In early 2016, we got wind of a potential (distributed denial-of-service) attack on one of our school members. We contacted the network administrator there to investigate what was going on (sometimes it’s simply a case of the school doing a lot of downloading at one time, which means we don’t need to do anything on our end).
But in this case, the administrator discovered that two students had been playing Runescape, a popular fantasy-based massively multiplayer online role-playing game (MMORPG). Some players of this game had famously discovered an easy way to shut down their opponents — by launching a DDoS attack against them. (You can find tutorials on how to launch a DDoS attack on Runescape and similar MMORPGs through a simple YouTube search.) The administrator figured that this was what was happening to the students at his school, and worked with us to block the affected IP address.
This level of network monitoring and collaboration to fix issues is relatively unique among network providers, and something we feel is worth raising more awareness of. As well as managing Alberta’s Research and Education Network, and helping public and education institutions connect to this network, our team regularly communicates with members about their network, and works with them to address potential issues and threats.
This is important, as many Internet Service Providers will automatically shut down all the traffic on an IP address when they spot a threat. Such an action could prove disastrous for a small school that relies on that IP address for all their internet activities. We like to be more strategic, and find the specific traffic being attacked, working with our members to minimize the impact on their day-to-day internet needs. One of the most rewarding parts of our job is helping a member avert a network disaster, especially if it means students will have the bandwidth they need to learn!
We currently use two network monitoring systems to do both high-level monitoring and deep diving into specific issues. Going forward, we’re investigating using BRO, a security framework for collecting information logs and running more detailed network analysis.
We’re also looking at ways to build a more flexible DDoS monitoring system for each specific member, which could be adapted to their size and how deep they want their DDoS investigations to go.
Of course, effective network security requires a multi-layered approach, beyond just monitoring for disruptive attacks. Following the successful pilot a Virtual Firewall program, we will be officially launching the Virtual Firewall Service to Alberta educators early this spring. This will be particularly helpful to smaller schools and post-secondary institutions who may be limited in their IT resources, as it frees them from having to buy and host their own physical firewall appliances.
If anyone has more questions about Cybera’s network security activities, or what steps you can take to improve your organization’s network security, please get in touch!