University Defends against Denial of Service Attack on Virtual Private Network

The denial of service attack slowed service and prevented access for some off-campus users.

By Maggie Loughran

An unknown group or individual attacked a service that provides secure access to resources on the University’s network for off-campus users on Wednesday evening.

The attack affected the University’s Virtual Private Network (VPN) service, cVPN. cVPN allows authorized users to remotely access the University’s Internet network, which includes licensed Library e-resources and certain restricted administrative systems. For a period of about 24 hours, some users experienced slow performance or were unable to connect to the Internet on their first login attempt.

University IT Services issued an update midday on Thursday announcing a denial-of-service attack, “where an outside entity causes the system to be unavailable or have reduced capacity, (directing a high amount of traffic to the site, thus causing other users to not be able to sign in, [for example]),” according to Marielle Sainvilus, director of public affairs.

This is the first time cVPN has been the target of a denial-of-service attack. Sainvilus did not comment on the origin of the attack, but said that “IT services has the proper security measures in place and is effectively managing network-based threats to their systems.”

By 6 p.m. on Thursday, cVPN returned to near-normal operation and IT Services labeled the issue “resolved” on its website. Engineers will continue to monitor the VPN in case the attack occurs again.