Can Google actually protect vulnerable sites from attack?
Google last week announced a beta service that will offer protection from Distributed Denial of Service Attacks (DDoS) to human rights organizations and media, in and effort to slow the amount of censorship that such attacks cause.
The announcement of Project Shield came during a presentation at the Conflict in a Connected World summit in New York. The gathering included security experts, hacktivists, dissidents, and technologists, in order to explore the nature of conflict and how online tools can both be a source of protection and harm when it comes to expression, and information sharing.
Protecting free speech
"As long as people have expressed ideas, others have tried to silence them. Today one out of every three people lives in a society that is severely censored. Online barriers can include everything from filters that block content to targeted attacks designed to take down websites. For many people, these obstacles are more than an inconvenience—they represent full-scale repression," the company explained in a blog post.
Project Shield uses Google's massive infrastructure to absorb DDoS attacks. Enrollment in the service is by invitation only at the moment, but it could be expanded considerable in the future. The service is free, but will follow page speed pricing, should Google open enrollment and charge for it down the line.
However, while the service is sure to help smaller websites, such as those ran by dissidents exposing corrupt regimes, or media speaking out against those in power, Google makes no promises.
"No guarantees are made in regards to uptime or protection levels. Google has designed its infrastructure to defend itself from quite large attacks and this initiative is aimed at providing a similar level of protection to third-party websites," the company explains in a Project Shield outline.
Inviting new types of attacks
One problem Project Shield may inadvertently create is a change in tactics. If the common forms of DDoS attacks are blocked, then more advanced forms of attack will be used. Such an escalation has already happened for high value targets, such as banks and other financial services websites.
"Using Google's infrastructure to absorb DDoS attacks is structurally like using a CDN (Content Delivery Network) and has the same pros and cons," Shuman Ghosemajumder, VP of strategy at Shape Security, told CSO during an interview.
The types of attacks a CDN would solve, he explained, are network-based DoS and DDoS attacks. These are the most common, and the most well-known attack types, as they've been around the longest.
In 2000, flood attacks were in the 400Mb/sec range, but today's attacks scale to regularly exceed 100Gb/sec, according to anti-DDoS vendor Arbor Networks. In 2010, Arbor started to see a trend led by attackers who were advancing DDoS campaigns, by developing new tactics, tools, and targets. What that has led to is a threat that mixes flood, application and infrastructure attacks in a single, blended attack.
"It is unclear how effective [Project Shield] would be against Application Layer DoS attacks, where web servers are flooded with HTTP requests. These represent more leveraged DoS attacks, requiring less infrastructure on the part of the attacker, but are still fairly simplistic. If the DDoS protection provided operates at the application layer, then it could help," Ghosemajumder said.
"What it would not protect against is Advanced Denial of Service attacks, where the attacker uses knowledge of the application to directly attack the origin server, databases, and other backend systems which cannot be protected against by a CDN and similar means."
Google hasn't mentioned directly the number of sites currently being protected by Project Shield, so there is no way to measure the effectiveness of the program form the outside.
In related news, Google also released a second DDoS related tool on Monday, which is possible thanks to data collected by Arbor networks. The Digital Attack Map, as the tool is called, is a monitoring system that allows users to see historical DDoS attack trends, and connect them to related news events on any given day. The data is also shown live, and can be granularly sorted by location, time, and attack type.