Here at N4L we aim to ensure connections are working well for all schools using the Managed Network. However, events can happen that disrupt the network. These events range from hardware failures (e.g. power cuts in specific geographic areas) or fibre cuts, to disruptions related to software bugs.
Occasionally the Managed Network experiences a Distributed Denial of Service attack, or as it’s more commonly known in the IT industry, a DDoS event. Whilst DDoS events aren’t common, they are an unfortunate reality of the internet today. Hopefully this post will help you understand how these events occur and what N4L does during them..
A DDoS attack is when a machine or network resource becomes unusable because it is being flooded with traffic from an attacker – preventing legitimate users from being able to access resources on the network or the network itself.
This graphic via Cloudflare’s blog shows how a DDoS attack will prevent a visitor from accessing a website or network based service.
The N4L Managed Network has advanced DDoS protection systems which can prevent many DDoS attacks from having any effect on schools. In the instances when these systems cannot automatically halt a DDoS event various teams within N4L work together to ensure the issue is resolved as quickly as possible.
We immediately engage our network partner (Spark) as well as our internal N4L engineers to identify both the source and the target of the attack. Once these are identified we can determine the best way to isolate the threat and minimise the impact of the attack.
As we have to ensure network integrity for all schools using the Managed Network, solutions may include isolating the target/s of the DDoS attack from the rest of the network. This may result in the targeted site/s (a single school or a number of schools) being temporarily disconnected from the Managed Network while we work on a resolution. This means other schools remain unaffected and can continue using the Managed Network as normal.
We can also halt the DDoS attack by working with Spark to prevent the relevant traffic from entering the Managed Network in the first place, or by changing the IP addresses of the targeted site, thus rendering the the attack ineffective. Typically mitigation measures will remain in place until the attack activity abates. When we have identified the attack traffic has ceased we work to return the Managed Network to normal operation as soon as possible, for all affected schools.
During these attacks our priority is to address the attack and maintain the integrity of the Managed Network for all schools. We will aim to provide updates to affected schools via TXT, as well as regular updates via our Network Updates Page and and Twitter.
Once the immediate threat to the network is over we can investigate the source of the attack. We work with Spark and evaluate incident reports to see if there are any proactive steps we can take to support schools, and reduce likelihood of such attacks reoccurring.
As the nature of the internet continues to evolve so to does the nature of these attacks. N4L continues to work with Spark and other partners to ensure the Managed Network is operating optimally for all schools at all times.
Hopefully this post has helped you better understand what a DDoS attack is and the work N4L does to manage and mitigate the issue should an attack occur. If you have any questions our friendly helpdesk team are more than happy to provide further clarity.