Add malicious traffic protections doc #2430
Conversation
add note on CDN protection against traffic surges revise section on AWS rules
|
|
||
| Furthermore, since cloud.gov is a multi-tenant platform, it experiences a variety of malicious traffic as attackers target specific customers hosted on the platform. | ||
|
|
||
| In order to mitigate these ongoing attacks to keep our customers' applications secure and online, cloud.gov includes a number of protections built-in to the platform. |
There was a problem hiding this comment.
I like this sentence because it focuses on the customer impact. What do you think about re-working the previous two paragraphs to also be from the customer point of view, instead of the platform point of view? We could explain that as a provider, we observe more diverse and frequent attacks than any single application team could see themselves, and because of this, we build strong tools to mitigate them. We could also mention that our mitigations are intended to not only protect individual tenants from attack, but also from being affected by high volumes of traffic going to other customers on the platform.
There was a problem hiding this comment.
How about 9f379ca ?
|
I like this. I don't want the perfect to be the enemy of the good, so I think we can publish as-is. If we have capacity, it would be good to match this up with
|
I'm not sure how this would link up with those. But personally, I also find the diagrams at diagrams.fr.cloud.gov completely unintuitive and not something I'd generally want to surface for customers. If we did need/want some diagram for this article, I'd rather implement them in Mermaid for maintainability and intelligibility
I tend to agree with this and it could be a follow-up PR
We can nudge all we want, but I think the better approach here will be updating the external-domain-service to drop the non-CDN option altogether and giving people no choice |
|
FWIW I think the diagrams.fr.cloud.gov diagrams are written in Mermaid — but I agree that they're unintuitive, and I think it's because they're either too high-level for the amount of detail they contain, or too detailed for a high-level view of the system. (I think it's the latter.) (But I digress.) |
|
All my concerns are addressed. @jameshochadel ? |
Co-authored-by: James Hochadel <[email protected]>
Closes https://github.com/cloud-gov/private/issues/882
Changes proposed in this pull request:
Security Considerations
This document outlines the protections against malicious traffic built-in to the platform