Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Google Project Shield Promises DDoS Attack Prevention

Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.

Google Nexus 7, Chromecast: Visual Tour
Google Nexus 7, Chromecast: Visual Tour
(click image for larger view)
Can Google's new Project Shield save the world from packet storms, zombie PCs, low-orbit ion cannons or Armageddon attacks?

Not yet. But Google's latest endeavor, sounding a bit like a Marvel Comics creation, can provide distributed denial of service (DDoS) protection for static Web pages.

"Project Shield is an initiative to expand Google's own distributed denial of service (DDoS) mitigation capabilities to protect free expression online," says Google's related service page. "The service currently combines Google's DDoS mitigation technologies and Page Speed Service to allow websites to serve their content through Google's own infrastructure for DDoS mitigation."

The effort is currently invitation only, although Google is soliciting "trusted testers" to help it get the service up and running, provided they hail from the domains of "news, human rights or elections-related content."

[ Find out how to gird your DNS against distributed denial of service attacks. Read Is Your DNS Server A Weapon? ]

The DDoS attack defense is offered via Page Speed Service, which according to a related FAQ "is an online service to automatically speed up loading of your web pages." According to Google, the service "fetches content from your servers, rewrites your pages by applying Web performance best practices and serves them to end users via Google's servers across the globe."

This level of global distribution also provides protection against some types of DDoS attacks, although the company cautioned that it's not foolproof. "Google has designed its infrastructure to defend itself from quite large attacks and this initiative is aimed at providing a similar level of protection to third-party websites," it said.

Google said that Page Speed Service and Project Shield are currently free, but if that changes it will give users at least 30 days' notice. If it does begin to charge, Google hopes to offer discounted or free subscriptions for charities and non-profits.

Speaking by phone, Shuman Ghosemajumder, VP of strategy for automated attack defense firm Shape Security and formerly the head of Google's efforts to combat click fraud, lauded the new service. "Project Shield is a great initiative that I think is going to really make a difference for free speech online," he said. "When you're looking at websites that provide that type of information, it's typically static website content, and that's what Project Shield is designed for."

"But if you're a bank, trading website or social network -- anything that requires database-driven, real-time dynamic interaction -- that's not what Project Shield is designed for," Ghosemajumder said, noting that he wasn't involved in the development of Google's DDoS defenses.

In fact, attacks against database-driven websites are much more difficult to defend against, as the Operation Ababil DDoS attacks against U.S. banks proved, before the months-long attack campaign appeared to go on hiatus. That's because attackers can bring a variety of database-choking techniques to bear, ranging from packet-spewing SYN floods and encrypted traffic attacks from botnet-infected zombie PCs to crowd-sourced JavaScript attack tools such as low-orbit ion cannons and potentially even overwhelming Armageddon attacks that take down upstream service providers, too.

Of course, there's nothing to stop Google from one day ramping up its service to the point where it can defend database-driven sites, and compete with current DDoS defense service providers. In fact, Matthew Prince, CEO of DDoS attack mitigation firm CloudFlare, has been predicting that will happen, and that Google might gobble up rivals in the process.

"The challenges that websites face in both performance and security are substantial so it's inevitable there will be a consolidation of the edge of the network," Prince told the Register. "In the future, there will likely be two to six companies that run the edge of the Web. We've been predicting for some time those companies will be Akamai, Amazon, CloudFlare, and Google."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/23/2013 | 12:36:48 AM
re: Google Project Shield Promises DDoS Attack Prevention
DDoS yes, ion cannons no. http://www.youtube.com/watch?v...
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20975
PUBLISHED: 2019-08-20
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
CVE-2019-11521
PUBLISHED: 2019-08-20
OX App Suite 7.10.1 allows Content Spoofing.
CVE-2019-11522
PUBLISHED: 2019-08-20
OX App Suite 7.10.0 to 7.10.2 allows XSS.
CVE-2019-11806
PUBLISHED: 2019-08-20
OX App Suite 7.10.1 and earlier has Insecure Permissions.
CVE-2019-12889
PUBLISHED: 2019-08-20
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disco...