In case of hack: hardened emergency server
Various public institutions such as universities and colleges are currently a lucrative target for hacker attacks. These attacks usually result in the entire IT infrastructure having to be shut down to prevent further damage and to forensically investigate the entire incident. Such an attack usually affects the smooth operation of your own website, even if it was not the target of the attack. In this case, external communication (and sometimes also internal for students and teachers) is made even more difficult. We consider it extremely important to have a working communication channel to report on the state of affairs and to prevent possible false speculation.
We at in2code have therefore sat down and played through such a scenario step by step and analyzed it in detail. And that's why we offer an externally hosted, lean and secure TYPO3 for colleges, universities and public institutions, which can replace the normal website for a defined period of time in such a case. This "Software as a Service" solution is not an individually configurable system, but only a slimmed down but high-performance TYPO3, which allows a minimum of conceivable layout changes (such as logo, color, footer). This emergency system can then serve as a communication channel, for example, to report on the status of the attack or the progress of the clean-up work.
Such a system must be hosted externally and be extremely robust against possible attacks (hacks and DoS attacks). We provide a simple TYPO3 system that can be updated with news by one or a few editors. At the same time, this hardened system will only display static HTML pages from TYPO3 in order not to offer any unnecessary points of attack.
The infrastructure of this emergency system is structured in such a way that the IT performance can be scaled up as required. This is necessary on the one hand to have a cost-effective emergency solution available 99% of the time, but on the other hand such a website must also be able to easily withstand an extreme number of requests (e.g. in the event of an attack).
Your communication in an emergency could look something like this
This is a very lean and extremely high-performance TYPO3 system (only news is available here), to which you and one or two colleagues have access. The color, the logo and the complete footer can be individually designed by you. Look at our emergency-server-example system.
Maximum scalability at minimum cost
The use of a cloud solution may pose a data protection problem for the operation of a normal university website, but not for a small static page that is only intended to display publicly available information. In this case, the use of Amazon Web Service (AWS) is possible without hesitation in relation to the GDPR.
And the advantages of AWS are significant: The infrastructure of this emergency system is structured in such a way that IT performance can be scaled up as required. This is necessary on the one hand to have a cost-effective emergency solution available 99% of the time, but on the other hand such a website must be able to withstand an extreme number of requests very quickly and without any problems.
Operation with or without a proxy
This system can be operated via an emergency domain (e.g. status.uni.com). Alternatively, you can switch to this system, which is always ready for use, via DNS settings when calling up the normal domain. However, such a change can usually take up to 48 hours. It gets even more complicated when the DNS server is located within the university data center.
We therefore offer a solution on request that enables automatic or manual switching to an emergency system. Such a system can then also be used to better withstand digital attacks. We are thinking of a well-known European proxy provider that will be switched on before the regular operation of the website. In an emergency, switching can be done in a few seconds.
As a further part of hardening against attacks, we use a variety of techniques to keep the emergency website load time to an absolute minimum. In addition to the improved user experience, data costs are further reduced for the user, especially on low-bandwidth connections. For example, we use Brotli, GZip, and whitespace stripping to compress the HTML. Brotli is a modern compression algorithm that offers a higher compression rate than, for example, GZip.
The CDN (Content Delivery Network) we automatically deploy is a network of servers that deliver content such as images, videos, and HTML pages to users near the original server. This further takes the load off TYPO3 and allows the page to be delivered even if the CMS should not be available for a short time.
Your emergency system based on TYPO3
Crisis Communication Concept
We recommend developing an internal crisis communication concept for emergencies and defining responsibilities and processes at an early stage. Otherwise, in the event of a hack, things quickly become chaotic and often lack coordination. We are happy to support you if there is a need for this.