Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Microsoft Details Plans to Improve Security of Internet Routing

Microsoft this week shared details on the steps it will take in an effort to ensure improved security for Internet routing.

Microsoft this week shared details on the steps it will take in an effort to ensure improved security for Internet routing.

The Border Gateway Protocol (BGP) routing protocol, on which the Internet runs, relies on autonomous systems (AS) to exchange routing and reachability information. This allows for fast updates, but misconfigurations or malicious intent could lead to outages or traffic interception.

Over the past couple of years, numerous routing incidents, including route hijacking and leaks, have resulted in large-scale distributed denial of service (DDoS), data theft, reputational damage, financial loss, and more.

To help improve routing security, Microsoft last year joined the Mutually Agreed Norms for Routing Security (MANRS) initiative. The company now says it has already implemented the existing MANRS framework in its operations, and has been working with the Internet Society, the Cybersecurity Tech Accord, and others to find ways to improve routing security.

One of the first actions the company takes in strengthening routing security is RPKI (Resource Public Key Infrastructure) origin validation. Used to secure BGP route origin information, the RPKI is public key infrastructure framework that has enjoyed wide adoption recently.

With BGP routes announced by its Autonomous System Number (ASN) already signed, Microsoft is now working on implementing RPKI filtering, which should be completed by mid-2021.

The company also says it will use the public Internet Routing Registries (IRR) databases for route validation, and revealed that it has already built a global Route Anomaly Detection and Remediation (RADAR) system, an internal tool meant to detect route hijacks and route leaks in its own network. Route leaks on the Internet are detected as well.

RADAR, the tech giant says, ensures that traffic is routed via preferred paths even when signs of malicious activity are identified.

Customers working with internet exchange partners (IXPs), internet service providers (ISPs), and software-defined cloud interconnect (SDCI) providers enrolled in the Azure Peering Service, Microsoft says, can register to RADAR and receive data on detected route anomalies.

“Microsoft interconnects with thousands of networks via more than 170 edge points of presence locations. We will work with all peer networks to protect traffic over the Internet,” the company announced.

RPKI and route object information is already included in Microsoft’s peering portal, allowing peer networks to access RPKI, route object, and network path information and address routes in respective registries, and the company plans on making it easier for its peers and for ISPs to manage route objects.

“Internet routing security will require constant updates to standards. There is no single standard which can address the issues faced on the Internet today and we need to update routing security standards as and when we see new threats emerging,” Microsoft notes.

Related: Russian Telco Hijacked Internet Traffic of Major Networks – Accident or Malicious Action?

Related: Embrace RPKI to Secure BGP Routing, Cloudflare Says

Related: NIST Readies to Tackle Internet’s Global BGP Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.