Understanding Google Cloud Armor: Protect yourself against denial-of-service attacks and other web attacks
Google Cloud Armor is the preferred choice of many top companies as it offers the ability to protect your websites and applications against denial-of-service attacks and other web attacks. This service helps you identify and mitigate attacks against your Cloud Load Balance workloads. It also delivers DDoS protection and WAF at Google-scale. This is not all! There is much more to this service. This blog will focus on the main areas of Google Cloud Armor service, and provide a better understanding of its security policies.
What is Google Cloud Armor?
Google Cloud Armor protects Google Cloud deployments against a variety of threats including DDoS attacks, application attacks, SQL injection (SQLi), and cross-site scripting. Some protections in Google Cloud Armor can be automated while others need to be set up manually. This also allows for:
Firstly, reducing OWASP risks and protecting your workloads on-premises and in the cloud.
Secondly, bot management to stop fraud at the edge via native Integration with reCAPTCHA enterprise
Cloud Armor has many benefits
Cloud Armor has first built-in protections against DDoS attacks at the L3 & L4 levels.
Second, Cloud Armor’s predefined rules help to defend against attacks such as cross-site scripting (XSS).
SQL injection (SQLi).
Finally, the Cloud Armor Managed Protection Plus Tier offers predictable monthly pricing and access to DDoS/WAF services, tailored rules sets, and other services.
Google Cloud Armor is in use
Google Cloud Armor provides DDoS protection for applications and services that are behind external HTTP(S), SSL proxy loadbalers, or TCP proxy loadsbalers.
The DDoS protection provided by Google Cloud Armor is also always on and scales to Google’s worldwide network. It can detect and mitigate network threats in real time, allowing only well-formed requests through load balancing proxy servers.
Thirdly, security policies allow backend services behind an externe HTTP(S) loadbalger to apply custom Layer 7 filtering policy, including preconfigured WAF rules, to minimize OWASP web app vulnerability concerns.
You can also choose to allow or deny access to your external HTTP(S), load balancer at Google Cloud edge. This is possible as close as possible to the source of incoming visitors using Google Cloud Armor security settings. This will also prevent unwanted traffic from accessing your Virtual Private Cloud networks or consuming resources.
The figure below shows the external HTTP(S), load balancers, the Google network and Google data centres.
Image: GCPWhat features does Google Cloud Armor offer?
Google Cloud Armor’s most prominent features include:
1. Rules language
Google Cloud Armor allows for the creation of prioritized rules and adjustable match criteria. If a rule’s priority matches the attributes of an incoming request, it takes affect and executes the set action.
2. Preconfigured WAF rules
Pre-configured rules in Google Cloud Armor protect your online apps and services against typical internet attacks and minimize the OWASP Top 10 risk. Instead of requiring you to declare each signature individually in Google Cloud Armor, the rules allow Google Cloud Armor analyze different traffic signatures using clearly labeled rules. ModSecurity Core Rules Set 3.0.2 is the source for the rule (CRS).
3. Named IP lists
Google Cloud Armor named IP addresses lists allows you to access third-party provider-maintained lists IP addresses and IP ranges. You can create named IP address lists within a security policy. You don’t need to specify each IP address or range.