FE colleges consider DDoS (distributed denial of service) attacks to be among the top five threats to their cyber security, according to our survey of our members earlier this year. They are right to be concerned.
Our data shows that in the first six months of this year, colleges were targeted by 225 DDoS attacks designed to bring down the network.
This represents an increase of 35% compared to January to June 2017. Jisc's security operations centre also handled almost three times as many other security incidents or queries from FE colleges over the same period.
It's notoriously difficult to identify individual cyber criminals but it is accepted that the threat from inside organisations is very real and should not be overlooked. Whether it be intentional or accidental, protecting the organisation from all threats needs to be a priority.
The foundation DDoS mitigation service is provided to all Janet connected institutions as part of your connectivity services. The foundation service is designed to protect you from large scale attacks that could potentially bring down your network connection.
The enhanced DDoS mitigation services are designed to provide more focused alerts and protection for external-facing critical services that could be targeted within your network.
Our security operations centre is there to help mitigate attacks on our members but colleges are responsible for their own cyber space and should not underestimate the potentially huge financial and reputational impact of a network outage.
How can Jisc help you protect your organisation?
As part of your Jisc subscription, you receive our foundation DDoS mitigation service and can apply for access to our cyber security portal. This gives you peace of mind that we will mitigate attacks against your network connection. We detect and filter DDoS attack traffic across the Janet Network before it reaches you – mitigating the effects of attacks on your Janet connection, and reducing disruption and cost.
If you need a faster or more customised DDoS mitigation, or 24/7 response, we now offer our enhanced DDoS mitigation service.
With the enhanced service, you select one of two reaction levels: fast or instant. The fast service triggers mitigation within four minutes while, with the instant service, traffic is routed permanently via the mitigation service, so there is no delay in defence. These automated services react 24/7, helping you prevent disruption from out-of-hours attacks. You can also select pre-configured or bespoke options, as appropriate to your risk and budget levels. With a pre-configured option, you choose from a selection of profiles designed to protect a selection of common services, such as web servers or DNS – using traffic thresholds and mitigation responses designed by Jisc security analysts to be suitable for most needs.
With a bespoke option, you can further tailor your protection, adjusting parameters with the help of a security analyst. For example, you can add protection for external-facing services not normally included in pre-configured profiles – such as an internet-facing file transfer service – and you can customise protection to include or exclude specific domains or URLs.
Together, pre-configured and bespoke options allow more accurate detection of attacks and more effective mitigation.
DDoS mitigation service: "it really works"
Liam Downey is IT operations manager at Belfast Metropolitan College, the largest further and higher education college in Northern Ireland and tenth largest in the UK. It has an average annual enrolment of more than 35,000 students studying across six campuses, around 9,500 in full-time HE courses and around 25,000 in further education / leisure courses.
“The mitigation service is excellent. It really works. It does what you expect it to do and it delivers,”
The background to Belfast Met taking the Jisc DDoS mitigation service is the three severely disruptive DDoS attacks the college suffered between 2014 and 2016.
“We faced interrupted access to email, our virtual learning environment, library systems – all those systems we store in the cloud”
says Liam. The college uses Office 365, storing as many applications and user files as possible in the cloud. As a result, when the attacks knocked out connectivity, the impact on students and staff was immense:
“Teaching had to revert to chalk and talk. Administrative processes simply stopped.”
The Jisc DDoS mitigation service, introduced in late 2016, protects members connected to the Janet Network. The Jisc team monitors the Janet Network for DDoS attacks and steps in if they detect one.
When Belfast Met faced another DDoS attack, the mitigation service proved its worth. The college was in mitigation for three weeks but
“the only reason we knew about it was because Janet was telling us that we were in mitigation and scrubbing our data. We had no disruption. Our users had no idea. That’s our success story.”
Jisc's enhanced DDoS service: a no brainer
George Wraith is head of ICT at New College Durham, an outstanding mixed-economy FE college covering the full range of education from HE degree-level courses through to A-levels, GCSEs, apprenticeships and a range of vocational and academic subject areas.
In May this year New College Durham signed up for Jisc's enhanced DDoS mitigation service. It was, says George, a no brainer:
"Cyber security is very much in the forefront of everybody's radar at the minute and last year there were significant cyber attacks on both the Janet Network itself and on individual colleges and universities. If we were to lose our connection because of an attack, the effect on the college would be massive.
We have a small secondary connection we could fail over to but it's nowhere near the same bandwidth so, although we would still have an internet connection to carry on business, our students would lose a major element of their study while we were down and the reputation of the college would suffer.
Given that risk, as soon I heard about this new service from our account manager, Lisa, in March, I was keen to have the initial conversations with Jisc's cyber security team about whether it was appropriate for us. Once it was clear that it was, it became simply a matter of working out what we actually needed and what we could afford.
The Jisc cyber security team and my in-house team went through the options together and decided, based on a balance of technical needs, risk and budget, what was going to be most effective and cost-effective for us.
We went for "fast pre-configured" service options to mitigate our email, SIP trunks and our web services. We discussed the configurable "bespoke" service options and the pros and cons of the other protocols, but those are the ones we centred on as our main needs. We were on board by May – I couldn't get the purchase order out quickly enough. The process was very smooth and very easy. It was all done through video conference so it was just a matter of getting the right people in the room at the various times that we needed to.
Now, I have peace of mind. The monitoring is a key element for me – I'm able to access the cyber security portal on a live basis at any time as well as get weekly reports and see if there has been any mitigation and can find out if there are any alerts on the services in general. So, if something does go awry internally, we can check and narrow the field down very quickly. It's been such an easy service to engage with. It's just there and working, there's never been any issues or problems with it.
Thanks to the enhanced DDoS mitigation service we now have expert coverage of protocols on a more enhanced basis as well as the service Jisc provides across the board. It's meant that I can say to auditors and senior managers that we're doing as much as we can externally with our network providers to mitigate any risks on the cyber security front from an external loss of internet connection or internet services more generally.
I can't emphasise enough that it's a no brainer, especially for any educational institution that's using Jisc services already. To my mind, Jisc has proved itself with the reliability and trust established by the Janet service over the years."