promote routing security by example, the Internet Society Sudan Chapter recently joined MANRS as a step forward. Even though many Chapters have supported MANRS in various ways before, we’re delighted to be the first one to be a MANRS participant.
The Chapter runs the ccTLDs (.sd and .سودان) of Sudan. Given the importance of our services, we decided to join MANRS to guarantee their security and reduce the possibility of routing security incidents.
We think being part of MANRS will help us advocate and promote MANRS, and Internet security in general, among the local Internet service providers (ISPs) and other network operators.
To join MANRS, we went through the best practices to improve routing security by updating WHOIS/Internet Routing Registry (IRR) and publishing our ROA with the help of AFRINIC. Also, we created our PeeringDB account to make our contact information available globally. Furthermore, the necessary filtering in/out is applied in the Border Gateway Protocol (BGP) sessions with Sudan IXP and two other operators. Lastly, Unicast Reverse Path Forwarding (uRPF) is utilized to guard against spoofing.
Regarding monitoring and resources management, we installed several open-source tools that include phpIPAM , Cacti, and libreNMS to manage the document and resources.
The network resources were recently acquired from the regional Internet registry (RIR), yet no critical services are running on it. Therefore, risk was not a factor to make MANRS actions implementation difficult. We were free to redesign the core network or any other part of the network when it was required. Consequently, we spent time gaining the appropriate knowledge by attending related webinars, deployathons, and MANRS courses on the Internet Society Learning portal.
Since the first SdNOG meeting was held in 2014, we have realized it is a way to reach network operators and Internet service providers (ISPs) without boundaries. In view of that, our team at the Internet Society Sudan Chapter are happy to reflect its experience in the form of a workshop showing the outcome of being a part of MANRS, if it is something that would be helpful to anyone. We have recorded some videos on our YouTube channel about related topics, for instance RPKI validator installation and configuration, and DNSSEC in Arabic language.
We’re excited to be part of MANRS and help make the Internet more secure for everyone. If any other chapter wants to know more, please feel free to reach out to me using the comment function below.