{"id":1235,"date":"2012-12-02T23:01:48","date_gmt":"2012-12-02T22:01:48","guid":{"rendered":"http:\/\/www.laurentbourrelly.com\/blog\/?p=1235"},"modified":"2017-09-20T18:25:06","modified_gmt":"2017-09-20T16:25:06","slug":"test-securite-google-dirt-par-les-sre","status":"publish","type":"post","link":"https:\/\/www.laurentbourrelly.com\/blog\/1235.php","title":{"rendered":"Test s\u00e9curit\u00e9 Google DiRT par les SRE"},"content":{"rendered":"<p><a href=\"https:\/\/www.laurentbourrelly.com\/blog\/wp-content\/uploads\/2012\/12\/google-dirt.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-1236\" style=\"border: 0px; margin: 0px 10px;\" title=\"Programme Google DiRT du SRE\" src=\"https:\/\/www.laurentbourrelly.com\/blog\/wp-content\/uploads\/2012\/12\/google-dirt.png\" alt=\"\" width=\"162\" height=\"108\" \/><\/a>Les SRE (Site Reliability Engineers) sont en charge la bonne sant\u00e9 de Google.<\/p>\n<p>Pour se pr\u00e9parer aux probl\u00e8mes \u00e9ventuels, ils organisent des tests appel\u00e9s DiRT (Disaster Recovery Testing).<\/p>\n<p>Ces sc\u00e9narios de fausses attaques ont pour objectif d&rsquo;assurer que les services et op\u00e9rations de Google continuent de fonctionner \u00a0apr\u00e8s un d\u00e9sastre.<!--more--><\/p>\n<p>C&rsquo;est un voyage dans un <a href=\"https:\/\/www.wired.com\/2012\/10\/ff-inside-google-data-center\/\">DataCenter Google<\/a> qui nous apprend l&rsquo;existence du programme DiRT.<\/p>\n<p>J&rsquo;avais d\u00e9j\u00e0 entendu parler des <a href=\"http:\/\/dejanseo.com.au\/research\/google\/32583.pdf \">Google SRE<\/a>, en tombant sur une <a href=\"http:\/\/www.techspot.com\/news\/40280-google-fired-employees-for-breaching-user-privacy.html\">actu un peu glauque<\/a>.<\/p>\n<p>Quand on sait l&rsquo;importance d&rsquo;un bon sysadmin pour infog\u00e9rer nos serveurs, c&rsquo;est int\u00e9ressant de regarder comment Google se pr\u00e9occupe de sa s\u00e9curit\u00e9.<br \/>\nLes ing\u00e9nieurs de l&rsquo;\u00e9quipe SRE sont comme l&rsquo;\u00e9quipe du stand d&rsquo;une Formule 1.<br \/>\nIl para\u00eet m\u00eame qu&rsquo;ils portent des vestes super cools avec un insigne d&rsquo;inspiration militaire.<\/p>\n<h1>Le programme DiRT<\/h1>\n<p>C&rsquo;est int\u00e9ressant de savoir que Google sait encore apprendre de ses erreurs.<br \/>\nLa culture de l&rsquo;\u00e9chec \u00e9tait l&rsquo;ADN de la soci\u00e9t\u00e9, mais je pensais que ces valeurs \u00e9taient \u00e9clips\u00e9es depuis la volont\u00e9 de pousser artificiellement Google +, au lieu de passer \u00e0 autre chose comme avec Buzz ou Wave.<\/p>\n<p>Le programme DiRT est con\u00e7u pour mettre en p\u00e9ril Google. La plupart des entreprises n&rsquo;ont pas cette vision d&rsquo;anticiper que le pire puisse arriver. L&rsquo;<a href=\"http:\/\/static.googleusercontent.com\/external_content\/untrusted_dlcp\/www.google.com\/fr\/\/appsstatus\/ir\/pest1mpoudq2q5h.pdf\">incident Gmail<\/a> du 17 avril 2012 est un exemple r\u00e9cent.<\/p>\n<p>Une fois par an, le programme va attaquer Google, dans un recoin qui ne l&rsquo;attend pas. L&rsquo;exercice d\u00e9marre toujours sur un spectre limit\u00e9, puis s&rsquo;\u00e9tend lorsque l&rsquo;utilit\u00e9 est prouv\u00e9e.