SURFcert provides your institute with security incident support 24 hours a day, 7 days a week. SURFcert also provides you with tools to optimise security within your institute yourself. For example, SURFcert is continuously minimising the nuisance of DDoS attacks.
Institutions connected to SURFnet are facing an increasing number of Distributed-Denial-of-Service (DDoS) attacks. SURFcert works around the clock to minimise the disruptions associated with these attacks and thereby better protect your institution.
Denial-of-Service: systems overloaded with data traffic
In a Denial-of-Service attack, systems, online services and/or infrastructures are attacked by overloading them with data traffic. This can have a negative effect on accessibility. A Denial-of-Service attack can originate from a single system but can also be generated by several systems at once, in which case the attack is known as a Distributed-Denial-of-Service attack (DDoS). At present, most DoS attacks are of the distributed type.
SURFcert helps to prevent and neutralise attacks
SURFcert helps institutions to analyse and neutralise attacks of all kinds. To minimise the impact of DoS and DDoS attacks, we currently offer two traffic-restricting instruments – the 'washing machine' and network filters – that we can implement in consultation with your institution. This is done under the institution's own responsibility, as naturally some traffic flows may in fact be desirable, for example to a popular video server.
If an attack is already underway, SURFcert can deploy the 'washing machine', which is a rapid intervention of a limited duration. This instrument diverts traffic from the IP address targeted by the attack and eliminates undesirable traffic in order to completely or partly intercept the attack. Bottlenecked SURFinternet connections can quickly be freed up again this way.
These targeted filters within the SURFnet network offer a preventive shield against several common types of attacks. They work by limiting the amount of traffic than can be transmitted via certain protocols that are frequently misused for (D)DoS attacks. SURFcert applies these filters at the institution's request, or may recommend doing so during or after a (D)DoS attack.
What can you do?
In the event of an attack
As soon as you detect an attack, phone the SURFcert emergency hotline, accessible 24/7 on +31 6 22 92 35 64.
Contact SURFcert to discuss the application of a preventive filter. We also recommend that you implement protective measures yourself. This is because SURFcert does not offer protection against all types of attacks. Most notably, network filters cannot intercept attacks carried out at the application level. Naturally, SURFcert would be happy to advise you about this.
Tracking down culprits
Analysing and neutralising attacks is only part of the solution; tracking down the culprits is also crucial and helps to prevent future attacks, certainly those from within your own network. Consequently, it is important that you try to find those responsible for an attack, calling in outside help if needed, and to hold them accountable if possible.
There is no additional cost for SURFcert (D)DoS protection. As part of our basic service package, it is included in SURFnet's fixed connection fee.