On that note, how did your university protect itself from those vulnerabilities?
A philosophy that we believe in at Dong Hwa University is that as the threat landscape evolves, so must our cyber defences.
Hence, we were proactively searching for a multi-layered DDoS protection solution - one that could guard against today's volumetric, network and application-layer attacks.
Specifically, we needed a solution that could protect:
- The school's information systems such as e-learning system, mail system, cloud-based hard drive etc
- Our administrative system from HTTP attacks
- The DNS services against DNS application attack
- The web service of online course registration system from HTTP slow attack
- The firewall and security device against TCP connection flood
- The campus network for Taiwan Academic Network (TANet) academic researching
Following consultations with A10 Networks, we deployed the A10 Networks Thunder TPS in L2 inline proactive mode which supports up to 10 Gbps traffic throughput. We chose this proactive, symmetric configuration because it allowed us to have continuous, comprehensive detection and faster mitigation - a capability that is most useful for real-time environment where user experience is crucial.
We also implemented the multi-protocol counters and behavioral profiling which allowed us to apply escalating protocol to identify attackers from valid users intelligently for appropriate mitigation. This complex mitigation ensures that our application-layer is secured.
Why did you choose to deploy A10's multi-layered DDoS protection instead of other cybersecurity solutions such as those using machine learning?
Our colleagues evaluated several security vendors and ultimately decided on A10's Thunder TPS due to its real-time detection and mitigation of DDoS attacks. This includes pure volumetric, resource, and application-layer attacks.
Did you face any challenges when adopting the solution, and how did you overcome them?
The implementation of A10's Thunder TPS was smooth sailing as it is a new solution that we have adopted. Its multiple performance options and flexible deployment models enables it to be easily integrated into our existing infrastructure. This significantly reduce implementation downtime.
So how has A10's solution benefitted Dong Hwa University so far?
Before we implemented Thunder TPS, our campus network was sometimes unstable and services availability was often impacted. This was because the volume of firewall sessions will constantly exhaust firewall CPU resources resulting in packets dropped. Our DNS server would crash causing clients from campus network to have no access to the internet. Our web portal service was sometimes slow and even saw some downtime.
However, since deploying A10's Thunder TPS, our information and administrative systems have been performing optimally. The solution has successfully detected and mitigated multi-vector DDoS attacks in the application layer. This includes a HTTP slow attack, HTTP Get flood attacks and DNS application attacks.
In peace time, A10 Thunder TPS provides 24-7 monitoring of services such as the institute's web portal and e-learning system. This has ensured the seamless access to online resources amongst students and academics.
What do you intend to do next to further secure your campus?
Given that we have successfully implemented A10's Thunder TPS across our campus network, our immediate next step is to secure Taiwan Academic Network (TANet) or even Taiwan Advanced Research and Education Network (TWAREN).
As a regional hub for the TANet and GigaHub for the TWAREN, we are responsible not only for our campus' defenses, but that of the TANet and TWAREN infrastructure, which serves approximately 4 million students and academics. Any interruptions will not only impact students' learning experience, but also impede academic researchers' project timelines. As such, it is critical for us to ensure that our systems and network are constantly performed at the optimal, providing students and staff with a secured learning and research environment.
Sign up for CIO Asia eNewsletters.