This story is going to happen to you and your school. It happened to us (Campus Suite), to schools, and even Fortune 500 companies. When it happens, it's almost too late. Solving the problem without major downtime, late nights, and public exposure is difficult. Rarely will you ever find the reason or people behind it. My DDoS prevention story is the first in a series. Check out my second article, detecting DDoS attacks, and the last in my series, five tools for protecting your school from DDoS attacks.
My story started with a random Tuesday morning. I was working on a presentation, when my phone rang. As I went to pick up my phone, my inbox exploded with emails from our infrastructure monitoring system. (Every bad morning in IT starts with an outage.) I answered the call, listened to what my team told me, and hung up. Our data center had just disappeared. Our entire client base was off line.
Campus Suite was facing a major Distributed Denial of Service (DDoS) attack. Someone was flooding our company's data center with over 10 Gigabits a second of connection traffic. Every router, firewall, gateway, and server melted down and went off line. Our security measures were useless against a wave of traffic this large. A CMS hosting company without hosting is worthless.
We survived the attack after making major changes to our hosting setup. Your school is in the same danger everyday.
So why is a sudden DDoS attack so dangerous? Lets look at what DDoS stands for, and how that creates risk for you.
Just what is DDoS?
-Distributed. Most attacks use multiple hosts. Tracing and blocking a flood of connections is difficult to impossible. Slowing the attack is difficult.
-Denial. DDoS attacks work by flooding a resource or connection. DDoS attacks can target Internet sites, VPN connections, wireless, phone systems, and almost any system that connects to a network.
-Service. The flood of connections or traffic overwhelms your system and takes it offline. Your school cannot access a system it depends on.
The goal of a DDoS attack is different than other hacking attacks. DDoS is not an attack to steal information. DDoS is stopping your district from getting to a critical system. DDoS attacks create a crowded freeway, making everyone late.
The anatomy of a school district DDoS
So what does this mean to you and your district? This is how the story plays out for unprepared schools.
- You get a call or an alert. Something is off line.
- You and your team start investigating. You look at the system, the connections, the logs.
- After a period of research and review, you find the system is being flooded. You can't pinpoint the flood.
- One of your tech providers calls, and says they are taking you offline. The attack on you is impacting other schools.
- You scramble to change your setup so your provider will turn your service back on. You turn it on, and the attack follows you.
- Your school is impacted by the loss of service. Is it the Internet connection? A testing system? A gradebook on the last day of a quarter?
- Your administration comes to you looking for answers on why students aren't learning. This outage will make the local media circuit. People will overreact.
- After a period of time, you find a solution to solving the attack. The solution is expensive, and the administration isn't happy.
- You and your team are demoralized by the attack and lack of support from your administration. Your job might be in question.
DDoS are real, and here to stay
A scary example is the attack on an Idaho school district. The goal was to interfere with the Idaho Standard Achievement Test. Students had to retake the test, an outage was embarrassing for the district. Every school in the US is under constant threat from DDoS.
Germany requires utilities, telecom companies, hospitals, and major schools to have safeguards. Groups who don't prepare face major six digit fines. Is the U.S. far behind Germany in demanding safeguards for schools?
You need to be ready. It can come from anywhere. It's simple for even a student to DDoS your school, and ruin your Tuesday. All a student needs is to understand what your district relies on. The student then launches a DDoS attack on that resource, and the nightmare begins. The best solution is to prepare before the attack happens.
My goal from this blog series is to share the information from the DDoS attack on Campus Suite to help schools. In my next post, I'm going to cover how to how to detect an attack. The third post in my series covers common ways to protect your resources from attack.
DDoS for schools is a real, relevant, and a risk. Are you ready?
NOTE: This article is the first in a series of three articles dedicated to DDoS and schools. If you are a school IT manager, CIO, or an especially technical-minded school administrator, check out the other two that address protection and handy tools for dealing with DDoS attacks at your school.
Eric's background as a technical CEO with a big-picture focus brings the experience and vision that both gains the respect of technical audiences, and gets the attention of the progressive school leaders and administrators.