School system administrators, School CTOs and IT staff have growing concerns regarding cyber threats.
Distributed Denial of Service (DDoS) attacks in particular are raising the level of anxiety among all stakeholders who are focused on the educational needs and well-being of students.
Why are cyber-criminals attempting (and succeeding) in taking down school networks? Because they can.
The average high school student today has both the attitude and the aptitude to use and misuse technology. What is even more disconcerting is the success students have had in bringing down their own school networks. Wm. Larry Padgett is the Director IT Infrastructure, System Support, Security, and Governance for the School District of Palm Beach County, the 11th largest school district in the country. He recently noted, “In years past, if a student didn’t want to take a test, he would pull the fire alarm. Today, he will launch a DDoS attack.”
Some cases are hair-raising. Take, for example, the Illinois community school district highlighted in an April, 2015 article in District Administration entitled ‘Defending school security’. Two enterprising teenagers learned how to launch a DDoS attack from an online gaming site, and shut down the district’s network for an entire month.
Staging such attacks has become much easier. Compared to large corporate sites, a relatively small volume of botnet generated traffic can take a school network down. Most schools are ill-prepared to handle DDoS attacks due to limited resources and the relative softness of their infrastructure. A Google search can equip just about anyone with the basic know how, or point to where they can make arrangements for a DDoS attack via the Dark Internet for as little as $40 for a 24-hour assault. Never mind that staging a DDoS attack is a federal crime.
Repercussions from a successful DDoS attack are usually most serious for the target, of course. Any school network’s primary purpose is to serve the needs of the students, and downtime for school networks means curricula disruption and interrupted progress for hundreds, if not thousands of pupils. There is little in tight school learning schedules to easily make up for lost time and resources without extending school hours or adding days to the term. Attacks designed to bring down online testing events are particularly problematic, as more required state and central testing is conducted via the network. Bringing down the network may also prevent schools from registering students, grading, accepting payment for school lunches, and distributing educational content. Because schools today are increasing tied to the internet through e-learning and operational enterprise solutions, when the network goes dark, it’s a critical event.
But students are not always the perpetrators in DDoS attacks. Cyber criminals are increasingly seeking new opportunities, and the wealth of Personally Identifiable Information (PII) that resides on school servers provides a tempting target. Cyber criminals are for the most part, non-discriminating, and increasingly are targeting both large and small schools and school systems. Often DDoS attacks serve as a smokescreen for these criminals to gain access to FERPA-protected data or school financial systems through a more complicated L7 (high-protocol application-layer) attack. Loss of personal data has serious consequences for schools, including denial of funding, private lawsuits, and reputation damage.
Begin your defense planning with an understanding of the implications of an attack, then assessing your capability to weather it. Finally, research, enlist and deploy the necessary resources to maintain an adequate defense from both inside and outside the organization.
1. Improve Security Awareness for All
Secure Designs recognizes that true internet security is a mindset – one that embraces attitude and process as much as it does technology. It starts with building a continual mindfulness of threats that come with the rewards of the connected classroom. Everyone in the school organization has a stake and role to play in keeping the network secure. That buy-in is essential. School IT administrators have to defend their entire perimeter and multiple other access points; an attacker needs to find only one to exploit. If sensitive information like passwords, IP addresses and login details for data access is left on unprotected devices, shared, or placed within unsecured documents, the window of vulnerability is wide open. There are software programs and other resources available that educate all in the school community, including students and parents. These programs have the added benefit of providing compliance with all Federal requirements for the safeguarding of sensitive information and adopting safe internet practices.
A part of that process is internal compliance and enforcement. That calls for active management controls, filters and protocols for everyone who is a technology user. Those that fail to adhere to policy should be required to take additional training. Some schools proactively identify and monitor students who for one reason or another, show behavioral clues that they might be motivated to instigate an attack.
