Knowledge HubTM
How your school can reduce the chance of DDoS attacks
- Date Posted:
- Written by: Exa Networks
From time to time, schools are the target of Distributed Denial Of Service (DDoS) attacks. Whilst internet service providers can help mitigate these attacks quickly, when they occur they can cause major and long term disruption to a school’s internet connection.
What is a DDoS attack?
A DDoS attack is an assault on a network that works by overwhelming the target, a resource or a connection with large amounts of internet traffic or requests – more than the system can handle.
The effect of this traffic? It uses up all available resources to deal with these requests, leaving users unable to establish use of the service. This sudden increase in traffic can also cause web servers to crash.
Imagine your internet connection as a letterbox, if your postman delivers one or two letters consistently this would cause no problems (other than you’d have a lot of letters to open). Now imagine lots of unknown people trying to put hundreds of letters through simultaneously; nothing would get through the now jammed letterbox, and your trusted postman would be unable to deliver your valid mail. This is, in essence, what happens when an attack occurs.
For a DDoS attack to take place, a hacker typically gains control of a network of machines. These computers, or devices, are infected with malware, turning each one into a possible source of extra traffic. This group of remotely controlled machines is also called a botnet.
Others ways to generate an attack are possible, such as causing normally well behaved services to send their responses to the victim. Using the previous analogy it would be like sending many letters to unknown postal addresses with the victim’s address on the back, resulting in them once again ending up with a jammed letterbox, but this time full of ‘return to sender’ letters.
The attacker is able to direct the machines to the target network. Once the target IP address has been identified, each bot will send requests and traffic to that network, pushing it beyond its capacity and resulting in a denial of service to the normal traffic flowing to the site.
What are the consequences of causing a DDoS attack?
Under the Computer Misuse Act 1990, DDoS attacks are a crime. The National Crime Agency and police take cybercrime seriously. An individual conducting a DDoS attack could face the following legal consequences:
- Confiscation of computers and have their internet access restricted
- A criminal record, which could affect their education, future career prospects and ability to travel
- A penalty or fine
- A prison sentence
DDoS attacks have a significant impact on schools, organisations and businesses. Often, as ISP’s attempt to mitigate the effects of an attack, the hacker begins to target not only the initial victim but their service suppliers, meaning that lots of people can end up feeling the effects.
It is important that students and staff are made aware of the implications and consequences of DDoS attacks both from a moral and legal standpoint. An extra step would be to inform parents/carers.
How Can Schools Protect Themselves from DDoS Attacks?
In truth, there isn’t really a whole lot that schools can do to protect themselves once an attack starts. Most ISP’s and web service providers have security features in place to mitigate attacks when they occur and will alert you if an attack targets your school.
When an attack occurs, it is usually from someone within the school, and from experience, more often than not, it is a student. To prevent this, schools should proactively monitor content filtering logs, checking for searches that indicate a student has been looking at ways to perform an attack. For example, searches using the specific phrases below should be a cause for alarm:
- DDoS, DoS, Stress Tester, or Botnet
- What is my IP (as the school connection IP is required to attack it)
- How to DDoS someone/myself
- Other attempts to ascertain your school’s external IP address
These should be considered as an early indicator that a student may be seeking to attack the school and can be used to help you identify the potential perpetrator.
And if you want to be really proactive, make your students aware (e.g. in an assembly) that the school has a zero tolerance attitude toward any behaviour which would jeopardise the ability of the school perform its role, and that anyone found to be carrying out, or arranging such attacks will be reported to the police and the National Crime Agency.