Diagram
Below is a diagram which illustrates how the attack overwhelmed the Web Server.
Executive Summary
The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets:
The attacker was allowed to install software without having Administrator rights
The software used sniffed out the Administrator password either via the wire or possibly keystroke logging.
Each client computer was able to send a large amount of HTTP requests to the web server.
The web server accepted and processed each request.
To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes.
Next, if the software installed did indeed discover the password over the wire and was able to crack it then two changes need to be made. The first is that the password should be sent over the wire in an encrypted format and should be encrypted via current accepted encryption algorithms, such as AES at the date of this document's creation. The second change would be to enforce complex passwords which would be at least one capital letter, one lower case letter, numbers, special characters, and more than 8 characters.
If the attacker's software installed was a keystroke