Here at N4L we aim to ensure connections are working as best as possible for all schools using the Managed Network. However, events can happen that disrupt the network. These events range from hardware failures (e.g. power cuts in specific geographic areas) or fibre cuts, to disruptions related to software bugs or malicious attempts such as DDoS attacks.
A Distributed Denial of Service attack is more commonly known in the IT industry as a DDoS attack. With DDoS attacks on the rise in recent years, unfortunately they are a reality of the internet today. Hopefully this post will help you understand how these events occur and what N4L does during them.
This graphic shows how a DDoS attack prevents a legitimate user from accessing a website or network based service.
A DDoS attack is when a machine or network resource (such as a website) becomes unusable because it is being flooded with traffic from an attacker – preventing legitimate users from being able to access resources on the network or the network itself. Our Head of Education & Engagement, Greg, provides an easy example of how DDoS attacks work in the video below.
N4L has advanced DDoS protection, a component of our Safe & Secure Internet, which is automatically included as part of every school’s Managed Network connection. It prevents many DDoS attacks from impacting schools, but in instances when these systems cannot automatically halt a DDoS attack, various teams within N4L work together to ensure the issue is resolved as quickly as possible.
We immediately engage our network partner (Spark) as well as our internal N4L engineers to identify both the source and the target of the attack. Once these are identified we can determine the best way to isolate the threat and minimise the impact of the attack.
There are times where a malicious actor changes their DDoS techniques and so additional mitigations need to be applied to tackle those changes. Sometimes a school may notice a very short period of down time while additional mitigation is being implemented. This is to protect the school and prevent against more serious outages.
We can also halt the DDoS attack by working with Spark to prevent the relevant traffic from entering the Managed Network in the first place, or by changing the IP addresses of the targeted site, making the attack ineffective. Typically mitigation measures will remain in place until the attack activity subsides. When we have identified the attack traffic has stopped we work to return the schools back to normal operation as soon as possible.
During these events, our priority is to address the attack and maintain the integrity of the Managed Network for all schools. In most cases a school may not notice the attack happening because of our state of the art mitigation system.
Once the immediate threat to the network is over we can investigate the source of the attack. We work with Spark and evaluate incident reports to see if there are any proactive steps we can take to support schools, and reduce likelihood of such attacks reoccurring.
As the nature of the internet continues to evolve, so does the nature of these attacks. N4L continues to work with Spark and other partners to ensure the Managed Network is operating optimally for all schools at all times.
Hopefully this post has helped you better understand what a DDoS attack is and the work N4L does to manage and mitigate the issue should an attack occur. If you have any questions our friendly Helpdesk team is more than happy to provide further information – give them a call on 0800 LEARNING.