Shield
Shield — Network Security Platform
- *rea:*Cloud Infrastructure
- *ath:*
infra/shield - *ind:*Firewall + DDoS + IDS/IPS + WAF (unified)
Role in the stack
Shield is the unified network security platform. It replaces the pfSense + CrowdSec + Suricata + ModSecurity stack in one product: firewall management, DDoS detection and mitigation, intrusion detection/prevention, web application firewall, threat intelligence feeds, and traffic analysis. Shield runs in front of Jet on production boxes and is the first line of defense for every public Koder service.
Features
- *irewall*— Priority-based rules, zones (WANLANDMZ), NAT (SNATDNATmasquerade), CIDR matching
- *DoS Mitigation*— Real
time detection (PPSBPSconnection thresholds), automitigation - *DS/IPS*— Signature + behavioral detection
- *AF*— OWASP rule sets, custom rules
- *hreat Intelligence*— Feed ingestion and correlation
Primary couplings
| Consumer | Relationship |
|---|---|
infra/jet |
Shield filters traffic before it reaches Jet |
infra/vault |
Stores encryption keys for mitigation actions |
| `observe |