This story is going to happen to you and your school. It happened to us (SchoolNow), to schools, and even Fortune 500 companies. When it happens, it's almost too late. Solving the problem without major downtime, late nights, and public exposure is difficult. Rarely will you ever find the reason or people behind it. My DDoS prevention story is the first in a series. Check out my second article, detecting DDoS attacks, and the last in my series, five tools for protecting your school from DDoS attacks.
My story started with a random Tuesday morning. I was working on a presentation, when my phone rang. As I went to pick up my phone, my inbox exploded with emails from our infrastructure monitoring system. (Every bad morning in IT starts with an outage.) I answered the call, listened to what my team told me, and hung up. Our data center had just disappeared. Our entire client base was off line.
SchoolNow was facing a major Distributed Denial of Service (DDoS) attack. Someone was flooding our company's data center with over 10 Gigabits a second of connection traffic. Every router, firewall, gateway, and server melted down and went off line. Our security measures were useless against a wave of traffic this large. A CMS hosting company without hosting is worthless.
We survived the attack after making major changes to our hosting setup. Your school is in the same danger everyday.
So why is a sudden DDoS attack so dangerous? Lets look at what DDoS stands for, and how that creates risk for you.
-Distributed. Most attacks use multiple hosts. Tracing and blocking a flood of connections is difficult to impossible. Slowing the attack is difficult.
-Denial. DDoS attacks work by flooding a resource or connection. DDoS attacks can target Internet sites, VPN connections, wireless, phone systems, and almost any system that connects to a network.
-Service. The flood of connections or traffic overwhelms your system and takes it offline. Your school cannot access a system it depends on.
The goal of a DDoS attack is different than other hacking attacks. DDoS is not an attack to steal information. DDoS is stopping your district from getting to a critical system. DDoS attacks create a crowded freeway, making everyone late.
So what does this mean to you and your district? This is how the story plays out for unprepared schools.
A scary example is the attack on an Idaho school district. The goal was to interfere with the Idaho Standard Achievement Test. Students had to retake the test, an outage was embarrassing for the district. Every school in the US is under constant threat from DDoS.
Germany requires utilities, telecom companies, hospitals, and major schools to have safeguards. Groups who don't prepare face major six digit fines. Is the U.S. far behind Germany in demanding safeguards for schools?
You need to be ready. It can come from anywhere. It's simple for even a student to DDoS your school, and ruin your Tuesday. All a student needs is to understand what your district relies on. The student then launches a DDoS attack on that resource, and the nightmare begins. The best solution is to prepare before the attack happens.
My goal from this blog series is to share the information from the DDoS attack on SchoolNow to help schools. In my next post, I'm going to cover how to how to detect an attack. The third post in my series covers common ways to protect your resources from attack.
DDoS for schools is a real, relevant, and a risk. Are you ready?
NOTE: This article is the first in a series of three articles dedicated to DDoS and schools. If you are a school IT manager, CIO, or an especially technical-minded school administrator, check out the other two that address protection and handy tools for dealing with DDoS attacks at your school.
Part 2: DDoS Protection for Schools Starts with Detection
Part 3: My Secret DDoS Protection Toolbox for Schools