Sei sulla pagina 1di 13

Lecture 10

The iPremier Company:


Denial of Service Attack

Synopsis
Successful high-end retailer shut down by a
distributed denial of service (DDoS) attack
which occurs for 75 minutes
CIO Bob Turley coordinating from afar
Some leaders helpful, others not so helpful

Case Overview
Made-up case based on real events that have
happened in various companies
Considers the management perspective of a
DDoS attack
These are not common, but can be significant

What is a DoS attack?


Handshake between communicating computers
Can be defended if all from one recognized
source
Distributed DoS more difficult to defend against

What is a firewall?
Combination of hardware and software to
prevent unauthorized access to companys
internal computer resources
iPremier not a real firewall
Attack vs intrusion

Crisis management
Normal human responses?

What is at stake?

What principles should be followed?

How did iPremier do?


Recommendations
Before
During
After

Questions, Break, Presentation

Follow up info
A few hours later, iPremier announced publicly
that they have been victim of DDOS attack
75 minutes, middle of night
Few customers inconvenienced
Would revisit already solid computer security

No conclusive evidence that intruders had


tampered with production computer equipment
Fingerprint on files had not been kept up to
date, so impossible to know extent of breach
9

Security measures instituted

Restart all production computer equipment sequentially without interrupting


service to customers
File-by-file examination of every file on every production computer looking
for evidence of missing data
Began study of how digital signature technology might be used to assure
that files on production computers were the same files initially installed there
Expedited project aimed at moving to a more modern hosting facility
Modernized computing infrastructure to include more sophisticated firewall
Implemented secure shell access so that production computing equipment
could be modified and managed from off site
Added disk space to enable more logging, leading to better information if
this happened again
Trained more staff in use of monitoring software, and educated about
security threats
Created incident-response team, practiced simulated attack
Began executive search for chief security officer
Instituted quarterly third-party security audits
10

Follow up info
Joanne Ripley recommends disconnecting all
production computers and rebuild from scratch
Estimate 24 36 hours to complete
Documentation there, but things can go wrong

Heated debate over this suggestion


only way to be sure
irresponsible to customers to do this hurt
satisfaction
No evidence of compromise
11

Thoughts
Follow Ripleys suggestion?
What should be disclosed

12

Two weeks later


Call from FBI
Competitor MarketTop has been subject to a DDoS
attack
Source of attack is within iPremier

Now what?
Shut down all?
Legal Issues
Credit Card Info could have been stolen

13

Potrebbero piacerti anche