In my previous posts, I talked about what a DDoS attack is and my zen approach to detecting one. For my final post in this series, I am going to share with you some of my own tools I use to detect attacks, and while I’m at it, offer up a few solutions to defend against attacks. These are what I use; you may have other tools of your own to protect your school from DDoS attacks. Whatever tools you end up using to protect your school’s system, my goal is for you to simply be on guard, well equipped and diligent as you monitor and defend your school against DDoS.
Detection starts with monitoring. I prefer to monitor my IP devices, such as switches, routers, and firewalls, to get a handle on the connections, and historical trends. My top three picks for monitoring are:
When I know a host that is under attack, I use a packet sniffer to look at the traffic going to the host in detail. A packet sniffer is like tapping a phone call. When I tap a call, I know everything that the hosts are saying. Packet sniffers can be on-demand from a laptop, or a permanent monitoring setup.
For web servers, and anything that offers a web interface, I use Cloudflare for system protection. Protecting any DNS-named web site is simple with this proxy that sits between you and the Internet. Requests come in, and if they look valid, Cloudflare then forwards them on to your server. It offers a CDN (content delivery network) for your site, speeding up response times with less bandwidth. Cloudflare is great for protecting anything with a public web interface. Upside: easy management interface with rock-solid protection Downside: to use Cloudflare, you need to host your DNS with Cloudflare. Small price to pay.
DNS (domain name system) is essentially the naming system for anything your school has connected to the internet. Your DNS drives the resolution of names like innersync.wpengine.com or www.yourschooldistrict.edu to an IP address. DNS can be a weak link in any service that depends on the common name. Check your configuration with this this free tool.
For more information on how to avoid a whole bunch of server issues, check out this helpful article on the importance of dialing in your DNS setup properly at your school.
Do you still host your own email? Many school districts have moved to Google Apps for Education or Office 365. If you maintain on-premise email servers, you need a service to protect you from SMTP attacks. SMTP is the protocol that mail servers use to communicate. There are many options for a SMTP Spam and DDoS service, look for these key features.
If you’re looking into email security options, be sure to check out this article that explores which platform to use: Google Apps for Education or Office 365 in Education.
I look at security from the classic "onion" approach. I build multiple rings of monitoring and security around every resource on my network. The "onion" keeps our systems as safe as possible from a single point of security failure. If one layer doesn’t get you, the next layer in will.
My point is, any defense that relies on a single system is designed and destined to fail. Consider this list of tools and tips as a good start on building your own onion. Remember, many DDoS attacks are preventable. However, with diligent monitoring, the right mix of tools, and a competent staff, you can build your onion – er, I mean – plan a strong defense before your school is attacked.
Do you have any DDoS defense tools of your own you use?
NOTE: This article is the third in a series of three articles dedicated to DDoS and schools. If you are a school IT manager, CIO, or an especially technical-minded school administrator, you might want to check out the other two articles that deal with detecting and preventing a DDoS at your school.
Part 1: DDoS Prevention: Your First Step to Protect Your School Against Attack
Part 2: DDoS Protection for Schools Starts with Detection