安全
Summary
TLDRGoogle prioritizes security across its services, with nine boasting over a billion users. Their security infrastructure is layered, starting with custom-designed hardware and secure boot processes in data centers with stringent physical access controls. They encrypt inter-service communication and enhance user identity verification. Storage services apply encryption at rest, while internet-facing services use Google Front End for secure TLS connections and DoS protection. Operational security includes intrusion detection, insider risk reduction, mandatory U2F for employees, and strict software development practices, including a Vulnerability Rewards Program.
Takeaways
- 🔐 Google prioritizes security with nine of its services having over one billion users, ensuring robust security measures are in place.
- 🏢 The security infrastructure at Google is layered, starting from physical data center security to operational security processes.
- 🛠️ Google designs custom hardware including server boards, networking equipment, and a hardware security chip for enhanced security.
- 🔑 A secure boot stack is used on Google servers, incorporating cryptographic signatures for the BIOS, bootloader, kernel, and OS image.
- 🏛️ Google's data centers are designed with multiple physical security layers, and access is highly restricted to a select few employees.
- 🔒 Service deployment layer features encryption of inter-service communication, ensuring privacy and integrity across Google's infrastructure.
- 👤 Google's identity service goes beyond basic authentication, challenging users based on risk factors and supporting U2F for secondary authentication.
- 💾 Storage services layer includes encryption at rest, with centrally managed keys and hardware encryption support for drives and SSDs.
- 🌐 Internet communication layer involves Google Front End service for secure TLS connections and protection against Denial of Service attacks.
- 🛡️ Google's Operational security layer includes intrusion detection, insider risk reduction, mandatory U2F for employees, and stringent software development practices.
- 💰 Google offers a Vulnerability Rewards Program, incentivizing the discovery and disclosure of security bugs in their infrastructure.
Q & A
What is the significance of security in Google’s infrastructure?
-Security is a top priority for Google, especially given that nine of its services have over a billion users each. This focus on security is reflected in every aspect of its infrastructure, from the physical data centers to the software and hardware design.
How does Google ensure the physical security of its data centers?
-Google designs and builds its own data centers, incorporating multiple layers of physical security protections. Access to these data centers is highly restricted to a small number of employees, and even in third-party data centers, Google implements additional physical security measures.
What role do custom-designed hardware and chips play in Google’s security strategy?
-Google custom-designs its server boards, networking equipment, and hardware security chips. These custom components enhance security by ensuring that hardware is optimized for Google’s specific needs and is less vulnerable to external threats.
What is the purpose of Google’s secure boot stack?
-The secure boot stack ensures that Google’s server machines are booting the correct software stack by using technologies like cryptographic signatures over the BIOS, bootloader, kernel, and base operating system image.
How does Google secure inter-service communication within its infrastructure?
-Google secures inter-service communication by providing cryptographic privacy and integrity for remote procedure call (RPC) data on the network. All infrastructure RPC traffic that goes between data centers is automatically encrypted, and Google is deploying hardware cryptographic accelerators to extend this encryption to all infrastructure RPC traffic inside its data centers.
What features does Google’s central identity service provide to enhance user security?
-Google’s central identity service goes beyond simple username and password authentication by challenging users based on risk factors like device and location. It also supports secondary authentication factors, including devices based on the Universal 2nd Factor (U2F) standard.
How does Google implement encryption at rest for its storage services?
-Google applies encryption at rest using centrally managed keys at the storage services layer. Additionally, Google enables hardware encryption support in hard drives and SSDs to further secure stored data.
What is the Google Front End (GFE), and how does it contribute to internet communication security?
-The Google Front End (GFE) is an infrastructure service that ensures all TLS connections are ended using a public-private key pair and an X.509 certificate from a Certified Authority (CA). It also applies protections against Denial of Service (DoS) attacks, contributing to the security of Google services available on the internet.
How does Google detect and respond to potential security incidents?
-Google uses rules and machine intelligence for intrusion detection, providing operational security teams with warnings of possible incidents. Additionally, Google conducts Red Team exercises to improve the effectiveness of its detection and response mechanisms.
What measures does Google take to reduce insider risk within its infrastructure?
-Google limits and actively monitors the activities of employees with administrative access. It also requires the use of U2F-compatible Security Keys for employee accounts to guard against phishing attacks.
Outlines
🔐 Google's Multi-Layered Security Infrastructure
Google prioritizes security across its services, with nine of them boasting over a billion users each. The security infrastructure is layered, starting with the physical security of data centers, which are custom-designed and built by Google, ensuring only a select few employees have access. Google also uses custom hardware, including a hardware security chip, and implements a secure boot stack with cryptographic signatures to prevent unauthorized software execution. The Service deployment layer focuses on encrypting inter-service communication, with Google's infrastructure automatically encrypting all RPC traffic. The User identity layer enhances security with intelligent challenges and secondary factors like U2F. Storage services are secured with encryption at rest, and internet communication is safeguarded with Google Front End's TLS connections and DoS protection. The Operational security layer includes intrusion detection, insider risk reduction, mandatory U2F for employees, and stringent software development practices, such as central source control and a Vulnerability Rewards Program.
🛠️ Robust Software Development Practices at Google
Google enforces rigorous software development practices to bolster security. Central source control is mandatory, and all new code undergoes a two-party review process to ensure quality and safety. Developers have access to libraries designed to prevent common security vulnerabilities. Additionally, Google operates a Vulnerability Rewards Program, where it offers compensation for discovering and reporting bugs in its infrastructure or applications. These practices contribute to the robust security posture of Google's services and infrastructure.
