From the richest corporations to the most secretive government agencies to the smallest mom and pop shops and even the most benevolent non-profits, every organization is a DDoS target. This very much includes schools.
Unlike almost every other type of organization, however, educational institutions typically aren’t targeted by a random assortment of the malicious attackers populating the internet. Instead, they’re attacked by their own students. This makes an already frustrating situation all the more aggravating, yes, but this unique set of circumstances also gives schools an advantage when it comes to stemming the tidal wave of DDoS attacks.
Here are three tips for cutting down on DDoS outages.
- Get the right DDoS protection
Before you go paging Captain Obvious, you’ll want to bear in mind that not all DDoS protection is created equal, and the type your institution has can very much impact how often a distributed denial of service or DDoS attack is able to take down a website or online service. In order for an educational institution to adequately protect its students and the services they rely on 24 hours a day, leading cloud-based protection that is up and mitigating within ten seconds of the first inkling of attack traffic is necessary. This is a time to mitigation that should be included in an educational institution’s service level agreement with a DDoS mitigation provider. Also required is robust processing power that can allow for granular traffic analysis that allows legitimate traffic through with no delay even while the mitigation service is dealing with a huge amount of attack traffic. You should be looking for a protection provider with a network of data centers and scrubbing servers capable of handling at least 500 Gbps.
- When attacks are happening, open the lines of communication
Many attackers, including student attackers like the infamous Paras Jha who now owes Rutgers University $8.6 million for his repeated DDoS attacks, are motivated by the outage-induced outrage they witness while their attacks are ongoing. Rest assured that during a DDoS attack, the person behind it is likely to be refreshing Twitter, Reddit, WhatsApp, Facebook groups and any school forums and message boards to watch his or her fellow students react angrily. They love it.
In order to reduce how many distributed denial of service attacks they’re getting hit with, schools need to reduce the anger students are feeling and expressing when they happen. Schools need to put a plan in place for communicating to students what is happening when websites and services go down as well as updates on mitigation efforts that will help give students a grasp on when they might expect the attack to stop. As much as schools may feel the impulse to hide what is happening, being open and honest about it is better and will keep students from angrily demanding answers when things aren’t working as expected, and this will take a lot of fun out of it for the attackers.
- Have backup plans in place
While student attackers launching DDoS assaults to observe the outrage might be common, what’s even more common is student attackers launching DDoS assaults for the number one reason you would assume they’d want school systems down: to delay their exams.
Bringing in a backup internet service provider, even if just around exam time, is a simple way to outsmart the attackers who should have spent less time renting a botnet and more time studying. There aren’t many people on a student budget who are going to keep spending their pizza money on DDoS for hire services that don’t work.
The point is making it pointless
Unlike other organizations that are contending with a wide range of DDoS motivations, educational institutions are mostly dealing with a specific group of attackers with only a few different reasons behind the mayhem they cause. In a way, when it comes to distributed denial of service attacks, a school’s greatest annoyance is actually its greatest strength.
Getting the right DDoS mitigation should take care of the issue altogether, but if that currently isn’t an option, taking the fun and payoff out of DDoS attacks should do it.