Sunday, January 12, 2020
The Ipremier Company
The iPremier Company: Denial of Service Attack 1. Company overview The iPremier is Web-based Commerce Company and established in 1996 by two founder students from Swarthmore College. The company is one of the top two retail businesses in online transaction which selling from vintage goods and to the luxury item. Its well knows that during fiscal year 2006, iPremier has grabbed profit $2. 1 millions with sales of $32 million from their high-end customer.The company has also recorded with growth by 20% annually for the last three years consecutive sales whereas back in late 1998, the companyââ¬â¢s history of stock price had nearly tripled, especially when the euphoria of the 1999, which the market is rose to tripling, prices. Its mean the company has strong cash position. The most interesting strategic is flexibility return policies which to allow customer to thoroughly examine the products before deciding whether to keep them.2. Management and cultureThe management at the company is build-up from the mix of talented youngster who been loyal from l ong time period and experiences managers who had been gradually recruited as the company grew. The recruiter team has focused on well-educated technical background with knowhow in business environment especially business professionals with reputations for high performance. All employees will subject to quarterly performance appraisal that tied directly to the compensation. Itââ¬â¢s competitive environments work, whereby unsuccessful managers will not last long.Company has standardized on its governing value in terms of discipline, professionalism, commitment to delivering results and partnership for achieving profits. iPremier orientation towards doing ââ¬Å"whatever it takesâ⬠to get projects done on schedule, which is especially related with customer satisfaction orientation by providing benefit. Itââ¬â¢s essential in company to develop the competitiveness environment in order to compete the MarketTop as major competitor. Therefore the R&D team should more creative to be advance by developing the related software require for the program to attract customer.3. iPremier IT Technical ArchitectureIn general, iPremier has engaged Q-data for collocation facility where Internet dataââ¬â¢s will store in outsource system. The collocation facilities are sometime called ââ¬Å"Internet Data Centerâ⬠or simply ââ¬Å"hosting facilitiesâ⬠. Q-data as partner will provide floor space, redundant power supplies, and high-speed connectivity to the Internet, environmental control and physical security. All these recognized as Network Operation Center for websites basis. Figure-1, shown the iPremier IT technical architecture system that include of ââ¬Å"firewallâ⬠system to protect a local network and the computers that could be a feature of against unauthorized access. pic] Figure-1, iPremier IT Technical Architecture4. Case of Hacked January 12, 2007iPremier system has hacked by unknown intruder sending email in every second with message ââ¬Å" haâ⬠and locked the website that caused iPremier customer canââ¬â¢t access. Itââ¬â¢s the first time iPremier through Q-data attack by unauthorized people. The chronology as follow: 04:30 am, as the approximately the first email received in Q-data mailbox system and continued in every second, that could said ââ¬Å"ha.. ha.. ha.. aâ⬠from anonymous source. Leon Ledbetter as the new operation staff was suggested by Joanne Ripley, technical operation team leader, should report and make an emergency call to the iPremier new CIO, Bob Turley on which being away from the HQ and just arrived in New York to meet with Wall Street analysis. Bob Turley has give suggestion to check the emergency procedure in motion and make call operation staff in Q-data since he understood that iPremier has the right to get better service of monitoring 24/7. 4:39 am, the consolidation period to handle the case with few suggestion from other iPremier senior high level management such as seeking t he business operation standard (emergency procedure and business continuity plan), IT help desk, restarting the Web server, pull the plug (physically disconnect to the communication line) and approach on DoS system that it maybe potentially targeted by hacker. 05:27 am, restoration system period by trial and error approach on SYNCHRONIZEDSystem that related with the DoS system as the next step.There was something happened in SYN-ACT system which looks like ââ¬Å"SYN floodâ⬠from multiple sites directed at the routers that runs the firewall services. SYN-ACT is the Web server communication whereas each conversation begins with a sequence of ââ¬Å"handshakeâ⬠interaction. The computer system will initiate to send information to synchronize in the web server. The contacted Web server responds with a synchronized acknowledge or ââ¬Å"SYN-ACTâ⬠Theoretically, SYN flood is an attack on a Web server intended to make it think a very large number of ââ¬Å"conversationsâ⠬ that are being initiated in rapid succession.Because each interaction