是否可以保护Google Cloud Functions免受DDoS攻击? [英] Are Google Cloud Functions protected from DDoS attacks?

问题描述

据我了解，我的Google Cloud Functions可以全局访问.如果要控制对它们的访问，则需要将授权实现作为功能本身的一部分.说，我可以使用基于Bearer令牌的方法.这样可以保护该功能背后的资源免遭未经授权的访问.

As far as I understand, my Google Cloud Functions are globally accessible. If I want to control access to them, I need to implement authorization as a part of the function itself. Say, I could use Bearer token based approach. This would protect the resources behind this function from unauthorized access.

但是，由于该功能在全球范围内可用，因此坏人仍然可以对其进行DDoS处理.如果攻击强度不及Google的防御能力，则我的职能/服务可能仍会做出响应.很好但是，我不想为我未授权访问该函数的用户进行的那些函数调用付费.(因为计费是按函数调用的次数计费的). 这就是为什么在我负责收费之前，了解Google Cloud Functions是否检测到DDoS攻击并启用对策对我来说很重要.

However, since the function is available globally, it can still be DDoS-ed by a bad guy. If the attack is not as strong as Google's defence, my function/service may still be responsive. This is good. However, I don't want to pay for those function calls made by the party I didn't authorize to access the function. (Since the billing is per number of function invocations). That's why it's important for me to know whether Google Cloud Functions detect DDoS attacks and enable counter-measures before I'm being responsible for charges.

推荐答案

我已向google-cloud支持小组发送了一封电子邮件，内容涉及云功能以及它们是否受到DDoS攻击保护.我已经收到工程团队的答复(截至2018年4月4日):

I have sent an email to google-cloud support, regarding cloud functions and whether they were protected against DDoS attacks. I have received this answer from the engineering team (as of 4th of April 2018):

Cloud Functions位于Google前端的后面，可缓解和吸收许多第4层及以下层的攻击，例如SYN泛洪，IP片段泛洪，端口耗尽等.

Cloud Functions sits behind the Google Front End which mitigates and absorbs many Layer 4 and below attacks, such as SYN floods, IP fragment floods, port exhaustion, etc.

这篇关于是否可以保护Google Cloud Functions免受DDoS攻击?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！