Griffith University’s Southbank campus was in the heart of the G20 Summit exclusion zone. Before and during the event Griffith University provided significant support to the Summit by hosting a number of events at our Southbank Campus. This provided a number of challenges particularly as the Summit occurred during Exam Week.
It was anticipated that this would result in a high level of unwanted attention to our networks. As a result of these concerns GU implemented additional Security measures to significantly increase the level and layers of security protection. The key goal for Griffith University was to ensure that public and student facing systems were available in the event of an attack. Other business processes would be done from within the network should Internet connectivity be compromised.
Threats can come from outside or inside the network, so for Internet based DDoS and application attacks, a cloud-based DDoS/Web Application Firewall (WAF) was implemented. For threats that may have eventuated from inside the network, a Managed Security Service (MSS) was implemented for monitoring system and network log data. Care and feeding of the Unified Threat Management devices was greatly increased, for inspection of network based attacks. Implementation of the cloud DDoS/WAF and MSS was completed in three months.
Levels of bad traffic increased by several orders of magnitude in the weeks leading up to the G20 Summit, however Griffith University was not defaced, and did not suffer any loss of connectivity during the periods immediately before, during and after the Summit.
The main lesson from this undertaking is to be smart about what is monitored, and have eyes on security appliances with proportional responses.