SlideShare ist ein Scribd-Unternehmen logo
1 von 13
Downloaden Sie, um offline zu lesen
PAGE
1
DEVOPS INDONESIA
PAGE
1
DEVOPS INDONESIA
Didiet Agus Pambudiono
DevOps Engineer PT. Gits Indonesia
Jakarta, 8 Desember 2021
Secure your Application with Google Cloud Armor
PAGE
2
DEVOPS INDONESIA
About Me :
● DevOps Engineer PT. Gits Indonesia
● Member of openSUSE Project, openSUSE-ID, KLAS,
Kubernetes-Id etc
● Cloud Enthusiast
● Contact me :
− didiet@gits.id
− pambudiono@opensuse.org
− pambudiono.os@gmail.com
PAGE
3
DEVOPS INDONESIA
Agenda :
● Introduction
● Network Security Overview
● Cloud Armor
● WAF & DDoS
● Protecting your applications
PAGE
4
DEVOPS INDONESIA
Introduction
Why WAF?
● Protecting business
● Protection against common attack types
● Easy maintenance
● Protect sensitive data
● Complements other security tools
PAGE
5
DEVOPS INDONESIA
Network Security Overview
PAGE
6
DEVOPS INDONESIA
Network Security Overview
PAGE
7
DEVOPS INDONESIA
Network Security Overview
Denial of service attacks
● Infrastructure DDoS attacks
Volumetric/protocol attacks, attempt to saturate bandwidth and overwhelm your app
○ TCP SYN Floods, DNS/NTP/other Amplification attacks IP fragmentation etc
● Application-aware-attacks
Exploit application weakness
○ Slowloris, Cross-Site Scripting, SQL Injection
● Multivector attacks :
Attacker uses two or more attack vectors together
PAGE
8
DEVOPS INDONESIA
Cloud Armor
● Help protect your applications and websites against denial of service and
web attacks.
● Benefit from DDoS protection and WAF at Google scale
● Detect and mitigate attacks against your Cloud Load Balancing workloads
● Adaptive Protection (Preview) ML-based mechanism to help detect and
block Layer 7 DDoS attacks
● Mitigate OWASP Top 10 risks and help protect workloads on-premises or in
the cloud
● Bot management to stop fraud at the edge through native integration with
reCAPTCHA Enterprise
PAGE
9
DEVOPS INDONESIA
Cloud Armor
● Help protect your applications and websites against denial of service and
web attacks.
● Benefit from DDoS protection and WAF at Google scale
● Detect and mitigate attacks against your Cloud Load Balancing workloads
● Adaptive Protection (Preview) ML-based mechanism to help detect and
block Layer 7 DDoS attacks
● Mitigate OWASP Top 10 risks and help protect workloads on-premises or in
the cloud
● Bot management to stop fraud at the edge through native integration with
reCAPTCHA Enterprise
PAGE
10
DEVOPS INDONESIA
Cloud Armor
PAGE
11
DEVOPS INDONESIA
Cloud Armor
PAGE
12
DEVOPS INDONESIA
Cloud Armor Use Case
● You have the potential to enable access for all of the users who have specific IP addresses,
as per your list of allowance.
● You can prefer to block access for all of the select users who possess the specific IP
addresses, as per your list of denial.
● With the WAF rules, you can protect your application deployments against layer attacks.
● You can seek a defense system for the DDoS attacks and also implement layer seven
monitoring.
● Cloud Armor can address issues such as Local File Inclusion, Remote File Inclusion, SQL
Injection, Cross-Site Scripting, and Remote Code Execution.
PAGE
13
DEVOPS INDONESIA
DEMO ?

Weitere ähnliche Inhalte

Was ist angesagt?

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...SlideTeam
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAmazon Web Services
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
2 Modern Security - Microsoft Information Protection
2   Modern Security - Microsoft Information Protection2   Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeCI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeAmazon Web Services
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standardarnaudlh
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudPredica Group
 

Was ist angesagt? (20)

Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
 
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Aligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWSAligning to the NIST Cybersecurity Framework in the AWS
Aligning to the NIST Cybersecurity Framework in the AWS
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
2 Modern Security - Microsoft Information Protection
2   Modern Security - Microsoft Information Protection2   Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection
 
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
Observability for Modern Applications (CON306-R1) - AWS re:Invent 2018
 
