Google Cloud Functions 是否受到 DDoS 攻击的保护? [英] Are Google Cloud Functions protected from DDoS attacks?

问题描述

据我所知，我的 Google Cloud Functions 可以在全球范围内访问.如果我想控制对它们的访问，我需要将授权作为函数本身的一部分来实现.说，我可以使用基于不记名令牌的方法.这将保护此函数背后的资源免受未经授权的访问.

As far as I understand, my Google Cloud Functions are globally accessible. If I want to control access to them, I need to implement authorization as a part of the function itself. Say, I could use Bearer token based approach. This would protect the resources behind this function from unauthorized access.

但是，由于该功能在全球范围内可用，因此它仍然可以被坏人进行 DDoS 攻击.如果攻击不如 Google 的防御那么强大，我的功能/服务可能仍会响应.这很好.但是，我不想为我未授权访问该函数的一方发出的那些函数调用付费.(因为按函数调用次数计费).这就是为什么在我负责收费之前了解 Google Cloud Functions 是否检测到 DDoS 攻击并启用反措施对我来说很重要.

However, since the function is available globally, it can still be DDoS-ed by a bad guy. If the attack is not as strong as Google's defence, my function/service may still be responsive. This is good. However, I don't want to pay for those function calls made by the party I didn't authorize to access the function. (Since the billing is per number of function invocations). That's why it's important for me to know whether Google Cloud Functions detect DDoS attacks and enable counter-measures before I'm being responsible for charges.

推荐答案

我已向 google-cloud 支持人员发送了一封电子邮件，内容涉及云功能以及它们是否受到 DDoS 攻击的保护.我已收到工程团队的答复(截至 2018 年 4 月 4 日):

I have sent an email to google-cloud support, regarding cloud functions and whether they were protected against DDoS attacks. I have received this answer from the engineering team (as of 4th of April 2018):

Cloud Functions 位于 Google 前端的后面，它减轻和吸收了许多第 4 层及以下的攻击，例如 SYN 泛洪、IP 片段泛洪、端口耗尽等.

Cloud Functions sits behind the Google Front End which mitigates and absorbs many Layer 4 and below attacks, such as SYN floods, IP fragment floods, port exhaustion, etc.

这篇关于Google Cloud Functions 是否受到 DDoS 攻击的保护?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！