The G20 Summit was held in Brisbane during November 2014, putting the spotlight on the city but also making organisations there a potential target for politically motivated hackers.
Plans were put in place at Griffith University to prepare the university’s cyber security response.
Speaking at AusCERT on the Gold Coast, Griffith University senior project manager Greg Vickers told delegates that it wanted to defend against potential breaches, defacements and data losses.
“One of the other risks we identified was the potential for insider threats either from someone enrolling in the university or someone getting access to a staff or student account from outside the organisation,” he said.
Griffith University installed a managed security service from Symantec and a cloud-based application firewall service by Akamai.
“We used that [Symantec] solution for a six-month period and it was very easy to decommission. All we had to do was remove the log configuration, turn off the log collector and Symantec decommissioned the configuration from their end.”
Vickers said it was difficult to implement the firewall solution because it was intercepting traffic from clients through to Web servers.
“There was potentially a huge impact on staff and students. We could have broken Web services and that would have been very bad for the user experience,” he said.
Nineteen websites were migrated into the cloud-based service within three months. Because of the pace of the implementation, it had to test the sites during production.
“As we progressed to the G20, the bad guys were looking at us. The network security team spent every day adding quarantine blocks and come the post G20 Monday, they [cyber criminals] were still trying to get to us.”
No websites were defaced and no successful attacks detected, said Vickers.
“If we had to do this again, I would want much more time to test in those environments. It’s about engaging with the people who have the authority to implement those solutions in that timeframe. If I had tried to do this without the appropriate level of engagement with the university, it would not have happened,” he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Read more: Data retention laws and media - AusCERT 2015