May 15 2017

Universities Beware, There’s a New DDoS Attack Method

With easier ways to collapse networks, universities offer some best practices for security.

Colleges are no strangers to distributed denial of service (DDoS) attacks, where malicious actors flood a network with traffic to collapse it. In 2015 alone, Rutgers University suffered six DDoS attacks, including one that lasted for five days.

Now, thanks to a new attack method, these attacks might be even more efficient to conduct.

Campus Technology reports that cybersecurity company Akamai has identified a new DDoS method that can cause “significant attack bandwidth” using “significantly fewer hosts.”

These connection-less lightweight directory access protocol (CLDAP) reflection attacks reportedly hit 50 targets this year, including two educational institutions. Campus Technology indicates that the potential for amplification is high.

Though universities can’t truly prevent these attacks, some best practices can help them to keep bad actors from collapsing their entire networks.

How Universities Can Combat DDoS Attacks

To ensure that its networks aren’t taken down in the same manner, Rutgers University opted to increase investment in IT, which required raising tuition by 2.3 percent.

Other universities have recommended best practices to plan for a potential attack.

Rachel Kartch, a cybersecurity analysis lead at Carnegie Mellon University, writes on the school’s Software Engineering Institute Insights blog that universities should begin by ensuring continuity, as they might do for disaster preparation.

“For an organization that depends on servers and internet presence, it is important to make sure that resources are geographically dispersed and not located in a single data center,” writes Kartch.

She recommends locating servers in different data centers if possible and making sure data centers have different networks and diverse paths.

Universities can also act preventatively by buying hardware and software that are known to handle DDoS attacks and that will protect network resources.

“Most modern hardware, network firewalls, web application firewalls, and load balancers, will generally have a setting that allows a network operator to start closing out [transmission control protocol] connections once they reach a certain threshold,” recommends Kartch.

For example, F5 Networks and Juniper Networks both have DDoS protection software.

As schools are already rocketing up bandwidth to accommodate devices and tech tools, Kartch says that they also should scale up networks as much as possible to absorb a large volume of traffic.

New tech tools, like Internet of Things devices, have created vulnerabilities for attacks because malicious users can create a botnet that uses them to take down a network.

In an interview with Princeton University, computer science professor David Dobkin indicates that there is one important thing IoT users can do to prevent this from happening: change their passwords.

“I suspect that all of us have devices where we have not bothered to change the factory-installed username and password, which makes those devices at risk,” says Dobkin. “If there are millions of those devices out there, this makes the problem harder.”


Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.