<\/p>\n<p>Des tests DiRT ont \u00e9prouv\u00e9 la simple coupure \u00e9lectrique de serveurs, jusqu&rsquo;\u00e0 simuler un tremblement de terre. Ce dernier a permis d&rsquo;identifier des failles dans les m\u00e9canismes de basculement.<br \/>\nLes sc\u00e9narios peuvent s&rsquo;attarder sur des services pr\u00e9cis, mais va \u00e9galement traiter des failles dans de multiples syst\u00e8mes en parall\u00e8le. Cela permet d&rsquo;identifier l&rsquo;interd\u00e9pendance et d&rsquo;incorporer diverses branches de l&rsquo;entreprise.<\/p>\n<p>DiRT a m\u00eame hack\u00e9 la caf\u00e9t\u00e9ria, lorsque les employ\u00e9s ont d\u00e9cid\u00e9 d&rsquo;aller boire un coup, apr\u00e8s le faux tremblement de terre qui avait \u00e9teint leur ordinateur.<\/p>\n<h3>Inspiration<\/h3>\n<p>J&rsquo;ai \u00e9t\u00e9 impressionn\u00e9 par l&rsquo;\u00e9tendue du programme. C&rsquo;est couteux et risqu\u00e9, mais une entreprise de cette ampleur va forc\u00e9ment b\u00e9n\u00e9ficier de l&rsquo;exp\u00e9rience.<br \/>\nEn tant qu&rsquo;utilisateur, je suis rassur\u00e9 par l&rsquo;attitude de Google \u00e0 propos de la s\u00e9curit\u00e9. Je n&rsquo;ai pas confiance, mais c&rsquo;est bien d&rsquo;apprendre que la mise en p\u00e9ril est prise en compte dans la mentalit\u00e9 des personnes qui veillent sur nos donn\u00e9es et les fabuleux services qui vont avec.<\/p>\n<p>Sur le plan personnel j&rsquo;ai un peu oubli\u00e9 ce r\u00e9flexe, qui \u00e9tait pourtant mon leitmotiv, lorsque mes revenus d\u00e9pendaient de syst\u00e8mes type PPC ou affiliation. Pourtant, j&rsquo;avais toujours un plan pour palier \u00e0 un d\u00e9sastre.<\/p>\n<p>En tant que r\u00e9f\u00e9renceur, nous devons avoir une vision claire de la gestion des risques.\u00a0C&rsquo;est quelque chose de primordial pour assurer la l\u00e9gitimit\u00e9 et p\u00e9rennit\u00e9 d&rsquo;une strat\u00e9gie de visibilit\u00e9 sur Internet.<\/p>\n<p>Merci Google de m&rsquo;avoir rappel\u00e9 une bonne le\u00e7on.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Les SRE (Site Reliability Engineers) sont en charge la bonne sant\u00e9 de Google. Pour se pr\u00e9parer aux probl\u00e8mes \u00e9ventuels, ils organisent des tests appel\u00e9s DiRT (Disaster Recovery Testing). Ces sc\u00e9narios de fausses attaques ont pour objectif d&rsquo;assurer que les services et op\u00e9rations de Google continuent de fonctionner \u00a0apr\u00e8s un d\u00e9sastre.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[8],"tags":[202],"class_list":["post-1235","post","type-post","status-publish","format-standard","hentry","category-moteurs-de-recherche","tag-google"],"_links":{"self":[{"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/posts\/1235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/comments?post=1235"}],"version-history":[{"count":2,"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/posts\/1235\/revisions"}],"predecessor-version":[{"id":54595,"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/posts\/1235\/revisions\/54595"}],"wp:attachment":[{"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/media?parent=1235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/categories?post=1235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurentbourrelly.com\/blog\/wp-json\/wp\/v2\/tags?post=1235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}