Introduction to Google cloud armor
Cloud Armor is a Google product that is useful to protect your application from DDoS attacks and web attacks. Most popularly, it is known for DDoS protection. Big Giants like google, YouTube and Gmail are already using cloud armor to protect their applications from DDoS and web attacks.
Cloud armor helps us to protect our Google cloud deployments from DDoS attacks, Cross-site scripting, and SQL injection attacks. Google cloud armor offers some automatic protections and some we need to configure manually. Before jumping into how cloud armor works and how to set it up, first let’s understand what are all these attacks.
Types of attacks
DDoS: DDoS is known as distributed denial-of-service, the intention of this attack is to dispute the server or service or network by sending continuous traffic to the target server.
XXS: XXS also known for cross-site scripting. Cross-site scripting is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website by using a website search or contact form, etc. The intention of these attacks is to execute a malicious script in the website user’s browser to compromise the interactions.
For example, if a bad player wrote a malicious and uploaded it to an ad posting site as an ad to steal the cookies of users. So if a regular user of that website clicks on that ad, the script will execute and send the cookies of the user to a bad player. So the bad player can use those cookies to access the website as a user and can do bad things with the mask of that user.
SQ Li: SQ Li is also known as SQL injection it is a web security vulnerability the intention of this attack is to view the data that they are normally able to retrieve such as sensitive data like passwords, usernames, user emails of other users, or any other data from the database.
The SQL injection consists of the insertion of an SQL query from the input to view the data from the database.
Features of Cloud Armor:
One of the key features of Cloud Armor is its ability to provide real-time threat protection by analysing incoming traffic and blocking malicious requests based on your security policies. You can set up custom rules to block or allow traffic based on various criteria such as IP address, geolocation, and HTTP headers. Cloud Armor also integrates with other security services such as Cloud CDN and Cloud Load Balancing to provide additional layers of protection for your applications.
Cloud Armor also includes a variety of security features to help you harden your defences against cyberattacks. These features include DDoS protection, bot protection, and Web Application Firewall (WAF) rules to block known vulnerabilities and malicious traffic. With Cloud Armor, you can customize your security policies to fit your specific needs and ensure that your applications are always protected.
In addition to providing security for your applications, Cloud Armor also offers visibility and monitoring capabilities to help you identify and respond to threats in real-time. You can use Cloud Armor’s logging and reporting features to track the effectiveness of your security policies and identify potential issues before they become major problems.
Setting up Cloud Armor:
- Go to Network Security → Cloud Armor
- Click on create a security policy
- In the configure policy section, give a name and add description
- select the policy type (in my case, I’m using backend policy)
- select default rule action Allow / Deny — if you select deny by default it will block all traffic with the lowest if you set any rule to allow traffic with the highest priority number it will override the default rule. ( in my case, I’m selecting allow all traffic)
- Click on the next step
- Add a description for the new rule
- Select a mode Basic mode / Advanced — Basic mode can allow or deny the traffic from matched IP address
- In the match section, add an IP address that you want to block
If you want to add Create another rule, click on add rule
Select mode Basic / Advanced (I’m using advanced to demonstrate)
In the advanced mode, we can use a match query to block traffic with a matched query.
For example, if you want to block users from accessing your WordPress config, you can use“ request.path.contains(‘wp-config’)“ query
- Select allow/ deny — I’m selecting deny to deny traffic with wp-config URL request
- Then give a priority number
- Click on done.
In the apply targets section, Click on“ ADD TARGET “
Then select a load balancer backend target and click on create policy
And it’s done, that’s how we set up cloud armor to protect our applications from various types of attacks. In our next part, we will write an article on how to set up cloud armor security policies using terraform. Until then, stay tuned.
If you haven’t followed us yet on medium, do follow now. Also sign up for our free newsletter to stay updated in the world of DevOps
