DDOS mitigação de GCE

3

Espero iniciar o serviço de hospedagem compartilhada no Google Compute Engine. A infraestrutura do Google tem alguma atenuação de DDOS integrada?

Este artigo aqui diz que sim.

"O Compute Engine utiliza a arquitetura global de rede e balanceamento de carga do Google e fornece acesso à equipe de segurança especializada do Google, que garante que a infraestrutura seja segura e capaz de se defender contra ataques de DDOS." link

Embora não haja confirmação oficial em nenhum outro lugar.

Qual é a proteção adicional de que preciso se o Google já fornecer a atenuação de DDOS?

Obrigado

    
por user3528340 10.02.2016 / 07:53

1 resposta

1

Google has deployed an Andromeda - their own network stack. It solves many networking challenges introduced by virtualization like delivering the highest level of performance, availability, and security requires orchestrating across virtual machines, hypervisors, operating systems, network interface cards, top of rack switches, fabric switches, border routers, and even Google's network peering edges.

Andromeda's goal is to expose the raw performance of the underlying network while simultaneously exposing network function virtualization (NFV). This functionality includes distributed denial of service (DDoS) protection, transparent service load balancing, access control lists, and firewalls. This kind of protection is built-in to everything inside Google's network, your virtual machines running on Google Compute Engine included.

However, you still need to take care of the following:

  • O/S regular patching
  • Protection using O/S level firewall
  • Configure Google Firewall and leave only used ingress ports
  • Secure the SSH on your bastion machine
  • Apply application patches regulary

Fonte

    
por 10.02.2016 / 11:31