2. Prepare by Mapping Your Network Landscape and Identifying Potential Fault Points and Fixes.
Start by anticipating. Without preparation, any downtime that may result from an attack will be unnecessarily prolonged. Document your IT infrastructure, and examine and identify all circuit IDs and IP addresses. Inventory your assets. Establish the network’s base performance, so you can quickly identify an attack. Understand the pattern of a potential DDoS attack, and identify the most vulnerable parts of the network. What is the throughput capacity of the firewalls at each location? What network elements tend to slow the system down when they are overloaded? (If your IT staff raises red flags about the performance of any of the network elements under normal circumstances, you can be sure that in the event of a DDoS attack, these will be the elements that crack first under the strain.) If a particular feature of an application is a bottleneck, consider temporarily disabling that feature in the event of an attack. Don’t be hesitant about dumping log files – they will be inundated with requests and will implode, causing a cascade of failures. Examine egress filters and plan to block the traffic your network sends in response to DDoS traffic. This eliminates the creation of unnecessary packets that contribute to overload. Additionally, keep personnel contact lists up-to-date, so that no time is wasted when the alert is up. An attack may go on for days, so allow for substitute players to relieve the first responders.
3. Upgrade Your Firewalls System-Wide.
Your best bet to mitigate DDoS attacks is to block or minimize DDoS traffic as close to the network’s “cloud” as possible with a specialized device such as a Next Gen Firewall, load balancer, router, etc. Dynamically updated, unified threat management firewalls are designed to screen and clean traffic through “Deep Packet Inspection” without any perceptible latency. They offer high levels of redundancy and failover in the event of traffic surges. They can identify and segregate unwanted or suspicious inbound traffic, detect intrusions, and conduct exception-based monitoring that alerts IT staff to anomalies so they can rapidly shut the system down. Modern firewall systems offer tremendous performance and value. If your firewalls are more than a few years old, investigate the latest offerings, and consider standardizing on a single firewall type or vendor. Having a unified security technology platform and policy across a school district makes for easier management, as long as there is some flexibility in implementation to allow for differences in school type, age level or specialization. To ease the financial burden, the Federal Government’s E-rate program provides discounts up to 80% for Category Two eligible security equipment and services.
4. Let Security Experts Bear the Brunt of Attack Mitigation.
For school districts, the mitigation of DDoS attacks can be a complex problem, with a series of increasingly expensive solutions. IT staff and resources in most K-12 learning environments are at full capacity given the demands of the electronic classroom and education-related enterprise solutions. Defending against DDoS attacks is very difficult without specialized equipment and outside help. Most ISPs have DDoS mitigation services available, offering increased bandwidth to withstand attacks at a special rate.
External vendors almost always offer the most cost-effective set of solutions. Network security experts who can make recommendations and provide robust solutions based on proven policy, procedures and technology are in a better position than in-house personnel to plan for and mitigate attacks – not because school IT Directors aren’t technically capable, but because internet security is a full-time job. Few schools have the luxury of a full-time internet security expert. The nature of internet security and threat mitigation calls for continual training, updating and patching. A managed security service provider can offer a team of experts and a wealth of resources that have been built and tested through their experience with thousands of client scenarios. Managed security services providers will perform accurate assessments of your current capabilities, and deliver solutions that include the remote monitoring, updating and managing of your perimeter defenses. Look for providers with existing expertise in school network security. Check with your ISP, many now offer a range of managed security services bundled with the “pipe.”
DDoS attacks, like other Internet-delivered security threats are an inevitable risk that come hand-in-hand with the internet’s ability to transform the educational process. The rising tide of digitization in education makes school networks more vulnerable, and raises the stakes on the damage these threats can cause. No one is immune from DDoS attacks. They affect school systems of any size.
DDoS is a real and persistent threat. Responding effectively to that threat means coming up with your network specific plan to successfully defend, mitigate, as well as restore things to normal in the shortest time possible. By examining your network’s current ability to weather such an attack, as well as seeking outside assistance to engineer and maintain a state-of-the-art defense, the most damaging effects of DDoS attacks can be minimized or avoided altogether.