DDoS Protection for Schools: Included As Standard With Every Schools Broadband Connection
When your school relies on the Internet for teaching, learning, safeguarding, administration, cloud platforms and communication, a reliable connection is essential.
That is why every Schools Broadband customer benefits from proactive Anti-DDoS protection as part of our security service.
It works quietly in the background, helping to protect your school’s connection from malicious traffic before it can cause disruption.
What is a DDos attack?
A Distributed Denial of Service attack, commonly known as a DDoS attack, is designed to overwhelm an Internet connection, network or online application with high volumes of traffic.
The aim is simple: to make the service slow, unstable or unavailable.
For a school, that could mean disruption to online lessons, cloud systems, safeguarding tools, communication platforms, MIS access, exams, administration and day-to-day operations.
DDoS attacks can vary in size and complexity, but the outcome attackers are looking for is the same – disruption.
The two main types of DDoS attack we protect against
Our Anti-DDoS service helps protect schools from malicious traffic in two key ways.
1. A targeted volumetric DDoS attack
This is the most common type of attack we see.
A volumetric DDoS attack happens when an attacker instructs large numbers of compromised computers or devices to send huge amounts of traffic towards a customer’s Internet connection.
The purpose is to flood the connection with more traffic than it is designed to handle.
For example, if a school has a 1Gbps Internet connection and an attacker sends 5Gbps of traffic towards it, that traffic could overwhelm the line. Without effective protection, this can cause the Internet connection to become extremely slow or stop working altogether.
Our Anti-DDoS platform is designed to identify and block this malicious traffic at the edge of our network before it reaches your school.
2. Application-based DDoS attacks
An application-based DDoS attack targets an application or service that is accessible from the Internet and hosted within a school’s environment.
Instead of simply overwhelming the Internet connection, the attacker sends large numbers of attempted connections to the application itself, with the aim of stopping it from working properly.
These attacks are less common for schools than volumetric attacks, particularly as many schools now use cloud-hosted applications rather than hosting services locally. However, they remain a risk where applications are publicly accessible.
How Schools Broadband protects your connection
Our Anti-DDoS platform monitors traffic coming into our network from external points across multiple data centres.
When malicious traffic is detected, it is intercepted and mitigated at the network edge. This helps ensure that clean, legitimate traffic continues to reach your school, while harmful traffic is blocked before it can cause disruption.
This is a significant part of our security investment. We invest hundreds of thousands of pounds each year into this service alone, because resilience matters.
For schools, this means the protection is already in place, already active and already working in the background as part of your service.
How we’ve protected our schools
- An average of just over five DDoS attacks were launched against our customers every day.
- Around 2% of our customer base were targeted
- The largest attack was roughly equivalent to the average peak usage of around 350 secondary schools at the same time, or nearly 60,000 simultaneous HD Netflix streams per second.
- Most attacks were short in duration, which is likely because attackers could see they were unsuccessful.
- Despite the scale and frequency of these attacks, none of our customers were impacted.
That final point is the most important.
Although attacks were taking place, customers continued to benefit from a clean, reliable Internet connection because the malicious traffic was mitigated before it caused disruption.
Below is an example snapshot from our anti-DDoS vendor:
Why would someone target a school?
It can be easy to assume that cyber attacks are only aimed at large businesses, public sector organisations or high-profile institutions.
In reality, schools can be targeted too.
In our experience, one of the most common sources of DDoS attacks against secondary schools is pupils attempting to disrupt the school day. This may be done for attention, social status or so-called “bragging rights”.
These attempts can be especially disruptive around exam periods, when reliable connectivity is particularly important.
We have also seen attacks from more sophisticated sources, including foreign state-sponsored actors targeting our network. This is why we remain vigilant and continue to invest in proactive protection, monitoring and mitigation.
How are DDoS attacks commonly launched?
DDoS attacks can be launched in several ways.
In some cases, a pupil may find a website or application that acts as an “Internet stress tester”. These tools are often designed to send sustained traffic towards a target for a short period, usually around 5–10 minutes.
Some are free and relatively easy to find online. Others are paid-for services that can generate much larger volumes of attack traffic.
These tools may be accessed from a school computer, a personal device or a Bring Your Own Device network. In some cases, users may attempt to bypass filtering by using encrypted VPNs or proxy tools.
