Lecture 10The iPremier Company:Denial of Service Attack

SynopsisSuccessful high-end retailer shut down by a distributed denial of service (DDoS) attack which occurs for 75 minutesCIO Bob Turley coordinating from afarSome leaders helpful, others not so helpful

Case OverviewMade-up case based on real events that have happened in various companiesConsiders the management perspective of a DDoS attackThese are not common, but can be significant

What is a DoS attack?Handshake between communicating computersCan be defended if all from one recognized sourceDistributed DoS more difficult to defend against

What is a firewall?Combination of hardware and software to prevent unauthorized access to companys internal computer resourcesiPremier not a real firewallAttack vs intrusion

Crisis managementNormal human responses?

What is at stake?

What principles should be followed?

How did iPremier do?Recommendations BeforeDuringAfter

Questions, Break, Presentation

Follow up infoA few hours later, iPremier announced publicly that they have been victim of DDOS attack75 minutes, middle of nightFew customers inconveniencedWould revisit already solid computer securityNo conclusive evidence that intruders had tampered with production computer equipmentFingerprint on files had not been kept up to date, so impossible to know extent of breach

Security measures institutedRestart all production computer equipment sequentially without interrupting service to customersFile-by-file examination of every file on every production computer looking for evidence of missing dataBegan study of how digital signature technology might be used to assure that files on production computers were the same files initially installed thereExpedited project aimed at moving to a more modern hosting facilityModernized computing infrastructure to include more sophisticated firewallImplemented secure shell access so that production computing equipment could be modified and managed from off siteAdded disk space to enable more logging, leading to better information if this happened againTrained more staff in use of monitoring software, and educated about security threatsCreated incident-response team, practiced simulated attackBegan executive search for chief security officerInstituted quarterly third-party security audits

Follow up infoJoanne Ripley recommends disconnecting all production computers and rebuild from scratchEstimate 24 36 hours to completeDocumentation there, but things can go wrongHeated debate over this suggestiononly way to be sureirresponsible to customers to do this hurt satisfactionNo evidence of compromise

ThoughtsFollow Ripleys suggestion?What should be disclosed

Two weeks laterCall from FBICompetitor MarketTop has been subject to a DDoS attackSource of attack is within iPremierNow what?Shut down all?Legal IssuesCredit Card Info could have been stolen