The ABCs of preventing and mitigating DDoS attacks

The ubiquity of remote learning platforms has put educational institutions squarely in hackers' crosshairs. Here's how to protect your network.
Barrett Lyon is co-founder and CEO of Netography.

It wasn’t that long ago that kids looking to get out of a big test or fessing up to the fact that they didn’t have their homework ready to turn in might have pulled the fire alarm to cause total disruption and maybe, if luck was on their side, an early dismissal.

But in 2020, many classrooms are virtual, and there’s a new fire alarm to take down learning platforms. Distributed Denial of Service (DDoS) attacks, where a target and/or its nearby infrastructure is overwhelmed with internet traffic, are proving just as adept in getting students out of classwork and potentially earning the perpetrator (or perpetrators) a sizable ransom.

Bueller, Bueller

Last month’s arrest of a Miami Dade school student is just one such example of a student-initiated DDoS attack – and it’s going to get worse if history is any predictor. Attackers, likely students at the moment, can easily shut down learning platforms or just as easily find a teacher’s IP address to take that instructor’s computer offline. Add to that the fact that in many local communities everyone uses a single internet provider (think Comcast or another smaller provider), and it’s not too difficult to envision the chaos if that falls, too.

Now, with the onslaught of low-security distance learning platforms being implemented, coupled with educators using their “security soft” home networks, it’s a recipe for mischief and e-learning disaster, impacting institution levels from elementary to graduate schools. Schools are now facing the same types of threats and attacks that enterprises have, but unlike businesses, the sudden switch to new technologies means they may not be as secure as their business brethren.


Related: 6 tips to prevent school district ransomware attacks

The switch to remote learning has shone a light on the problems already created by tight IT budgets and while there’s no going back, there are steps school IT teams can — and should — be taking to secure their classrooms beyond the four walls of their school buildings.

DDoS attacks are unique and require someone who not only knows how to respond but is available to respond whenever they occur. That means not just during classroom hours but on weekends, school breaks, and the wee hours of the morning. It’s also critical that all third-party vendor agreements are updated and that contact information, especially for your internet service provider (ISP), is at-hand.

While both learning platforms and school networks are vulnerable to DDoS attacks, the need to protect the network becomes more critical for institutions of higher learning. Regardless of whether schools are teaching the ABCs or offering MBAs and PhDs, IT teams should leverage platforms such as Google and its Google Cloud Armor, in order to provide a more robust service layer.

Related: DA Technology Leadership Academy boosts CIO role

Perhaps most critically, make sure that your institution has a robust and comprehensive security solution. There are a handful of solutions on the market so be sure you do your homework and choose one that provides the following:

  • A real-time approach. You need to know what’s going on at the moment it happens, not after your network has been overwhelmed. Look for a solution that leverages your routing equipment and current bandwidth to automatically remediate and lessen the cost and impact of a DDoS attack.
  • Early threat detection. The best defense is a good offense and early warnings are among the best ways to prevent a full-on attack. You want a solution that is continuously monitoring your website traffic in order to detect potentially harmful patterns and block them before they have the chance to do damage. The right system should be capable of detecting and remediating a variety of attacks before you ever reach the point of shutting down.
  • Easy to implement. In order for a solution to work effectively, it needs to be easy-to-use and cost-effective to implement. Solutions that are complicated or require too much onboarding pave the way for shadow IT, and ultimately, a security breach. Look for a solution that integrates easily with your existing ISP to send BGP/flowspec announcements to vendors upstream — you want traffic blocked before it has the chance to overwhelm your network.
  • All clear ahead. You can’t protect against what you can’t see. Whatever solution you choose should provide a single-pane view into traffic flow and assets across the entire network.

Barrett Lyon’s experience and successes have led to collaboration with Tier 1 and Tier 2 carriers, as well as national security agencies in North America and Europe to mitigate and track hundreds of DDoS attacks. He holds multiple technology patents and is a pivotal subject in the best-selling cybersecurity book, Fatal System Error.

Most Popular