iTnews
  • Home
  • News
  • Technology
  • Security

Canberra to bolster its websites against DDoS attacks

By Paris Cowan on Jan 18, 2017 11:28AM
Canberra to bolster its websites against DDoS attacks

Avoiding another Census-scale embarrassment.

The Department of Finance is weighing up ways to protect dozens of federal government websites on its Drupal-based GovCMS platform against DDoS and other potentially devastating attacks.

At last count, 137 websites were hosted or in development on the whole-of-government web platform, accounting for 52 government customers.

The Drupal platform, provided by Acquia from AWS Sydney data centres, is home to a number of high-profile sites that would appeal to attackers, including for the Australian Army, the Department of Human Services, Australia.gov.au, and the Department of Communications.

In the wake of the Australian Bureau of Statistics’ notorious collapse to a relatively low-intensity DDoS in August, Finance is asking industry members to pitch their services to shore up its GovCMS customers against a similar fate.

Finance wants a single provider to deliver DDoS protection, CDN services, and web app firewall services across the GovCMS fleet, before the end of April.

They will need to be able to cover traffic up to 2.5 TB and 100 million hits a month.

“It is expected that the services platform will have a single URL and the individual websites will be directed to the platform using a DNS CNAME record,” Finance revealed in tender documents issued today.

“It is expected that the services will use a defined set of IP addresses so that the environment being protected can whitelist those addresses to prevent direct access to the origin.”

The suite of security protections will need to defend against cross-site scripting and request forgery, comment spam, SQL injection, and application-specific attacks. Ideally, the department said, it will also offer the ability to limit the hit rate of bots, especially those with IP addresses located overseas.

Bidders will need to detail an ASD-approved encryption method, and explain how they will secure remote administration of the service, be it through multi-factor authentication, encrypted comms, auditing, or IP whitelisting.

Finance expects the successful provider will be certified against federal security standards like the ASD’s information security manual and protective security framework, with compliance with other standards like FedRAMP and ISO 27001.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
ddosgovcmsgovernmentitsecurity

Partner Content

Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Paris Cowan
Jan 18 2017
11:28AM
0 Comments

Related Articles

  • Qld gov proposes mandatory data breach reporting for agencies
  • Adelaide council rules out facial recognition on city CCTV network
  • SA Police ignores Adelaide council plea for facial recognition ban on CCTV
  • WA gov expands Microsoft enterprise agreement
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
NBN Co taking orders for 'non-premises' connections

NBN Co taking orders for 'non-premises' connections
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
The security threat of quantum computing
The security threat of quantum computing
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.