Saturday, March 30, 2019
The Ipremier Dos Attack
The Ipremier Dos AttackOnline websites and business face some(prenominal) guarantor threats from hackers that are aiming to vandalize the website or steal breeding or at times fire the comp each ab discover its profit certification weaknesses. These threats include malicious code, bots and bot nets, phishing and DDoS or Distributed self-denial of Service (Laudon K., Traver C., (2010)). Ipremier, an online business, confront whizz of these threats, the DDoS charge. iPremier is a successful online retailer of luxury, rare and vintage goods (Austin, R., (July 26, 2007)). The DDos outpouring begins by the hacker distributing bots on several calculators and making these computers botnets (Laudon K., Traver C., (2010)). A botnet is a computer that is controlled by a hacker to perform activates such as participating in a DDoS charge (Laudon K., Traver C., (2010)). The hacker uses these botnets or controlled computers to flood a server with unwanted requests which slows or shutdo wn the server acts (Laudon K., Traver C., (2010)). This fag be costly to an online business because the nodes wont be able to admission fee the website. It can also affect the firms reputation if the website doesnt work for long. However, these endeavors can nonify or clarify for a company its weakness points in its internet security and infrastructure.The CIO Bob Turley was in New York when an employee called to inform him that the website is not work and that they pick out been receiving numerous emails that say Ha (Austin, R., (July 26, 2007)). The CIO called Joanne the technical operations aggroup leader to prove the sure situation but she was still on her way to Q info where the company servers are located and did not spot what was sack on (Austin, R., (July 26, 2007)). She suspected that the actions were caused by a hacker and that the sender of the e mail was unknown and hard to track (Austin, R., (July 26, 2007)). Unfortunately, their fate plan was out dated an d they couldnt remember where the document is placed (Austin, R., (July 26, 2007)). A suggestion was do to call the police or FBI but they were concerned about controvert publicity (Austin, R., (July 26, 2007)). After a while the CIO called the CTO to take his opinion on the matter (Austin, R., (July 26, 2007)). The CTO refused the idea of excerpting the plug because training on the attack might be lost (Austin, R., (July 26, 2007)). The CEO mentioned that the detailed logging was not enabled so the logs wont provide them with much information (Austin, R., (July 26, 2007)). The legal guidance called as well to provide legal advice on the matter and told the CIO to pull the plug to protect credit card information (Austin, R., (July 26, 2007)). After Joanne arrived at Qdata she wasnt able to access the NOC for security reasons (Austin, R., (July 26, 2007)). The CEO called a senior in Qdata and Joanne was allowed access to the NOC (Austin, R., (July 26, 2007)). He discovered that the attack is directed at their firewall and it is organism directed from multiple IP addresses (Austin, R., (July 26, 2007)). She tried to shutdown traffic from the IP addresses but it didnt work because when one IP address shuts down other one operates and so on (Austin, R., (July 26, 2007)). The main concern was that customer information was not jeopardized or stolen (Austin, R., (July 26, 2007)). At 546 AM the attack stopped and Joanne suggested that they do a thorough audit to be sure that customer information has not been stolen and to know the points of weakness (Austin, R., (July 26, 2007)).During the attack it was transparent that the employees were shocked by the security threat. They did not know what to do, they never faced a security threat before and they do not become an emergency plan. The employees communicated through phone calls and no one k recent what needs to be done or what was happening. Also, there wasnt a proper emergency intercourse with Qdata which l ed to banning the technical team up leader from entering the NOC. The team reacted well to the situation despite that they did not have any integrated plan to face the problem. They were trying to solve the problem through erudition and experience because there wasnt any plan. They tried hard and the top managers were alter at the middle of the night to solve the crisis. However, when looking at the boilers suit situation there hasnt been any formationatic process in determine the problem and instead they relied on intuition and experience.If I was bob truly, the CIO, the firstborn person I would have contacted is the CTO and I would have cancelled the impact in New York and went to the company if possible. If it was not possible to find a flight, I would have instructed Leon to get the emergency plan and work on it. Although it is outdated, I would try to modify it as much as I can to match the current situation which can be useful. Also, I would stay in close contact with the CTO and Qdata to solve the problem faster. or so service providers do not respond to customers quickly and pack the customer to call them over and over until they perform the request. In addition, after the attack is over I would have called for an emergency meeting to assess the current situation, the companys technological infrastructure, know what information have been or could have been jeopardized and discuss the modifications on the emergency plan.After the attack the company should be disquieted about the customer information and specially credit card and consummation information. Another thing is that the attack might have gone far and installed a bot on one of the servers. If this happens the servers might be used for other attack and the ipremier willing be held responsible. Also, the infrastructure and security is not good against threats so using Qdata as the website multitude must be channelised. Moreover, I have to be sure that there hasnt been any leak b ecause if the customers know that the website was hacked they may never deal with the company again. They may not understand that these things happen and security threats happen almost all the time, several hoi polloi are not familiar with the term Cyber War.The company should create a backup customer and transaction database that is disconnected from the internet to prevent it from macrocosm attacked from the outside. It is an online business, so the customers and their transaction information should be well protected from any attack. I would recommend that not all the website and its information to be outsourced. The server, website design, and website think information can be outsourced but the customer and transaction information should be handled internally for more control. They have to find another host other than Qdata with more abilities and more technological advancement to handle their operations and protect them from further attacks. Also, I must have a adept underst anding of the situation so that if there is any leak to the raise I can answer their questions and find a way to realize the customers that their data is safe.In conclusion, ipremier is an example for every online business. They did not expect that an attack may happen and were very confused when it actually happened. What online businesses should learn from ipremier is that an emergency plan is critical for any business. Also, they should know that there isnt one perfective security scheme that can protect them from all kinds of attacks. They should keep in mind that since man created these security systems then he is able to crumble through it.whatwhoWhere architecture footarchitectureInfrastructurearchitectureInfrastructureHardwareDo we need a impudent security system?What kind of hardware do we need for the impudent security system?Who knows the most about the companys technological infrastructure?Who will handle the operation of the new security system?Does the new secur ity system require a re localization of our servers?What hardware components need to be changed to install the new security system?SoftwareWhat parts of our companys software will be affected?Do we need any new software for the new security system?Who will be affected by induction a new security system?Who needs to be educate in order to accommodate with the new system?Does the geographical location of our company affect the installation of the new system?Will the new security system have the functionality we need?NetworkDoes the new security system require a minimum bandwidth?Can the current web handle the operations of the new security system?Who will have access to the security system network?Will any dust need access from outside the companys physical boundaries?What are the security threats in the companys current technological architecture?Where will the company locate the infallible components of the new security system?DataWill the current data formats be compatible wit h the new security system?Which formats need to be changed?Who will have access to the data provided by the system?Who will be responsible for backup and to whom is the access limited?Where does the current architecture face problems in regards to data flow?Does the company need to change its current storage devices for the new security system?Resources-Austin, R., (July 26, 2007). The iPremier Company (A) Denial of Service Attack. Harvard Business School.Laudon K., Traver C., (2010). E-commerce 2010 (6 Ed.), chapter 5. Pearson Education.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment