Security Case Study

Mitigating DDoS Attacks to Reduce Testing Outages

DDoS attacks are regularly launched on school systems to expose student records and hold information hostage. More often, DDoS attacks cause testing outages. Gary Bryant, technology coordinator at Augusta County Public Schools, shares his experience with a DDoS attack that threatened the district's technology center and impacted its online testing systems in a way that could have proved catastrophic.

Distributed Denial-of-Service (DDoS) attacks are on the rise. According to the most recent State of the Internet – Security Report, prepared by Akamai Technologies, DDoS attacks have doubled year over year for the last three quarters.

DDoS Attacks at School
DDoS attacks are generally perceived as less harmful than other cyber attacks, but they can be just as damaging; DDoS attacks just cause a different type of damage.  

They are regularly launched on school systems to expose student records and hold information hostage. More often, DDoS attacks cause testing outages.

What is a DDoS attack?

DDoS attacks are attempts to make a computer resource or network unavailable to users. The targeted system becomes overwhelmed with massive amounts of unsolicited data or traffic and either becomes unusable or crashes completely. Groups of computer criminals use DDoS attacks as a means of extortion, to gain media attention and notoriety from peer groups, or to damage reputations and cause service disruptions in a number of industries. DDoS attacks are also often used as a distraction when other, more serious, attacks are occurring, such as data exfiltration. In addition, DDoS attacks are popular for acts of hactivism, which are becoming more common.

This was seen recently when the Minnesota Department of Education twice temporarily suspended its comprehensive assessments when a DDoS attack created problems for students logging into the testing system. And it happened to us earlier this year.

Under Attack
Augusta County Public Schools, located in in the Shenandoah Valley on the western edge of the Commonweatlh of Virginia, was struck by a DDoS attack.

In late February, a UDP flood from a botnet completely swamped our school system's inbound network pipe. This attack threatened our technology center, which is responsible for providing and maintaining just under 7,500 devices across the county's 20 elementary, middle and high schools, as well as maintaining a Web presence for the school system.

It impacted our ability to satisfy government mandates for online testing systems, which require that we ensure uninterrupted access to Standards of Learning (SOL) information and testing hosted by the Virginia Department of Education. 

Gary Bryant

Gary Bryant

In an attempt to minimize damage, our Internet service provider throttled bandwidth to the school system's site. However, this caused the network to experience sluggish performance and prevented access to key applications, information and links, including those associated with SOL.

While the inability to access e-mail and other applications was inconvenient for the district's staff, the unavailability of the online SOL testing was potentially catastrophic. Students take the SOL tests only two times per year, and the results affect their grade promotions and graduations.

Attempting to protect IP addresses and mitigating the attack quickly became a game of whack-a-mole for our Technology Center. Throughout the month following the initial attack, every time we changed our public address the attackers shifted in response.

We couldn't black hole all 254 addresses, so we needed to find a third-party solution that would allow us to mitigate the DDoS attacks while maintaining the availability of critical learning tools and resources.

We turned to Akamai Technologies' Prolexic Routed solution, a cloud-based service, to successfully resolve the attack. The solution routed the school system's inbound traffic to the nearest Prolexic scrubbing center, where proprietary filtering techniques, routing and anti-DDoS hardware devices removed botnet traffic close to the source; clean traffic was then routed back to the school system's network.

Technology Center servers

Technology Center servers

The attack was a wake-up call for our school system and it drove home the fact that schools are quite vulnerable to sophisticated threats that can be launched by anyone for very little money.

Access to information, applications and tests, as well as securing private information, is critical in maintaining a functioning and progressive school system. A sound IT security strategy must include ample defense measures against threats posed by cyber criminals.

Steps including practicing good web-application hygiene can eliminate many application-layer vulnerabilities. A proactive approach to security will also protect against unexpected costs. For example, research indicates that outage costs associated with a DDoS attack can cost an Internet-reliant organization $1 million before mitigation even begins.

While other attack strategies might garner more attention, there is every indication that DDoS attacks will continue to rise. Schools will be well served to take the necessary steps to minimize their risks as much as possible. Hopefully other counties can learn from our experience and avoid the catastrophic results of an attack, or prevent one from occurring in the first place.

About the Author

Gary Bryant is technology coordinator at Augusta County Public Schools, which serves students in 23 schools in Virginia.