Protect alligators in Google data centers

Google protects its servers with its own special chip

Over the years, Google has developed a lot of know-how with regard to the operation and protection of its own server infrastructure. As part of the "Google Infrastructure Security Design Overview", the company is now for the first time giving a detailed insight into the measures that can be taken to protect against attackers and any form of espionage.

hardware

In addition to a wealth of sophisticated policies, one point stands out above all: Google now uses its own security chips to clearly identify and authenticate its servers. The company does not give any details, but heise speculates that it might be a kind of Trusted Platform Module that uses a cryptographic key to ensure the authenticity of the hardware.

Signatures

The aim is to ensure that no third-party hardware can be smuggled into the data centers. However, this chip has apparently not yet been used consistently. But other systems also have multiple levels of protection that are supposed to ensure the integrity of the running software. This includes everything from the BIOS to the boot loader to the kernel and operating system being digitally signed.

Monitoring

But it is also worth taking a look at the document. Does Google go into it, for example, about how the data is encrypted locally - and application-specifically - and how the internal data exchange is protected. It is also revealed that all employees can only authenticate themselves to the internal systems in combination with their own U2F hardware key, and that there is a sophisticated rights system and ongoing monitoring.

For certain tasks, the consent of at least two Google employees is generally required. In addition, there are separate teams whose only task is to find gaps in these security measures. (apo, January 18, 2017)