FULL MENU

Stanislav Prokofiev, Rector of the FinU, took part in the Question to the Rector project which is being implemented on the website of the Russian Union of Rectors.

– The start of the 2022 admission campaign in Russian universities coincided with DDoS attacks on university websites in different regions of the country. Universities in Nizhny Novgorod, Astrakhan, Orenburg, Tyumen, Kemerovo Oblast, Krasnoyarsk Krai, Komi, Tatarstan, Chechnya, the Republic of Buryatia and other regions have faced this kind of challenge. This was officially stated by representatives of universities in social networks and on official resources.

Has your university encountered any hacker attacks? What conclusions and practical steps have been taken as a result of these events?

– The information security of the university consists of two main components: information security inside the university and the prevention of threats from outside. Internal information security includes maintaining the operability of the digital infrastructure and services that ensure the university life, maintaining regulations for the processing of official information and personal data. External threats are illegal or unintentional actions aimed at disrupting the habitual university life. These can be both technical threats and fraudulent actions.

At the beginning of the accelerated information technology development and business processes’ automation, opportunities for digital attacks on the university infrastructure in a broad sense have significantly increased. This includes fishing, email attacks, virus codes and many other types, as well as DDoS attacks.

In some cases, a spontaneous DDoS attack may occur when a large number of users simultaneously access a particular site that cannot process a large number of requests and a service denial occurs.

Back to the point, cyberattacks on educational institutions have been actively revealed over the last 10 years, either at random points in time, or timed to external or internal university events.

Since that time, FinU has been taking measures to improve information security and sustainability of digital infrastructure and services. Since February 2022, the number of DDoS attacks has steadily increased and reached its peak during the admission campaign. A significant number of DDoS attacks were carried out from so-called unfriendly countries. After the origin identification of the mass sources, strict restrictive measures were taken against them. In the meantime, foreign users were provided with methodological support to maintain access. The maximum attack was during the admission campaign and was recorded at the level of 40 thousand requests per second.

Thanks to the measures taken in advance – the expansion of communication channels, the introduction of DDoS protection services by federal providers (and other special measures) – it was possible to protect the FinU websites and maintain their accessibility. Also, further steps are underway to automate this process, fine-tune parameters and implement intelligent support services.

In general, information security is a large and interesting area that is becoming especially demanded in the digital age. The FinU Department of Information Security offers training courses in information security for both bachelor’s and master’s degree programs. There is a specialized educational and scientific laboratory of information security at the Department, which deploys various testing grounds for addressing cyber threats, including the study of DDoS attacks.