AWS Well-Architected Workshop
AWS Well-Architected WorkshopAWS Well-Architected Workshop
AWS Well-Architected Workshop
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeCI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CD
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
 

Ähnlich wie Secure your Application with Google cloud armor

DDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileDDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileAngelo Corsaro
 
Filling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyFilling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyCloudflare
 
Cloud Computing - Critical Areas of Focus
Cloud Computing - Critical Areas of FocusCloud Computing - Critical Areas of Focus
Cloud Computing - Critical Areas of FocusHerwono W. Wijaya
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
Twelve Factor App With Lagom
Twelve Factor App With LagomTwelve Factor App With Lagom
Twelve Factor App With LagomKnoldus Inc.
 
Session 3: Windows Azure Platform as a Service (PaaS)
Session 3: Windows Azure Platform as a Service (PaaS)Session 3: Windows Azure Platform as a Service (PaaS)
Session 3: Windows Azure Platform as a Service (PaaS)Digicomp Academy AG
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyCloudflare
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
 
Implementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsImplementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsTechWell
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesCloudflare
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
Adsg presentation en
Adsg presentation enAdsg presentation en
Adsg presentation enCui Jin
 
The Advent of Serverless Technologies
The Advent of Serverless TechnologiesThe Advent of Serverless Technologies
The Advent of Serverless TechnologiesCloudflare
 
Introduction to CloudHub 2.0
Introduction to CloudHub 2.0Introduction to CloudHub 2.0
Introduction to CloudHub 2.0NeerajKumar1965
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...MazeBolt Technologies
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxssuserea0dfe
 

Ähnlich wie Secure your Application with Google cloud armor (20)

DDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice MobileDDS + Android = OpenSplice Mobile
DDS + Android = OpenSplice Mobile
 
Filling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation StrategyFilling the Gaps in Your DDoS Mitigation Strategy
Filling the Gaps in Your DDoS Mitigation Strategy
 
Cloud Computing - Critical Areas of Focus
Cloud Computing - Critical Areas of FocusCloud Computing - Critical Areas of Focus
Cloud Computing - Critical Areas of Focus
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015
 
5.cloudsecurity
5.cloudsecurity5.cloudsecurity
5.cloudsecurity
 
Twelve Factor App With Lagom
Twelve Factor App With LagomTwelve Factor App With Lagom
Twelve Factor App With Lagom
 
Session 3: Windows Azure Platform as a Service (PaaS)
Session 3: Windows Azure Platform as a Service (PaaS)Session 3: Windows Azure Platform as a Service (PaaS)
Session 3: Windows Azure Platform as a Service (PaaS)
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud Journey
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 
Implementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile ProjectsImplementing Cloud-Based DevOps for Distributed Agile Projects
Implementing Cloud-Based DevOps for Distributed Agile Projects
 
Hacking DevOps
Hacking DevOpsHacking DevOps
Hacking DevOps
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)
 
Adsg presentation en
Adsg presentation enAdsg presentation en
Adsg presentation en
 
The Advent of Serverless Technologies
The Advent of Serverless TechnologiesThe Advent of Serverless Technologies
The Advent of Serverless Technologies
 
Introduction to CloudHub 2.0
Introduction to CloudHub 2.0Introduction to CloudHub 2.0
Introduction to CloudHub 2.0
 
How to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud ApplicationHow to Overcome the Challenges of Cloud Application
How to Overcome the Challenges of Cloud Application
 
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
DDoS Mitigation Training | DDoS Mitigation Guide | Learn DDoS Mitigation Conc...
 
Splendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptxSplendens Project Proposal by Slidesgo.pptx
Splendens Project Proposal by Slidesgo.pptx
 

Mehr von DevOps Indonesia

DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8sDevOps Indonesia
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systemsDevOps Indonesia
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDevOps Indonesia
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Indonesia
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49  Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49  Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS CopilotDevOps Indonesia
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously  Deploy Your CDK Application by Petra novandi barusContinuously  Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusDevOps Indonesia
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46  aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46  aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps Indonesia
 
Securing Your Database Dynamic DB Credentials
Securing Your Database  Dynamic DB CredentialsSecuring Your Database  Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsDevOps Indonesia
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsDevOps Indonesia
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingDevOps Indonesia
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsDevOps Indonesia
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoDevOps Indonesia
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingDevOps Indonesia
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsDevOps Indonesia
 