seems real traffic to the Web site whereas the Web server will automatically expands resources dealing with each one. By flooding the site, an attacker can effectively paralyze the Web server by trying to start too many conversations with it. 05:46 am, systems back to normal, the attack just stopped without any action to be done. It seems DoS denial of service attack. The Web site is running, and customer who visits iPremier website wouldnââ¬â¢t know anything since the hacked was stopped by own self.5. Answer the questionsQ-1: How well did this company perform during this attack? In general, iPremier seems not well prepare when hack has happened although the business operation standard i. e. emergency procedure and business continuity plan in ordered but misplaced due to in proper filing. There are few items highlighted from the case; o No crisis management strategy which means there is no emergency procedu re in motion being set for business continuity plan whereby the current business operation standard is not in proper binder and out of date from the current use of technology No disaster recovery plans in place o Too much reliance on outsourcing o Never practice incident response o External factor that indirectly affect to company Q-2: What should they have done differently, before or during the event? Before: o iPremier should have chosen a better Internet Hosting business with better firewalls (software and hardware) ââ¬â be accessible 24/7, have their own technical support, keep logs of events, do regular system updates and backups. Standard Operating Procedures (SOP) in case of DoS attacks (as well as other technical problems), and have emergency response team ready to execute it as soon as possible. PR SOP for every crisis scenarios, and the PR team should have prepared statements ready within the first couple of hours o Engaged the help of external Tiger Team to test its s ystems and external audit company to do a security audit During the event: o Follow suggestion by Joanne Ripley to disconnect all production computers and rebuild from scratch.They have documentations for that, minimal risk of something going wrong o Attempts to place a spyware/malware inside the companyââ¬â¢s systems through a thorough check on all files in the system o Release a prepared statement to all stakeholders. Information flow on the companyââ¬â¢s effort to restore service to normal should be constant o Keep records of companyââ¬â¢s effort to overcome the threats and find any other unusual activities in the systems, which will be useful for post-mortem o iPremier should alert and get help from relevant authorities o The aim of this effort is twofold; Firstly, to defeat the threats to the companyââ¬â¢s systems as comprehensively as possibleâ⬠¢ Secondly, to alert the authorities that the company is currently under attack by unknown attacker(s), and the compan y is not liable for any illegal activities that might have emanate from the companyââ¬â¢s computers while the company is under attack Q-3: What should they do in the aftermath of the event? iPremier as virtual business company (Web-based Commerce) should do correction action plan with the following area; Provide accurate, reliable info about the status of the event o File-by-file examination:Evidence of missing dataBegin study of how ââ¬Ëdigital signature technology' might be used to assure that files on production computers were the same files initially installed thereRestart all production computer equipment sequentially without interrupting service to customersImplement secure shell access so that production computing equipment could be modified and managed from off sitePracticing simulated attack by nominated task force incident response teamDefine the security requirements for the system, and then begin a process of reworking its security architecture accordinglyGet infra structure up and running quickly by lease sophisticated firewall, upgrade and up-to-date OS as well as Security PolicyEstablish secure encrypted tunnel through Virtual Private Line Q-4: What, if anything, should they say to customers, investors, and the public about what has happen?In Information Technology and System business that ethic in information society is important which affect to the responsibility, accountability and liability of the company, especially where the Company has public registered. Itââ¬â¢s therefore iPremier senior high level management has done the right action to disclose the incident to avoid panic investor, legal action and minimize the customer impact. 6. Conclusion Revisit and update the Standard Operation Plan and Business Continuity Plan as Company strategy to sustain in core business as Web-retailer provider o Regularly revisit and upgrade the server security system ââ¬â hardware and software o Avoid dependency on single source provider for dat a storage and server security system o Providing proper and sufficient disk space for back-up data o Upgrade with the new security system.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.