DDoS attacks, which take over the victim network by spamming it with massive amounts of traffic, are on the rise. For schools, the attacks can shut down websites, phone systems, and prevent users from accessing the internet and its applications.

More often than not, students are causing the cybermischief because they don’t want to take online tests or don’t want their parents to access their grades online, district IT leaders say.

Schools face many types of DDoS attacks, including volumetric attacks which try to flood inbound links, and application-oriented attacks which take advantage of weaknesses in the operating system. There are also protocol or state exhaustion attacks that target firewalls, load balancers and other infrastructure.

While school districts rely on their internet service providers (ISPs) to fight off large-scale DDoS attacks, district IT leaders use a combination of networking tools and network design to combat the attacks themselves.

Dropping Bad Traffic

Utah’s statewide education network considered several solutions to their recent DDoS attacks, but ultimately chose on-premises equipment that is installed on its own private cloud.

The technology automatically detects and blocks DDoS attacks by using a program that silently drops or “blackholes” the bad traffic.

This mitigation system can also scrub traffic. As traffic enters the network backbone, scrubbers allow legitimate traffic to pass through, while blocking malicious traffic.

Utah’s new mitigation system has been configured to automatically stop an obvious DDoS attack. But if it’s ­questionable, the system will notify the IT staff to investigate further.

Enhancing Network Monitoring

In Florida, schools in Miami primarily get hit with attacks during testing.

The IT staff mitigates the risk by using network monitoring tools and creating rules on its networking equipment (routers, switches, firewalls and intrusion prevention systems) to automatically spurn those attacks.

Critical Countermeasures

In Illinois, a school district is taking advantage of built-in intrusion detection and prevention in its firewall and the Border Gateway Protocol to stop DDoS attacks.

In some cases, the IDP tool automatically stops DDoS attacks. In others, it alerts the district network analyst that an attack is happening so he can manually defend against it.

The network analyst has also increased the number of IP addresses the district uses from five to 254 to remap the entire internal network. He uses different IP addresses for the district’s headquarters and each of its 17 schools so he can pinpoint which address is being attacked.

Design Optimal Damage Control

Using the right network architecture can minimize damage from a DDoS attack.

When districts only have one firewall installed, a DDoS attack can disrupt access to the internet and to internal applications.

To protect against this, Washington County School District in Utah has a main firewall at the border and internal firewalls to protect the internal network. In addition, for its VoIP system, the district uses a Primary Rate Interface connection that terminates inside the firewall.

That way, if a DDoS attack manages to stop internet access temporarily, phone service will still work, and district employees will beable to access important business applications

Taking a look at all these steps and seeing what is best for you and your school can help prevent your school from being the victim of a DDoS attack.

(Story via Ed Tech)