Recently, California’s Corona-Norco Unified School District (CNUSD) found itself under attack. When the IT team investigated the problem, they discovered someone was attempting to disrupt the service and availability of its servers. The complete case study is available here.
The Corono-Norco Unified School District
Located in Riverside County, Calif., the CNUSD serves 51 schools and approximately 54,000 students in Norco, Corona and Eastvale. It’s one of the largest school districts in the state (and the country) and includes 33 elementary schools, eight intermediate schools and eight high schools.
As CNUSD continues to lead and innovate with transformative technology, its dependence on online resources and curriculum continues to grow. Through the district’s career and technical education pathways and its commitment to science, technology, engineering and math academics, students have the opportunity to graduate with skills in a variety of IT certification programs.
Online Learning Programs, Grading Records Under Attack
In March of 2016, CNUSD noticed some troubling activity directed toward its public-facing webservers. The district relies on both on-premises next-generation firewalls as well as cloud-hosted solutions to provide the security functions it needs.
“From the evidence gathered, we believed that it was student related,” says Brian Troudy, the district’s director of network and infrastructure. “They were attempting to not necessarily compromise our systems, but simply disrupt service and availability of our public webservers and our parent-accessible grading web servers.”
One option available to Troudy and his network and data center operations team would have been to severely limit what students could do with the technology. But that option was rejected.
Instead, the school district wanted to continue to grant necessary access to all learning activities.
“There are always students who enjoy being a little mischievous,” says Troudy. “Five years ago, our primary concern was how to get technology into the classroom for the students to consume. Student skills have accelerated far beyond keyboarding a web-based research to help complete assignments. Their skills are advanced and now they’re inside our network.”
Protecting CNUSD’s Web Applications
At this point, security analysts recommended CNUSD consider hiring Imperva Incapsula for its comprehensive website protection services. Troudy knew he needed help, but he also needed the solution to be simple to use.
“My infrastructure support team is constantly running around putting out fires,” he says. “I didn’t want a solution that was going to be overly involved on a technical level, one that required a tremendous amount of professional services or had a steep learning curve. It had to be easy to implement and maintain – even if none of us had touched it for a while.” The Incapsula solution met all of those requirements right out of the gate.
“Incapsula Website Protection onboarding was ultra-simple,” says Troudy. “We had 20 of our websites protected by Incapsula within a day or two. It was really easy to configure and tune. It was a huge benefit for us to be able to get it in place very quickly. It has been exposed to a tremendous amount of [reporting] visibility that we have not had with other on-premises solutions.”
Continues Troudy: “Incapsula renders malicious student activities moot. Even if we had chosen to ratchet everything down on the computers students use to access the internet, they likely would have launched new attacks from their smartphones. Incapsula completely blocked all that sort of activity.”
Troudy noticed attacks on the school district’s servers increased in magnitude immediately following deployment 10 months ago. “But Incapsula successfully fended those attacks and kept our servers online and available,” he says.
Internet Connectivity Under Attack
Students then quickly escalated their activities by launching distributed denial of service (DDoS) attacks directly targeting the organization’s internet connection. This rendered the school district’s network unusable.
CNUSD’s content filtering logs revealed access to vBooter, Rage Booter, Booter Box, IP Stresser and others – all DDoS-for-hire services easily accessible by anyone today.
The district had several cloud-hosted resources to facilitate student research, blended learning, and online engagement. In addition to being a Microsoft Office 365 subscriber, it relies on cloud-based services such as Blackboard and Canvas. All of those resources were unavailable to the organization as a result of the attacks.
“All it takes is $7 on a credit card to render my internet connection obsolete,” says Troudy.
Adding Infrastructure Protection
Troudy and his team briefly considered other vendors. But based on CNUSD’s success with website protection from Incapsula, the group chose to also onboard the company’s Infrastructure Protection solution.
Incapsula Infrastructure Protection took a bit more time to onboard simply because of the nature of how it works. “We’re still fine-tuning a few small details. From start to finish, the overall implementation ran about two or three weeks,” Troudy says.
Both Incapsula solutions have been well received. CNUSD is pleased by the stable solution to the security problems they faced last year. After just two months of infrastructure protection in place, Troudy and Incapsula were able to ensure that similar occurrences would not happen again.
At a K–12 school district technology consortium conference last November he warned the group of the internet security issue, telling other districts to be prepared. Since then a number of them have engaged with CNUSD’s group to learn from their experience, specifically given the simplicity with which a DDoS attack can be launched by anyone at such a negligible cost.
Availability and Web Security
After on boarding Incapsula, CNUSD achieved multiple benefits across the organization:
Availability – CNUSD’s systems are online giving students access to the full curriculum of independent study offerings, grades and homework assignments.
Infrastructure protection – students can leverage the school district’s infrastructure as a learning platform when they need it.
Better visibility into website traffic – CNUSD has a granular view of traffic and can identify perpetrators quickly.
Enhanced security – Incapsula WAF provides always-on protection against DDoS attacks and blocks exploit attempts from DDoS-for-hire services.