Feature Scoring in Green Field Application Development and DevOps
Feature Scoring in Green Field Application Development and DevOpsFeature Scoring in Green Field Application Development and DevOps
Feature Scoring in Green Field Application Development and DevOpsDevOps Indonesia
 

Mehr von DevOps Indonesia (20)

DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8s
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systems
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcement
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps Lifecycle
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - Announcement
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49  Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49  Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS Copilot
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously  Deploy Your CDK Application by Petra novandi barusContinuously  Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barus
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46  aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46  aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
 
Securing Your Database Dynamic DB Credentials
Securing Your Database  Dynamic DB CredentialsSecuring Your Database  Dynamic DB Credentials
Securing Your Database Dynamic DB Credentials
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - Announcement
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOps
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential Stuffing
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIs
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra Tanto
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential Stuffing
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
 
Feature Scoring in Green Field Application Development and DevOps
Feature Scoring in Green Field Application Development and DevOpsFeature Scoring in Green Field Application Development and DevOps
Feature Scoring in Green Field Application Development and DevOps
 

Kürzlich hochgeladen

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Kürzlich hochgeladen (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Secure your Application with Google cloud armor

  • 1. PAGE 1 DEVOPS INDONESIA PAGE 1 DEVOPS INDONESIA Didiet Agus Pambudiono DevOps Engineer PT. Gits Indonesia Jakarta, 8 Desember 2021 Secure your Application with Google Cloud Armor
  • 2. PAGE 2 DEVOPS INDONESIA About Me : ● DevOps Engineer PT. Gits Indonesia ● Member of openSUSE Project, openSUSE-ID, KLAS, Kubernetes-Id etc ● Cloud Enthusiast ● Contact me : − didiet@gits.id − pambudiono@opensuse.org − pambudiono.os@gmail.com
  • 3. PAGE 3 DEVOPS INDONESIA Agenda : ● Introduction ● Network Security Overview ● Cloud Armor ● WAF & DDoS ● Protecting your applications
  • 4. PAGE 4 DEVOPS INDONESIA Introduction Why WAF? ● Protecting business ● Protection against common attack types ● Easy maintenance ● Protect sensitive data ● Complements other security tools
  • 7. PAGE 7 DEVOPS INDONESIA Network Security Overview Denial of service attacks ● Infrastructure DDoS attacks Volumetric/protocol attacks, attempt to saturate bandwidth and overwhelm your app ○ TCP SYN Floods, DNS/NTP/other Amplification attacks IP fragmentation etc ● Application-aware-attacks Exploit application weakness ○ Slowloris, Cross-Site Scripting, SQL Injection ● Multivector attacks : Attacker uses two or more attack vectors together
  • 8. PAGE 8 DEVOPS INDONESIA Cloud Armor ● Help protect your applications and websites against denial of service and web attacks. ● Benefit from DDoS protection and WAF at Google scale ● Detect and mitigate attacks against your Cloud Load Balancing workloads ● Adaptive Protection (Preview) ML-based mechanism to help detect and block Layer 7 DDoS attacks ● Mitigate OWASP Top 10 risks and help protect workloads on-premises or in the cloud ● Bot management to stop fraud at the edge through native integration with reCAPTCHA Enterprise
  • 9. PAGE 9 DEVOPS INDONESIA Cloud Armor ● Help protect your applications and websites against denial of service and web attacks. ● Benefit from DDoS protection and WAF at Google scale ● Detect and mitigate attacks against your Cloud Load Balancing workloads ● Adaptive Protection (Preview) ML-based mechanism to help detect and block Layer 7 DDoS attacks ● Mitigate OWASP Top 10 risks and help protect workloads on-premises or in the cloud ● Bot management to stop fraud at the edge through native integration with reCAPTCHA Enterprise
  • 12. PAGE 12 DEVOPS INDONESIA Cloud Armor Use Case ● You have the potential to enable access for all of the users who have specific IP addresses, as per your list of allowance. ● You can prefer to block access for all of the select users who possess the specific IP addresses, as per your list of denial. ● With the WAF rules, you can protect your application deployments against layer attacks. ● You can seek a defense system for the DDoS attacks and also implement layer seven monitoring. ● Cloud Armor can address issues such as Local File Inclusion, Remote File Inclusion, SQL Injection, Cross-Site Scripting, and Remote Code Execution.