CrowdSec Protects the IUT de Bordeaux against Breach Attempts Using the Power of the Crowd

Bordeaux IUT has 4000 students, employs 500 permanent staff, and maintains campuses in Agen, Bordeaux, Gradignan and Périgueux. The IUT’s IT department oversees the provision and maintenance of Information Systems (IS) for students and faculty and an infrastructure of 2200 PCs on Agen and Gradignan campuses, 18 servers, 110 VM servers — running on Windows and Linux Debian — and around 150 manageable switches.

The challenge

With such a massive infrastructure to oversee and maintain, the IT department faces multifaceted challenges in safeguarding the institution’s digital infrastructure. In May 2022, Bordeaux IUT encountered a significant security setback when a massive attack targeted its Windows infrastructure. The ensuing challenge was not only to restore functionality promptly but also to address underlying security vulnerabilities. 

“The challenge was to reopen as quickly as possible by fixing the security flaws that had enabled the attack. After two months, it was partially reopened. VDI infrastructure was to be completely overhauled, VMWare Horizon, and reopened one year later,” said Marc Leforestier, Head of IT at Bordeaux IUT.

This incident underscored the critical need for robust security measures to protect against future threats.

Protecting the IUT Bordeaux infrastructure using the power of the crowd

To fortify their defenses, Bordeaux IUT audited various security tools, including TrendMicro and DarkTrace. And although DarkTrace was chosen to oversee the Virtual Desktop Infrastructure (VDI), it was CrowdSec’s open source nature, comprehensive documentation, and collaborative approach that stood out and was the solution of choice to protect the wider network. Within a week of discovery, CrowdSec was seamlessly integrated across all Linux servers, substituting Fail2Ban’s protection on servers in the DMZ.

For Marc Leforestier, what really made CrowdSec different was its alignment with the ethos of openness and collaboration ingrained within Bordeaux IUT. Unlike previous solutions, CrowdSec offered unparalleled transparency, eliminating false positives and providing actionable insights. Notably, the CrowdSec Security Stack aided in identifying and rectifying issues on Bordeaux IUT’s WordPress site, enhancing overall security posture.

“Open source is in the DNA of the IUT. Naturally, this aligned perfectly with CrowdSec’s openness, meticulous documentation, and collaborative approach, as well as zero false positives. Basically, everything that Fail2Ban lacks, CrowdSec offers.”

The outcome

Since January 2024, CrowdSec has blocked over 300,000 requests in pfSense, showcasing its efficacy in mitigating threats. The open source nature and user-friendly interface of CrowdSec have significantly bolstered day-to-day operations and enhanced the institution’s security posture. Bordeaux IUT now operates with greater confidence, knowing that its digital infrastructure is fortified against evolving threats.

The integration of CrowdSec into Bordeaux IUT’s digital infrastructure exemplifies the transformative impact of innovative security solutions. By leveraging CrowdSec’s open source solution and collaborative approach, Bordeaux IUT has not only mitigated security risks but also fostered a culture of transparency and resilience. As cybersecurity threats continue to evolve, institutions like Bordeaux IUT stand prepared, equipped with the tools and strategies needed to safeguard their digital assets.