OFFICIAL SECURITY BLOG
October 21, 2013 | BY Jérôme Segura
Websites, whether they are personal ones or belong to large corporations and governments, are constantly under attack.
Even when web administrators do their best to secure their properties from remote-file inclusions, malicious shell uploads, SQL injection or brute force attacks to name a few, they are still susceptible to threats that are out of their control.
Google recently stepped in to provide website protection services that include Distributed Denial of Service attacks mitigation as well as other types of attacks aimed at blocking politically sensitive websites.
The program, dubbed Project Shield is now open as an invite-only service and is free (for now).
DDoS attacks have taken a new twist in recent years when compromised web servers joined forces with regular home user PCs. The resulting output is so strong in terms of bandwidth that it can take down any website that isn’t actively setup to face attacks of that magnitude.
One particularly effective weapon to put a website offline is called a DNS amplification attack. This is when an attacker uses infected PCs or compromised web servers to make a small DNS request that generates a response x times larger.
Because the DNS request is made with the intended victim’s IP address all the responses are redirected to it, therefore flooding it with bogus traffic. Once the web server cannot manage that amount of data, it becomes unresponsive.
Competitors, extortionists and repressive regimes are among some of the actors responsible for DDoS attacks.
Google’s service is offering to absorb the shear volume of bandwidth produced by botnets thanks to its large and powerful infrastructure so that your website remains online at all times.
In addition to this, Google will also offer a service that speeds up your website, which is aimed at retaining traffic and increasing conversions.
Google is not the first company to offer DDoS protection in this space; other notable players include CloudFlare, Prolexic and Arbor Networks with whom Google has partnered to launch Digital Attack Map, a live data visualization of DDoS attacks.