Feeds

If there's somethin' strange in your network 'hood. Who y'gonna call? Google's DDoS-busters

Project Shield guards activists, charities from web storms

Securing Web Applications Made Simple and Scalable

Google will shelter charities and activists from distributed denial-of-service attacks by wrapping their websites in its protection technologies.

The advertising giant announced its Project Shield initiative on Monday, and said it wanted to "protect free expression online."

"Project Shield is a service that currently combines Google's DDoS [distributed denial-of-service] mitigation technologies and Page Speed Service (PSS) to allow individuals and organizations to better project their websites by serving their content through Google's own infrastructure, without having to move their hosting locations," the company wrote in an FAQ document outlining the tech.

As is typical with modern Google product launches, the internet goliath neglected to give precise technical details on how Project Shield's web-flood and packet-attack mitigation magic actually works.

But we can surmise that the company is probably using thousands of edge servers around the world to act as a scalable, elastic front-end for incoming traffic deluges, as this is the same approach taken by DDoS-mitigation experts CloudFlare.

Due to the distributed nature of Google's underlying infrastructure management, provisioning, and monitoring systems it's likely the company has fairly effective early warning systems in place to watch for faults as they develop.

By plugging activist and charity sites into the company's cloud infrastructure, Google is able to subsume targets beneath a protective cloud of servers that can absorb and route large amounts of malicious traffic.

For now, Project Shield is free, and is accepting applications from websites serving news, human rights, and election-related information.

The 'Page Speed' component of the service is available for free now, but may cost money to use in the future, the company said. Page Speed slurps content from a company's servers and applies "web performance best practices" to them, then serves them to end-users via Google's global server network, according to an FAQ on the tech.

CloudFlare chief Matthew Prince reckons the service is a sign of forthcoming consolidation among edge network service providers.

"The challenges that websites face in both performance and security are substantial so it's inevitable there will be a consolidation of the edge of the network," CloudFlare chief Matthew Prince told El Reg via email. "In the future, there will likely be two to six companies that run the edge of the web. We've been predicting for some time those companies will be Akamai, Amazon, CloudFlare, and Google."

CloudFlare offers a free DDoS mitigation service that, Prince says, "provides at least equivalent DDoS protection to what Google is offering."

Google is not giving any guarantees to sites using Project Shield, but did say in its FAQ document: "Google has designed its infrastructure to defend itself from quite large attacks and this initiative is aimed at providing a similar level of protection to third-party websites." ®

The smart choice: opportunity from uncertainty

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.