Service

Foundation DDoS mitigation

Coding on screens
Creative Commons attribution information
Coding on screens
©REDPIXEL.PL via Shutterstock
All rights reserved

Detecting and filtering Distributed denial of service (DDoS) attack traffic across the Janet Network before it reaches you – reducing disruption, financial loss and reputational damage.

Contact your account manager

(DDoS) attacks are increasing in scale, sophistication and frequency. As an organisation in research and education, you need a cost-effective way to mitigate these attacks, in a way that suits your needs and budget.

Our services include:

  • Foundation DDoS mitigation service - included in your Jisc membership
  • Foundation plus - offering extended out-of-hours protection
  • Critical services protection - for core services
 Foundation DDoS mitigation Foundation plus Critical services protection (CSP) 
Protect your Janet network connection from DDoS attacks XX 
Tailored protection against DDoS attacks for core services such as Web, VPN, DNS   X
Service has 24/7 protection capability  XX
Automated protection for fast response times  XX
Permanent mitigation protection of your chosen services available   X
Includes bespoke proposal assisting stakeholder buy-in    X

Foundation DDoS mitigation

As part of your Jisc subscription, you receive our foundation DDoS mitigation service. We monitor traffic for unexpected patterns. If an alert is triggered, traffic to the address is re-routed via the mitigation scrubbing centre. Attack traffic is then filtered out using carefully selected criteria and benign, business-as-usual traffic continues to flow to and from your services.

Support for the service is available from 08:00 to 18:00, Monday to Friday (excluding bank holidays).

An on-call service is available from 18:00 to midnight, Monday to Friday and from 09:00 to 17:00, on Saturday and Sunday. Bank holidays (excluding Christmas Day) have an on-call service between 09:00 and midnight.

Upgrade to foundation plus for 24/7 protection

With many of us now working more flexibly and needing access to networks outside of normal working hours, we've developed a new DDoS mitigation option to ensure your organisation is always protected. Foundation plus takes your Foundation DDoS a step further, providing round-the-clock (24 hours a day, 365 days a year) automated protection against Jisc detected volumetric DDoS attacks. You'll also have enhanced network protection at key times of the year, such as clearing and enrolment. 

  • Response speeds are similar to those provided by the critical services protection “fast” response speed (alerts are triggered before the mitigation starts)  
  • Any mitigation will remain in place for the duration of the attack, when you need it
  • Provides DDoS protection for the majority of volumetric and state exhaustion DDoS attacks

To provide an automated service that can be applied to all members, certain countermeasures have been disabled to avoid disrupting some legitimate traffic. If you'd like to fine-tune the thresholds or countermeasures used to protect your Janet network connection, please see our Critical Services Protection bespoke setup.  

For extra peace of mind choose critical services protection

Do you need to protect specific, business-critical services or show you’re doing as much as you can to maintain business continuity at critical times?

We have developed an extra layer of mitigation support with our critical services protection service, which offers out-of-hours coverage, customisable protection of your external facing services and fast DDoS mitigation response times including the option of permanent mitigation.

Opt in to geographic IP location blocking

Recently, there has been an increase in ransomware attacks on our sector, with the use of the remote desktop protocol (RDP) as an attack vector.

As a temporary measure, Jisc can now restrict access to RDP (TCP port 3389 only) using geographic IP location blocking as part of your foundation DDoS protection, on an opt-in basis. Once in place, this block will only allow traffic from known UK IP address space.

Geographic IP blocking is not being enabled by default, as it may not be suitable/desirable for all members.

How to opt in

If you would like to opt in to geographic IP blocking, contact Janet CSIRT on irt@csirt.ja.net using the subject header 'Foundation Geo IP'. In your message, please provide the address space you would like filtered in contiguous IP address blocks.

Please note that geographic IP data is not always up-to-date and some false positives/negatives may be unavoidable when geographic IP blocking is applied.

Cyber security portal

Having a clear overview of network traffic is a useful part of any DDoS mitigation strategy. If you’re connected to the Janet Network, you can view traffic on your connection by accessing our cyber security portal. The portal also gives details of alerts or DDoS mitigations, whether in the past or currently in progress.

Over time, the portal will also integrate other Jisc security services – letting you access more information about network security, and control services to which you subscribe.

Contact us

To find out more about DDoS mitigation from Jisc, contact your account manager, or see our range of cyber security services.
 

UKAS and ISO 9001 and ISO IEC 27001 logo

This service is included within the scope of our ISO9001 and ISO27001 certificates.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.