Security and Safety

The Threat Within: Securing Your District's Websites and Infrastructure Against Cyber Attacks

The director of network and infrastructure at inland Southern California's largest school district reflects on his experiences and provides recommendations for preventing cyber attacks.


Image courtesy of Corona High School, Corona, CA.

Today more than ever, education institutions need to step up their network security by implementing strong cyber security tools to protect their schools’ websites, infrastructure and meet the demands of their online learning platforms.

As the director of network and infrastructure at the largest school district in inland Southern California, the Corona-Norco Unified School District , I quickly learned the possible impact of not heeding this call. CNUSD relies on both on-premises next-generation firewalls, as well as cloud-hosted solutions to provide the security functions it needs, but this proved to not be enough.

Last spring, we noticed that we had some activity attempting to take down a couple of our public facing web servers. From the evidence gathered, we believe that it was student-related.  They were attempting to, not necessarily compromise our systems, but simply disrupt service and availability of our public web servers and our parent-accessible grading web servers.

I wanted to continue to grant necessary access to all learning activities while blocking wrongful actions. That said, there will always be students who enjoy being a little mischievous. In fact, just five years ago, our primary concern was how to get technology into the classroom for the students to consume. Student skills have accelerated far beyond keyboarding and web-based research to help complete assignments. Their skills are advanced, and now they’re inside our network. No longer was a potential threat isolated to outside actors.

CNUSD needed a solution that was simple to use and not overly technical. We also didn’t want it to require a tremendous amount of professional services or a steep learning curve. It also had to be easy to implement and maintain. We reached out to a security analyst who recommended the Imperva Incapsula website protection service.

Within a day or two, we had 20 of our websites protected. The service was really easy to configure, tune, and quickly implement. It has exposed us to a tremendous amount of reporting visibility that we have not had with other on-premises solutions.

We’re now able to protect against malicious student activities. Even if we had chosen to ratchet everything down on the computers students use to access the internet, they likely would have launched new attacks from their smartphones. Our new service can block that sort of activity.

After 10 months, the attacks kept increasing in magnitude, but we were able to successfully fend them off. This enables us to keep our servers online and available.

Business and Technical Challenge

CNUSD’s first and foremost goal continues to be to provide the best instruction possible in a safe and secure learning environment. We noticed a few students quickly escalated their activities by launching distributed denial of service (DDoS) attacks directly targeting the organization’s internet connection. This rendered the school district’s internet unusable. CNUSD’s content filtering logs revealed access to vBooter, Rage Booter, Booter Box, IP Stresser and others—all DDoS-for-hire services easily accessible by anyone today.

All it takes is $7 on a credit card to render my internet connection obsolete.

CNUSD has several cloud-hosted resources to facilitate student research, blended learning, and online engagement. In addition to being a Microsoft Office 365 subscriber, it relies on cloud-based services such as Blackboard and Canvas.  All of those resources were unavailable to the organization as a result of the attacks.

Given CNUSD’s initial success with its new website protection service, we chose to also onboard the company’s Infrastructure Protection solution, which has provided a stable solution to its security problems.

With the infrastructure protection in place for two months, we feel protected against such occurrences from happening again.

By arming our district with the proper cyber security tools, the CNUSD has achieved multiple benefits across the organization including:

  1. Availability — CNUSD’s systems are online giving students access to the full curriculum of independent study offerings, grades and homework assignments.
  2. Infrastructure protection — students can leverage the school district’s infrastructure as a learning platform when they need it.
  3. Better visibility into website traffic — CNUSD has a granular view of traffic and can identify perpetrators quickly.
  4. Enhanced security — Service that provides always-on protection against DDoS attacks and blocks exploit attempts from DDoS-for-hire services.

About the Author

Brian Troudy is the director of network and infrastructure at the Corona-Norco Unified School District, where he heads a team of five that oversees all of CNUSD’s network and data center operations — encompassing information security, enterprise systems, and providing LAN, WAN, and WLAN support. The CNUSD, which services 51 schools in operation — 33 elementary schools, eight intermediate schools, and eight high schools located in Riverside County, Calif. — is the largest school district in inland Southern California, serving approximately 54,000 students, and is one of the largest school districts in the state and within the top 100 nationwide.