A distributed denial-of-service (DDoS) attack created security concerns and outages for Sarasota County Schools. The organization worked with F5 to implement a robust security solution and stopped the attack at its source. The result has been no downtime and no successful DDoS attacks to date.
Sarasota County Schools is responsible for the education of more than 42,000 students in 52 schools. It enthusiastically embraces technology to facilitate creative, collaborative learning.
The school system’s IT department is responsible for network security and recognizes the need to take quick action if security threats arise. For example, the school system was the target of a DDoS attack against its primary website. “A lot of our teachers don’t know how to access applications without going through the main site, so it was a real productivity problem when the DDoS attack struck,” explains Todd Alexander, Manager of School Support Services for Sarasota County Schools. Department staff immediately sought assistance from outside security experts to complement their own security skills.
The organization also values the performance back-end systems, which includes effective traffic management for key applications, especially during peak enrollment periods. Three years ago, the organization’s IT department recognized a need to standardize on a single solution as part of promoting an easier-to-manage homogeneous IT environment.
“We implemented load balancing in a many different ways,” says Alexander. “I was using F5; others used DNS-based techniques or technology built into the operating system. It was time for a change.”
To address the DDoS attack and to strengthen security in general, the IT department contacted Optiv Security—an F5 partner that had previously upgraded F5 products for the school system. Optiv provided initial consultation and then brought in F5 Support and Professional Services, which assembled an emergency response team.
F5 and Sarasota County Schools traced the DDoS attack to its source and neutralized it. “We created really powerful solutions that gave us exactly what we needed,” says Alexander. “The help we received from F5 was outstanding.”
The IT department worked closely with F5 staff to implement a variety of security measures, including F5 BIG-IP Application Security Manager (ASM) for additional protection against DDoS attacks.
To address its load balancing issue, Sarasota County Schools standardized on BIG-IP Local Traffic Manager (LTM). “We chose F5 because we’d had positive experiences with the company’s BIG-IP platform, and we knew it offered superior capabilities,” says Alexander. BIG-IP LTM can serve the school system as a comprehensive, single-unit solution for traffic management that encompasses not only load balancing but also faster application deployments, analytics, clustering, on-demand scaling, and much more. “It is a leader in its market space, and it has been as close to trouble-free for us as you can get.” The department also uses BIG-IP LTM for SSL offloading.
Additionally, the organization chose BIG-IP Access Policy Manager (APM) to centralize control over access to existing processes and applications, as well as any future business applications.
The school system also purchased a Professional Services Agreement and the Best option of the Good, Better, Best licensing model, which saved money by bundling BIG-IP ASM and BIG-IP LTM.
By deploying a robust application delivery solution and working with F5 Support and Professional Services, Sarasota County Schools enjoys an IT infrastructure that is more secure. The IT department has ready access to responsive, expert support and consultation services, and its applications perform better.
With the new security solution, Sarasota County Schools will be better protected against threats that can be more serious than a DDoS attack. Alexander adds that the school system has valuable confidential information about students and staff, and notes that someone might post something on sites that they shouldn’t, perhaps accidentally—student IDs, for example. “It isn’t feasible to manually check that, but the BIG-IP ASM module can be configured to do it for us.”
Working with F5, Alexander’s team is configuring BIG-IP ASM to improve the security of applications that are not fully protected. He reports that his team is amazed by how flexible and feature-rich BIG-IP ASM is. “It’s like having a new Ferrari in your garage. We don’t know everything BIG-IP ASM can do yet, but we’re looking forward to seeing how fast it can go.”
Additionally, the Children’s Internet Protection Act (CIPA) requires proper security to be in place. “We do have to be compliant with CIPA. We’re audited by the state on a regular basis, and they look at how we’re dealing with student information.” Alexander expects that BIG-IP ASM will more than satisfy these regulations.
Alexander describes how he is able to get support and services from F5 that are much more responsive than competitor services, even if the issue isn’t due to an F5 product failure. “I’ve called vendors before and said, ‘I’m in a crisis.’ And they’d say, ‘Let me get a price quote for you first.’ F5’s response was, ‘Let’s see what we can do for you right now.’”
A senior IT employee further emphasizes the point. “There are vendors who say they want to partner with you and there are vendors that show you what it means to be your partner. F5 takes the latter of those two approaches,” says Joe Binswanger, Director of Information Technology for Sarasota County Schools.
Alexander adds, “We’re building a relationship, building a partnership, because we feel that F5 is looking out for our interest, not just looking for an end-of-quarter quota.”
Alexander notes that with their limited budgets most public schools have historically viewed internal IT departments as a luxury, but that is no longer the case. “IT technology has to work well all the time because we rely on it for essential tasks and record-keeping. It’s not just a nice extra to have anymore.”
The IT department also is less dependent on administrator knowledge to handle security issues. “In the past, if someone was using non-standard technology and was on vacation, for example, we’d have been out of luck if something went wrong. Now, we’re not so vulnerable from a staffing perspective.”
Alexander concludes, “Fortunately, I don’t have to worry about poor reliability and downtime with F5. I’ve worked with its products for a long time, and when technical issues come up, I say ‘I don’t think it’s F5’—and it’s not. It’s always something else.”