Geographic IP location blocking: To support members with the increase in ransomware attacks on the sector, Jisc can now restrict access to remote desktop protocol (RDP) using geographic IP location blocking. Find out more.
About foundation DDoS mitigation
Distributed denial of service (DDoS) attacks are increasing in scale, sophistication and frequency. As an organisation in research and education, you need a cost-effective way to mitigate these attacks – reducing business risks, in a way that suits your needs and budget.
As part of your Jisc subscription, you receive our foundation DDoS mitigation service. This gives you peace of mind that Jisc will manually mitigate any attack against your network connection.
With this service, we detect and filter DDoS attack traffic across the Janet Network before it reaches you – mitigating the effects of attacks on your Janet connection, and reducing disruption and cost.
What is a DDoS attack?
There’s no doubt that DDoS attacks have evolved. As criminals enlist new technologies like Internet of Things (IoT) devices to distribute and amplify attacks, it has become a threat that organisations can no longer choose to ignore. "Denial of service" describes the ultimate goal of a class of cyber attacks designed to render a service inaccessible. Most organisations rely heavily on web connectivity and online services to conduct business, so any disruption to this service can have serious ramifications, including:
Damage to brand reputation
Loss of revenue
How we mitigate an attack
In general, DDoS mitigation works by monitoring traffic for unexpected patterns. If an alert is triggered, traffic to the address is re-routed via the mitigation scrubbing centre. Attack traffic is then filtered out using carefully selected criteria and benign, business-as-usual traffic continues to flow to and from your services.
Opt in to geographic IP location blocking
Recently, there has been an increase in ransomware attacks on our sector, with the use of the remote desktop protocol (RDP) as an attack vector.
As a temporary measure, Jisc can now restrict access to RDP (TCP port 3389 only) using geographic IP location blocking as part of your foundation DDoS protection, on an opt-in basis. Once in place, this block will only allow traffic from known UK IP address space.
Geographic IP blocking is not being enabled by default, as it may not be suitable/desirable for all members.
How to opt in
If you would like to opt in to geographic IP blocking, contact Janet CSIRT on firstname.lastname@example.org using the subject header 'Foundation Geo IP'. In your message, please provide the address space you would like filtered in contiguous IP address blocks.
Please note that geographic IP data is not always up-to-date and some false positives/negatives may be unavoidable when geographic IP blocking is applied.
Availability of service support
Support for the service is available from 08:00 and 18:00, Monday to Friday (excluding bank holidays).
An on-call service is available from 18:00 to midnight, Monday to Friday and from 09:00 to 17:00, on Saturday and Sunday. Bank holidays (excluding Christmas Day) have an on-call service between 09:00 and midnight.
Do you have additional requirements?
Do you need to protect specific, business-critical services or show you’re doing as much as you can to maintain business continuity at critical times?
Responding to member needs, we have developed an extra layer of mitigation support with our critical services protection service, which offers out-of-hours coverage, customisable protection of your external facing services and fast DDoS mitigation response times including the option of permanent mitigation.