21st Century Wire says…
Do you trust Google with your blog, news site, or business? The question is still up for grabs, but now many may be forced into a new relationship with the digital giant…
Problem, reaction, solution – hackers and malicious entities (like the NSA?) have succeeded in herding content creators into a new arena of security against Denial of Service (DDoS) attacks online. By pelting your server and DNS locations with bot attacks and page requests, hackers and others have created a new demand for security services. Enter ‘Project Shield’, the solution to all your ills. Google’s own service page states:
“Project Shield is an initiative to expand Google’s own distributed denial of service (DDoS) mitigation capabilities to protect free expression online”.
They say it’s free, but we now know, in a post-Snowden world, that if it’s free, it ain’t free. Google is developing a huge monopoly – and the crisis of DDoS attacks empowers them. The message is clear: “Join us, or you could be wiped out.”
A digital protection racket?
Google will protect your right to freedom of expression online? That’s what they say. But if you park your digital life and work in Google’s stable, could you risk falling foul of yet to be published “community guidelines”, or other NSA/government invasions into your privacy and ability to operate?
Google’s track record is less than stellar in this department, so we’ll have to wait and see what becomes of this latest brain wave…
-
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
Mathew J. Schwartz
Information Week
Can Google’s new Project Shield save the world from packet storms, zombie PCs, low-orbit ion cannons or Armageddon attacks?
Not yet. But Google’s latest endeavor, sounding a bit like a Marvel Comics creation, can provide distributed denial of service (DDoS) protection for static Web pages.
“Project Shield is an initiative to expand Google’s own distributed denial of service (DDoS) mitigation capabilities to protect free expression online,” says Google’s related service page. “The service currently combines Google’s DDoS mitigation technologies and Page Speed Service to allow websites to serve their content through Google’s own infrastructure for DDoS mitigation.”
The effort is currently invitation only, although Google is soliciting “trusted testers” to help it get the service up and running, provided they hail from the domains of “news, human rights or elections-related content.”
The DDoS attack defense is offered via Page Speed Service, which according to a related FAQ “is an online service to automatically speed up loading of your web pages.” According to Google, the service “fetches content from your servers, rewrites your pages by applying Web performance best practices and serves them to end users via Google’s servers across the globe.”
This level of global distribution also provides protection against some types of DDoS attacks, although the company cautioned that it’s not foolproof. “Google has designed its infrastructure to defend itself from quite large attacks and this initiative is aimed at providing a similar level of protection to third-party websites,” it said.
Google said that Page Speed Service and Project Shield are currently free, but if that changes it will give users at least 30 days’ notice. If it does begin to charge, Google hopes to offer discounted or free subscriptions for charities and non-profits.
Speaking by phone, Shuman Ghosemajumder, VP of strategy for automated attack defense firm Shape Security and formerly the head of Google’s efforts to combat click fraud, lauded the new service. “Project Shield is a great initiative that I think is going to really make a difference for free speech online,” he said. “When you’re looking at websites that provide that type of information, it’s typically static website content, and that’s what Project Shield is designed for.”
“But if you’re a bank, trading website or social network — anything that requires database-driven, real-time dynamic interaction — that’s not what Project Shield is designed for,” Ghosemajumder said, noting that he wasn’t involved in the development of Google’s DDoS defenses.
In fact, attacks against database-driven websites are much more difficult to defend against, as the Operation Ababil DDoS attacks against U.S. banks proved, before the months-long attack campaign appeared to go on hiatus. That’s because attackers can bring a variety of database-choking techniques to bear, ranging from packet-spewing SYN floods and encrypted traffic attacks from botnet-infected zombie PCs to crowd-sourced JavaScript attack tools such as low-orbit ion cannons and potentially even overwhelmingArmageddon attacks that take down upstream service providers, too.
Of course, there’s nothing to stop Google from one day ramping up its service to the point where it can defend database-driven sites, and compete with current DDoS defense service providers. In fact, Matthew Prince, CEO of DDoS attack mitigation firm CloudFlare, has been predicting that will happen, and that Google might gobble up rivals in the process.
“The challenges that websites face in both performance and security are substantial so it’s inevitable there will be a consolidation of the edge of the network,” Prince told the Register. “In the future, there will likely be two to six companies that run the edge of the Web. We’ve been predicting for some time those companies will be Akamai, Amazon, CloudFlare, and Google.”
The crucible of cloud, big data and distributed computing is hell on systems. Will application performance management cool down complexity — or just add fuel to the fire? Also in the new, all-digital APM Under Fire special issue of InformationWeek: Cloud industry heavyweights discuss the pros and cons of OpenStack support for Amazon APIs. (Free registration required.)
-
READ MORE BREAKING TECH STORIES: 21st Century Wire Sci-Tech
-