Good web filtering will block the vast majority of these websites and applications, often under categories such as hacking. However, risks can increase where filtering is not configured correctly, school-owned devices are not locked down, or pupil BYOD access is not properly controlled.
How can schools reduce the risk further?
Your school already benefits from proactive Anti-DDoS protection through Schools Broadband, but there are also practical steps that can help reduce the likelihood of attacks being launched from within the school environment.
1. Use an Internet provider with automated Anti-DDoS protection
The good news is that, as a Schools Broadband customer, you already have this in place.
Not all Internet providers include proactive, automated DDoS protection as standard.
Some providers rely on manual intervention, which can mean a longer period of disruption while engineers investigate the attack, understand how the school is being targeted and apply mitigation.
In some cases, manual responses may involve changing the school’s external IP address. This may only provide a temporary fix, rather than a long-term protection strategy.
Automated, always-on Anti-DDoS protection is designed to act much faster, helping to stop malicious traffic before it reaches your school.
2. Block stress-testing websites and applications
Stress-testing tools are often categorised as hacking-related websites or applications.
Where schools use our web filtering and security services, these categories are blocked by default, helping to reduce the risk of pupils accessing tools that could be used to launch attacks.
3. Lock down school-owned devices
School-owned devices should be configured so pupils cannot install unauthorised software.
This helps reduce the risk of stress-testing tools, VPN bypass software or other unwanted applications being installed and used on the school network.
4. Block known malicious IP addresses and rogue domains
Filtering and security services should block known malicious IP addresses, rogue web domains and services commonly associated with cyber threats or attack tools.
This helps strengthen the school’s wider security position and reduces the chance of harmful traffic being generated from within the network.
5. Review pupil BYOD access
Filtering and security services should block known malicious IP addresses, rogue web domains and services commonly associated with cyber threats or attack tools.
This helps strengthen the school’s wider security position and reduces the chance of harmful traffic being generated from within the network.
Clearer Visibility Into Your Protection
We are continuing to improve the visibility customers have of the protection we provide.
In the mid-term, we plan to add Anti-DDoS statistics into our customer Hub, so schools can see whether their Internet connection has been targeted and how attacks have been mitigated.
We can already manually pull statistics for an estate of Internet connections where needed, and we will review the first six months of 2026 in our next update.
Security that works in the background
DDoS protection is not always visible day to day, but when an attack happens, it becomes essential.
Our Anti-DDoS platform helps protect schools from disruption by identifying and mitigating malicious traffic before it impacts the connection.
For customers, that means added resilience, a cleaner Internet connection and greater peace of mind.
It is one of the many ways Schools Broadband helps schools and trusts stay safe, secure, compliant and connected.
If you would like more information about how our Anti-DDoS platform protects your school, or if you would like us to review protection across your estate, please contact your Account Manager or Technical Account Manager.
Frequently Asked DDoS Protection Questions:
What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack floods a network or server with malicious traffic, overwhelming it until it can no longer function. For schools, this can disrupt online lessons, safeguarding tools, cloud platforms, MIS access and day-to-day administration.
Does Schools Broadband include DDoS protection as standard?
Yes. Every Schools Broadband customer benefits from proactive Anti-DDoS protection as part of their connection. There is nothing to configure or purchase separately — the protection is already in place and active.
What types of DDoS attack does Schools Broadband protect against?
Schools Broadband protects against two main types: volumetric attacks, which flood the network connection with traffic, and application-based attacks, which target a specific application or service hosted within the school’s environment.
How many DDoS attacks has Schools Broadband blocked this year?
We’ve stopped nearly 2,000 DDoS attacks with zero customers impacted.
Why would a school be targeted by a DDoS attack?
Schools are targeted for a variety of reasons, including disruption by pupils using freely available stress-testing tools, opportunistic attacks, and broader campaigns targeting public sector organisations. No school is too small to be a target.
What can schools do to reduce the risk of a DDoS attack?
Schools Broadband customers already have automated Anti-DDoS protection in place. Schools can further reduce risk by blocking stress-testing websites, locking down pupil devices to prevent unauthorised software installs, blocking known malicious IP addresses, and reviewing BYOD access policies.√