Reducing The Chance of a DDoS Attack
From time to time, we see some of our education customers becoming the target of a DDoS attack. Whilst we can help mitigate these attacks quickly, they can cause major and long term disruption to a school’s internet connection.
We thought it would be useful to publish some information to help you understand what these attacks are and how you can help prevent them.
What is a DDoS Attack?
A DDoS (Distributed Denial Of Service) attack, is an attack on a network by overwhelming the target, a resource or a connection with large amounts of internet traffic or requests - more than the network can handle.
The effect of this traffic? It uses up all available resources to deal with these requests, leaving users unable to establish use of the service. This sudden increase in traffic can also cause web servers to crash.
Imagine your internet connection as a letterbox, if your postman delivers one or two letters constantly this would cause no problems (other than you’d have a lot of letters to open). Now imagine that lots of unknown people tried putting hundreds of letters through simultaneously; nothing would get through the now jammed letterbox, and your trusted postman would be unable to deliver your valid mail. This is, in essence, what happens when an attack happens.
For a DDoS attack to take place, an attacker typically gains control of a network of machines. These computers, or appliances, are infected with malware, turning each one into a possible source of extra traffic.This group of remotely controlled machines is also called a botnet.
Others ways to generate an attack are possible, such as causing normally well behaved services to send their responses to the victim. Using our previous analogy it would be like sending many letters to unknown postal addresses with the victim’s address on the back of the letter who ultimately end up once again with a jammed letterbox, this time full of ‘return to sender’ letters.
The attacker is able to direct the machines to the target network. Once the target IP address has been identified, each bot will send requests and traffic to the target network, pushing it beyond its capacity and resulting in a denial of service to the normal traffic flowing to the site.
What are The Consequences of Causing a DDoS Attack?
Under the Computer Misuse Act 1990, DDoS attacks are a crime. The National Crime Agency and Police take cybercrime seriously.
An individual conducting a DDoS attack could face the following legal consequences:
DDoS attacks have a significant impact on schools, organisations, businesses and individuals. Often, as ISP’s attempt to mitigate the effects of an attack, the attacker begins to target not only the initial victim but to their service suppliers, meaning that lots of people can end up feeling the effects.
So it’s important that students and staff are made aware of the implications and consequences of DDoS attacks both from a moral and legal position. An extra step would be to inform parents/carers.
How Can Schools Protect Themselves from DDoS Attacks?
In truth, there isn’t really a whole lot that schools can do to protect themselves once an attack starts. Most ISP’s and web service providers have security features in place to mitigate attacks when they occur and will alert you if an attack targets your school.
When an attack occurs, it’s usually from someone within the school, and from our experience, more often than not it is a student.
Schools can proactively monitor SurfProtect, or other Content Filtering Software logs, for searches indicating that a student has been looking at ways to perform an attack. For example, searches for:
These should be considered as an early indicator that a student may be seeking to attack the school and can be used to help you identify a potential attacker.
And if you want to be really pro-active, let your students know (e.g. in an Assembly) that the school has a Zero Tolerance attitude toward any behaviour which would jeopardise the ability of the school perform its role, and that anyone found to be carrying out, or arranging for such attacks will be reported to the Police and the National Crime Agency.
We hope this blog has helped you to understand DDoS attacks a little more and how you can take steps to educate all those involved with your network, as well as assist in monitoring behaviour which could result in an attack.
If you would like further information or advice please give our team a call on 0345 145 1234.