DDos Attack Information Presented During CG School Board Meeting

DDos: Distributed Denial of Service Attack

By CHRISTY JANKOWSKI
Staff Writer

With districts around the country going virtual in some form or another, students, faculty, and parents rely on the internet for educational purposes now more than ever. Even before COVID struck temporarily changing the way we do school in a drastic way, these attacks were occurring.

But, what are they? During Cerro Gordo’s regularly scheduled school board meeting on September 16, Quality Network Solutions Neil Bryan, Director of Technology Solutions, and Bradely D. Loy, Operations manager spoke to the board about the various issues. They are the district’s technical support based out of Sullivan.

Bryan presented before the board what occurred and his advice moving forward. A DDos attack is a distributed denial-of-service attack. The attack is designed to disrupt traffic, which in essence overwhelms the service causing it to jam. You can think of it essentially as a traffic jam during construction season, no one moves until congestion slows down except in this case it is not cars, but people or perhaps bots.

As far as the threat to a district, the attacks are carried out maliciously. There have been several since the start of the school year, and they have continued.

Bryan stated, “It is almost impossible for us to stop it internally, …few things we can do within the network.”

Board Secretary Karen Freese asked, “are you seeing similar situations in other districts?” To which Bryan responded with, “the short answer to your question is yes, we do see similar things in other schools…You can see ddos attacks have increased exponentially in the last few years.”

As far as protection for more attacks, “I can say this about Ddos attacks, the only way you protect yourself is practices…It comes down to the practices, there is nothing anyone can put in here to say it won’t happen again.”

Board President Tony Piraino asked if it was an issue of bandwidth, to which Bryan replied, “Ddos attacks, trying to think of a good analogy for it…it’s like everyone going to a sporting event or concert, you can imagine all of the cars at one time and you have one way going in. It is that congestion that happens in the firewall.” Adding, “If you open it up from one lane to four lanes it is going to move faster for a while but it will bunch back up.” Noting that increasing the bandwidth alleviates problems temporarily, but not completely. “They will become more insistent on the size of the attacks used. Ddos goes…they will just increase that as long as the IP address is out there and accessible.”

“The biggest change we made was identifying possible suspects in the network and rerouting those machines and had the ip address changed, so it could happen again. It could happen again with this new IP address.” And since the meeting, it has occurred again.
As far as how many attacks the district receives, Superintendent Brett Robinson stated, “I am not sure how many, but according to QNS this was happening regularly for about 3 weeks.” Adding, “The district is currently working with Metro and QNS analyzing some usage data in regards to our current bandwidth, but an upgrade is imminent. Through the process our ISP temporarily boosted our bandwidth to 1GB at no charge.”

“According to QNS they are working with our ISP to provide increased security at the ISP level. They have also set us up with an isolated secondary network for student owned wireless devices.”

During the board meeting Piraino additionally asked, “In an ideal world, without this going on do you think we had enough bandwidth?”

Bryan replied, “I am going to say 300MB bandwidth reasonable discussion 14-18 months ago that might have been okay, pre- covid. With Covid, and remote learning, what I recommend now and I will share with you is I am recommended one megabyte (mb) per user on the network.”

He went on to add that does not include things such as security cameras, or other devices.

Robinson addressed how quickly technology needs have changed, “Just to tell you how quickly this changes, before Metro came to town, with an insulation of a fiber network to town. They are our internet service provider now, prior to that it was Mediacom and it was 20 MB/ sec and that was all that was all that was available and that was all we had. So in 2017 Metro came to town, and we consulted with QnS what is our need now and the recommendation at that time, 100 would take care of your needs for right now. So, we had a hundred. One of the good things in trying to get ourselves passed before dealing with a ddos attack while we were having troubleshooting was well, what about increasing the bandwidth? So again this past summer we consulted with QnS and the number given was 300, so we went to 300 and are currently at 300

We had the discussion yesterday and the recommendation is 500. So each time you jump up in speed, there are additional costs, but that is irrelevant. We need the speed, we are going to get the speed. I just kinda threw all that out there, so you can get a feel for how quickly this changes

Our technology needs are evolving, our tech needs …school districts, everybody is evolving and evolving rapidly. So as we evolve, we will adapt.”

Bryan went on to state that the firewalls set up are unable to process when these occur because they are getting multiple requests, and there is only so much they can do. “There are other solutions as well possibly with state programs that mix with that and there are other third party solutions as well that we can route all our traffic through, but that is going to take some research because of some of the regulations that we have..”

As far as how they can occur, it can be as simple as an individual clicking on an ad, “I am sorry if you get an advertisement on social media sites and you click on the wrong thing, there is actually things in there that can lock in your machine ….not something that is necessarily intentional…”

One area that was addressed stated Robinson was communication that only student accounts may be accessed on school devices, not other personal accounts. “To the best of my knowledge everyone has complied with that.” Adding staff can use their personal device to check personal emails when necessary. Bryan went on to add that even with things separated, it is possible for a personal device to initiate an attack. “what you said is correct, however if you connect with your personal device you connect to what is called the guest network. It limits you with your internet access…The problem with that is that it can be initiated through one of those devices

It will look binene coming from inside out…they could start attacking again.” Adding, “It is possible even today for personal devices to initiate that and if I had my wish, only school devices on network devices on and very limited as far as personal email apps because as security we want to lock down as much as possible prevented use.”

“Not a whole lot of warm fuzzies here.” Piraino replied. Bryan added that the best solution is to, “The best and we talk about practices and understanding what that means is coming up with a software list. A committee to approve software to be used. Allowing Personal devices on the network, do we have a second internet connection that we don’t run on…there are a lot of things you can build into the network to protect your school network and internet access. There are other things that can be done. It becomes difficult because there is a cost issue with it, but not impossible.”

Bryan stressed the importance of forming a technology committee and he would sit in with the group to provide insight, “I can’t set policies.”

Bryan went on to add that the remote aspect of school is not changing anytime soon in his opinion. “My belief is we will remain in a remote environment and as we utilize that more and more and children are at home, and say a slide show that bandwidth….for a teacher to initiate a google meet it takes about .4MB and then .4-.8MB for each student. 13 MB per class size in a normal environment, but when you start presenting to the group from there it can potentially be using more bandwidth from there.”