What measures does google cloud take to protect the instances from IP spoofing ??

[sumit kumar]

I am running my server on google app engine and i have all of my services (e.g MongoDB, Redis, Elasticsearch) are deployed on compute engine. Now i wanted to connect my compute engineinstances from App engine only that's why i deleted all of my firewall rules of my compute engineswhich were connecting them from external ip's, now only the instances that are within the internal network of my google cloud project can connect to themselves, now i am just wondering about IP spoofing that as nobody from outside my internal network can connect to my instances now can they fake their ip by telling my firewall that their ip is the ip which any of my instance is having because if that can happen then my whole security will be breached.

Now one question does google cloud project's firewall implement any measures to secure our instances from IP Spoofing or we have to setup something in order to avoid that.

If any of you have any idea about this please enlighten me.

Thanks

[Kamran (Google Cloud Support)]

Hello Sumit,

Thank you for your good question. Please visit "Best Practices for DDoS Protection and Mitigation on Google Cloud Platform" document that describes the best practices for protecting against and mitigating such DDoS attacks for your Google Cloud Platform (GCP) deployment. The article also mentions that GCP provides anti-spoofing protection for the private network (IP addresses) by default.

I hope this helps your project.

Sincerely,

[sumit kumar]

What do you mean by private network (IPaddresses) ?? Are there any public network ??

[Kamran (Google Cloud Support)]

Hi Sumit,

It refers to private IP address ranges that are allocated to Google Compute Engine (GCE) internal networks. For more information about GCE Networking please visit this article.

Sincerely,