TYPO3 Blackpage Emergency website for universities and colleges

In case of hack: hardened emergency server

Various public institutions such as universities and colleges are currently a lucrative target for hacker attacks. These attacks usually result in the entire IT infrastructure having to be shut down to prevent further damage and to forensically investigate the entire incident. Such an attack usually affects the smooth operation of your own website, even if it was not the target of the attack. In this case, external communication (and sometimes also internal for students and teachers) is made even more difficult. We consider it extremely important to have a working communication channel to report on the state of affairs and to prevent possible false speculation.

Solution

We at in2code have therefore sat down and played through such a scenario step by step and analyzed it in detail. And that's why we offer an externally hosted, lean and secure TYPO3 for colleges, universities and public institutions, which can replace the normal website for a defined period of time in such a case. This "Software as a Service" solution is not an individually configurable system, but only a slimmed down but high-performance TYPO3, which allows a minimum of conceivable layout changes (such as logo, color, footer). This emergency system can then serve as a communication channel, for example, to report on the status of the attack or the progress of the clean-up work.

Details

Such a system must be hosted externally and be extremely robust against possible attacks (hacks and DoS attacks). We provide a simple TYPO3 system that can be updated with news by one or a few editors. At the same time, this hardened system will only display static HTML pages from TYPO3 in order not to offer any unnecessary points of attack.

The infrastructure of this emergency system is structured in such a way that the IT performance can be scaled up as required. This is necessary on the one hand to have a cost-effective emergency solution available 99% of the time, but on the other hand such a website must also be able to easily withstand an extreme number of requests (e.g. in the event of an attack).

Your communication in an emergency could look something like this

This is a very lean and extremely high-performance TYPO3 system (only news is available here), to which you and one or two colleagues have access. The color, the logo and the complete footer can be individually designed by you. Look at our emergency-server-example system.

Maximum scalability at minimum cost

The use of a cloud solution may pose a data protection problem for the operation of a normal university website, but not for a small static page that is only intended to display publicly available information. In this case, the use of Amazon Web Service (AWS) is possible without hesitation in relation to the GDPR.

And the advantages of AWS are significant: The infrastructure of this emergency system is structured in such a way that IT performance can be scaled up as required. This is necessary on the one hand to have a cost-effective emergency solution available 99% of the time, but on the other hand such a website must be able to withstand an extreme number of requests very quickly and without any problems.

Operation with or without a proxy

This system can be operated via an emergency domain (e.g. status.uni.com). Alternatively, you can switch to this system, which is always ready for use, via DNS settings when calling up the normal domain. However, such a change can usually take up to 48 hours. It gets even more complicated when the DNS server is located within the university data center.

We therefore offer a solution on request that enables automatic or manual switching to an emergency system. Such a system can then also be used to better withstand digital attacks. We are thinking of a well-known European proxy provider that will be switched on before the regular operation of the website. In an emergency, switching can be done in a few seconds.

Extreme performance!

As a further part of hardening against attacks, we use a variety of techniques to keep the emergency website load time to an absolute minimum. In addition to the improved user experience, data costs are further reduced for the user, especially on low-bandwidth connections. For example, we use Brotli, GZip, and whitespace stripping to compress the HTML. Brotli is a modern compression algorithm that offers a higher compression rate than, for example, GZip.

The CDN (Content Delivery Network) we automatically deploy is a network of servers that deliver content such as images, videos, and HTML pages to users near the original server. This further takes the load off TYPO3 and allows the page to be delivered even if the CMS should not be available for a short time.

Your emergency system based on TYPO3

Check

Editorial system

TYPO3 serves as a well-known CMS for the editors to post news
Check

Low monthly costs

Für unsere Bestandskunden fallen lediglich 1h Support pauschal pro Monat für Wartung und Hosting an
Check

Snooze mode included

Low cost as the system is in some form of hibernation 99% of the time, ready to go
Check

Scalable at the push of a button

Even with a large number of requests, the system can be scaled quickly
Check

Hardened system

A TYPO3 that only plays robust HTML files serves as a strong foundation
Check

GDPR compliance

We pay particular attention to GDPR compliance for all components and would be happy to advise you

Crisis Communication Concept

We recommend developing an internal crisis communication concept for emergencies and defining responsibilities and processes at an early stage. Otherwise, in the event of a hack, things quickly become chaotic and often lack coordination. We are happy to support you if there is a need for this.

Interested? Ask us.

Left
Right
Sandra Pohl

College or university projects in the TYPO3 area?

Do you have questions about this or other college or university projects in the TYPO3 area?

Our Professional Scrum-Master and Product-Owner Sandra Pohl will be happy to help you.

Sandra Pohl |  Product Owner & Project Manager