From 83c4ddf9669e32234e8d096f6d49f01a3ec00d66 Mon Sep 17 00:00:00 2001 From: mletalie Date: Tue, 2 Jan 2024 09:02:45 -0500 Subject: [PATCH] Update Firewall and DDoS protection info --- modules/sdpolicy-security.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/sdpolicy-security.adoc b/modules/sdpolicy-security.adoc index 89da764022..44083b8065 100644 --- a/modules/sdpolicy-security.adoc +++ b/modules/sdpolicy-security.adoc @@ -77,7 +77,8 @@ $ oc adm policy add-cluster-role-to-group self-provisioner system:authenticated: [id="network-security_{context}"] == Network security -With {product-title} on AWS, AWS provides a standard DDoS protection on all Load Balancers, called AWS Shield. This provides 95% protection against most commonly used level 3 and 4 attacks on all the public facing Load Balancers used for {product-title}. A 10-second timeout is added for HTTP requests coming to the haproxy router to receive a response or the connection is closed to provide additional protection. +Each {product-title} cluster is protected by a secure network configuration at the cloud infrastructure level using firewall rules (AWS Security Groups or Google Cloud Compute Engine firewall rules). {product-title} customers on AWS are also protected against DDoS attacks with link:https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html[AWS Shield Standard]. +Similarly, all GCP load balancers and public IP addresses used by {product-title} on GCP are protected against DDoS attacks with link:https://cloud.google.com/armor/docs/managed-protection-overview[Google Cloud Armor Standard]. [id="etcd-encryption_{context}"] == etcd encryption