Google has announced a new firewall feature for app developers and administrators using Google’s Cloud Platform. Developers can now allow or block access to specific IP addresses by writing rules that outline how the firewall will function. The new feature can help developers prevent hackers, specific networks, or accidental users from accessing their app. Conversely, developers can give certain IP addresses access when they see fit.
Google firewall operates according to specific rules created by developers. These rules are composed of a number of parameters. Developers first designate whether the affected address or network will be incoming (ingress) or outgoing (egress). Then, they must determine the exact source of the connection, either a single IP address or a known network. The developer would establish parameters describing what kind of connection would be blocked or allowed access. The connection could be blocked under any circumstance or allowed in if it passes a series of tests. Finally, the connection must be given a relative priority, which determines the order in which each rule is evaluated. A connection is affected, naturally, by the first rule that it applies to.
For example, a developer could block all incoming access excepting their own IP address. They could allow a given geographic region blanket access. Or they could simply expel a pesky hacker. They could modify a connection’s priority, making it the first in or out. Or the connection could only be allowed in after higher-priority addresses have been given access. In theory, a developer could build an entire stage of firewall tests which would screen all incoming and outgoing connections for certain parameters.
The rules themselves are testable and can run from simple single-IP blocks to complex, multi-IP contracts that allow or block access depending on narrowly defined factors and prerequisites. The firewall is simple in design but infinitely complex in execution. Firewall rules, which inherently bend to the will of their creators, can perform as many or as few functions as needed.
At its core, the firewall relieves developers from writing layered security into the apps themselves. The firewall feature is still in beta, so Google does not recommend using it during vulnerable testing periods. But once it has been more thoroughly tested, developers could conceivably preempt access to their app before testing sensitive protocols and actions.
The Google firewall program is entering the fray with a few competitors, including Amazon and Azure. Google’s design is essentially the same, with developer-written rules and parameters. But Google’s vast presence on the app development scene should bring a much needed security measure to an already sensitive process.