Mindmap
Keywords
💡Security Infrastructure
💡Hardware Security
💡Secure Boot Stack
💡Premises Security
💡Service Deployment
💡User Identity
💡Encryption at Rest
💡Google Front End (GFE)
💡Denial of Service (DoS) Protection
💡Operational Security
💡Vulnerability Rewards Program
Highlights
Nine of Google’s services have more than one billion users each, emphasizing the importance of security.
Google Cloud and Google services run on infrastructure with a pervasive design for security.
Security infrastructure at Google is explained in progressive layers, starting from physical security.
Google custom-designs server boards, networking equipment, and hardware security chips for data centers.
Google uses secure boot stack technologies, including cryptographic signatures over BIOS, bootloader, kernel, and OS image.
Premises security includes Google-designed data centers with multiple layers of physical security protections.
Access to Google data centers is limited to a very small number of employees, ensuring tight control.
Google ensures Google-controlled physical security measures in third-party data centers.
Encryption of inter-service communication is a key feature in the Service deployment layer.
Google’s infrastructure automatically encrypts all RPC traffic between data centers.
Google login page goes beyond username and password, challenging users based on risk factors.
Users can employ secondary factors like U2F for signing in, enhancing security.
Encryption at rest is applied in storage services with centrally managed keys and hardware encryption support.
Google Front End ensures all TLS connections use public-private key pairs and X.509 certificates from a CA.
Google’s infrastructure can absorb many DoS attacks due to its scale and has multi-tier DoS protections.
Operational security includes intrusion detection with rules and machine intelligence.
Google limits and actively monitors the activities of employees with administrative access.
Employee accounts require use of U2F-compatible Security Keys to guard against phishing attacks.
Google enforces stringent software development practices, including central source control and two-party review of new code.
Google runs a Vulnerability Rewards Program, paying for the discovery and reporting of bugs in infrastructure or applications.
Transcripts
Nine of Google’s services have more than one billion users each, and so you can be
assured that security is always on the minds of Google's employees.
Design for security is prevalent throughout the infrastructure that Google Cloud and Google
services run on.
Let's talk about a few ways Google works to keep customers' data safe.
The security infrastructure can be explained in progressive layers, starting from the physical
security of our data centers, continuing on to how the hardware and software that underlie
the infrastructure are secured, and finally, describing the technical constraints and processes
in place to support operational security.
We begin with the Hardware infrastructure layer which comprises three key security features:
The first is hardware design and provenance.
Both the server boards and the networking equipment in Google data centers are custom-designed
by Google.
Google also designs custom chips, including a hardware security chip that's currently
being deployed on both servers and peripherals.
The next feature is a secure boot stack.
Google server machines use a variety of technologies to ensure that they are booting the correct
software stack, such as cryptographic signatures over the BIOS, bootloader, kernel, and base
operating system image.
This layer's final feature is premises security.
Google designs and builds its own data centers, which incorporate multiple layers of physical
security protections.
Access to these data centers is limited to only a very small number of Google employees.
Google additionally hosts some servers in third-party data centers, where we ensure
that there are Google-controlled physical security measures on top of the security layers
provided by the data center operator.
Next is the Service deployment layer, where the key feature is encryption of inter-service
communication.
Google’s infrastructure provides cryptographic privacy and integrity for remote procedure
call (“RPC”) data on the network.
Google’s services communicate with each other using RPC calls.
The infrastructure automatically encrypts all infrastructure RPC traffic that goes between
data centers.
Google has started to deploy hardware cryptographic accelerators that will allow it to extend
this default encryption to all infrastructure RPC traffic inside Google data centers.
Then we have the User identity layer.
Google’s central identity service, which usually manifests to end users as the Google
login page, goes beyond asking for a simple username and password.
The service also intelligently challenges users for additional information based on
risk factors such as whether they have logged in from the same device or a similar location
in the past.
Users can also employ secondary factors when signing in, including devices based on the
Universal 2nd Factor (U2F) open standard.
On the Storage services layer we find the encryption at rest security feature.
Most applications at Google access physical storage (in other words, “file storage”)
indirectly via storage services, and encryption using centrally managed keys is applied at
the layer of these storage services.
Google also enables hardware encryption support in hard drives and SSDs.
The next layer up is the Internet communication layer, and this comprises two key security
features.
Google services that are being made available on the internet, register themselves with
an infrastructure service called the Google Front End, which ensures that all TLS connections
are ended using a public-private key pair and an X.509 certificate from a Certified
Authority (CA), as well as following best practices such as supporting perfect forward
secrecy.
The GFE additionally applies protections against Denial of Service attacks.
Also provided is Denial of Service (“DoS”) protection.
The sheer scale of its infrastructure enables Google to simply absorb many DoS attacks.
Google also has multi-tier, multi-layer DoS protections that further reduce the risk of
any DoS impact on a service running behind a GFE.
The final layer is Google's Operational security layer which provides four key features.
First is intrusion detection.
Rules and machine intelligence give Google’s operational security teams warnings of possible
incidents.
Google conducts Red Team exercises to measure and improve the effectiveness of its detection
and response mechanisms.
Next is reducing insider risk.
Google aggressively limits and actively monitors the activities of employees who have been
granted administrative access to the infrastructure.
Then there’s employee U2F use.
To guard against phishing attacks against Google employees, employee accounts require
use of U2F-compatible Security Keys.
Finally, there are stringent software development practices.
Google employs central source control and requires two-party review of new code.
Google also provides its developers libraries that prevent them from introducing certain
classes of security bugs.
Additionally, Google runs a Vulnerability Rewards Program where we pay anyone who is
able to discover and inform us of bugs in our infrastructure or applications.
You can learn more about Google’s technical-infrastructure security at cloud.google.com/security/security-design.
Weitere ähnliche Videos ansehen
5.0 / 5 (0 votes)