120 likes | 135 Vues
Learn how iPremier handled a high-end retail DDoS attack, crisis management strategies, security measures, and the aftermath in this detailed case study.
 
                
                E N D
Lecture 10 The iPremier Company: Denial of Service Attack
Synopsis • Successful high-end retailer shut down by a distributed denial of service (DDoS) attack which occurs for 75 minutes • CIO Bob Turley coordinating from afar • Some leaders helpful, others not so helpful
Case Overview • Made-up case based on real events that have happened in various companies • Considers the management perspective of a DDoS attack • These are not common, but can be significant
What is a DoS attack? • Handshake between communicating computers • Can be defended if all from one recognized source • Distributed DoS more difficult to defend against
What is a firewall? • Combination of hardware and software to prevent unauthorized access to company’s internal computer resources • iPremier ‘not a real firewall’ • Attack vs intrusion
Crisis management • Normal human responses? • What is at stake? • What principles should be followed?
How did iPremier do? • Recommendations • Before • During • After
Follow up info • A few hours later, iPremier announced publicly that they have been victim of DDOS attack • 75 minutes, middle of night • Few customers inconvenienced • Would revisit already solid computer security • No conclusive evidence that intruders had tampered with production computer equipment • “Fingerprint” on files had not been kept up to date, so impossible to know extent of breach
Security measures instituted • Restart all production computer equipment sequentially without interrupting service to customers • File-by-file examination of every file on every production computer looking for evidence of missing data • Began study of how “digital signature technology” might be used to assure that files on production computers were the same files initially installed there • Expedited project aimed at moving to a more modern hosting facility • Modernized computing infrastructure to include more sophisticated firewall • Implemented secure shell access so that production computing equipment could be modified and managed from off site • Added disk space to enable more logging, leading to better information if this happened again • Trained more staff in use of monitoring software, and educated about security threats • Created incident-response team, practiced simulated attack • Began executive search for chief security officer • Instituted quarterly third-party security audits
Follow up info • Joanne Ripley recommends disconnecting all production computers and rebuild from scratch • Estimate 24 – 36 hours to complete • Documentation there, but things can go wrong • Heated debate over this suggestion • “only way to be sure” • “irresponsible to customers to do this” – hurt satisfaction • No evidence of compromise
Thoughts • Follow Ripley’s suggestion? • What should be disclosed
Two weeks later… • Call from FBI • Competitor MarketTop has been subject to a DDoS attack • Source of attack is within iPremier • Now what? • Shut down all? • Legal Issues • Credit Card Info could have been stolen…